Merge pull request #4480 from gilles-peskine-arm/psa-storage-format-test-strategy-20210511
Backport 2.x: Updates to the storage format test strategy after starting implementation
diff --git a/.travis.yml b/.travis.yml
index 9b729ec..e859cbb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -28,24 +28,9 @@
script:
- tests/scripts/all.sh -k test_full_cmake_gcc_asan
- - name: macOS
- os: osx
- compiler: clang
- script:
- - tests/scripts/all.sh -k test_default_out_of_box
-
- name: Windows
os: windows
- before_install:
- - choco install python --version=3.5.4
- env:
- # Add the directory where the Choco package goes
- - PATH=/c/Python35:/c/Python35/Scripts:$PATH
script:
- - type python; python --version
- - python scripts/generate_psa_constants.py
- # Logs appear out of sequence on Windows. Give time to catch up.
- - sleep 5
- scripts/windows_msbuild.bat v141 # Visual Studio 2017
after_failure:
diff --git a/ChangeLog b/ChangeLog
index a6d4adf..89572ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,205 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS 2.27.0 branch released 2021-07-07
+
+API changes
+ * Update AEAD output size macros to bring them in line with the PSA Crypto
+ API version 1.0 spec. This version of the spec parameterizes them on the
+ key type used, as well as the key bit-size in the case of
+ PSA_AEAD_TAG_LENGTH.
+ The old versions of these macros were renamed and deprecated as follows:
+ - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG
+ - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG
+ - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG
+ - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG
+ * Implement one-shot cipher functions, psa_cipher_encrypt and
+ psa_cipher_decrypt, according to the PSA Crypto API 1.0.0
+ specification.
+
+Requirement changes
+ * The library now uses the %zu format specifier with the printf() family of
+ functions, so requires a toolchain that supports it. This change does not
+ affect the maintained LTS branches, so when contributing changes please
+ bear this in mind and do not add them to backported code.
+
+Features
+ * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
+ signature with a specific salt length. This function allows to validate
+ test cases provided in the NIST's CAVP test suite. Contributed by Cédric
+ Meuter in PR #3183.
+ * Added support for built-in driver keys through the PSA opaque crypto
+ driver interface. Refer to the documentation of
+ MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
+ * Implement psa_sign_message() and psa_verify_message().
+ * The new function mbedtls_mpi_random() generates a random value in a
+ given range uniformly.
+ * Implement psa_mac_compute() and psa_mac_verify() as defined in the
+ PSA Cryptograpy API 1.0.0 specification.
+ * MBEDTLS_ECP_MAX_BITS is now determined automatically from the configured
+ curves and no longer needs to be configured explicitly to save RAM.
+
+Security
+ * Fix a bias in the generation of finite-field Diffie-Hellman-Merkle (DHM)
+ private keys and of blinding values for DHM and elliptic curves (ECP)
+ computations. Reported by FlorianF89 in #4245.
+ * Fix a potential side channel vulnerability in ECDSA ephemeral key generation.
+ An adversary who is capable of very precise timing measurements could
+ learn partial information about the leading bits of the nonce used for the
+ signature, allowing the recovery of the private key after observing a
+ large number of signature operations. This completes a partial fix in
+ Mbed TLS 2.20.0.
+ * It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
+ too small, leading to buffer overflows in ECC operations. Fail the build
+ in such a case.
+ * An adversary with access to precise enough information about memory
+ accesses (typically, an untrusted operating system attacking a secure
+ enclave) could recover an RSA private key after observing the victim
+ performing a single private-key operation. Found and reported by
+ Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
+ * An adversary with access to precise enough timing information (typically, a
+ co-located process) could recover a Curve25519 or Curve448 static ECDH key
+ after inputting a chosen public key and observing the victim performing the
+ corresponding private-key operation. Found and reported by Leila Batina,
+ Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
+
+Bugfix
+ * Add printf function attributes to mbedtls_debug_print_msg to ensure we
+ get printf format specifier warnings.
+ * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
+ lead to seed file corruption in the case where the path to the seed file is
+ equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
+ Krasnoshchok in #3616.
+ * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
+ rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
+ in line with version 1.0.0 of the specification. Fix #4162.
+ * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
+ than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
+ to create is not valid, bringing them in line with version 1.0.0 of the
+ specification. Fix #4271.
+ * Fix some cases in the bignum module where the library constructed an
+ unintended representation of the value 0 which was not processed
+ correctly by some bignum operations. This could happen when
+ mbedtls_mpi_read_string() was called on "-0", or when
+ mbedtls_mpi_mul_mpi() and mbedtls_mpi_mul_int() was called with one of
+ the arguments being negative and the other being 0. Fixes #4643.
+ * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
+ zero. Fixes #1792
+ * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
+ defined. Fixes #4217.
+ * Fix an incorrect error code when parsing a PKCS#8 private key.
+ * In a TLS client, enforce the Diffie-Hellman minimum parameter size
+ set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
+ minimum size was rounded down to the nearest multiple of 8.
+ * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are
+ defined to specific values. If the code is used in a context
+ where these are already defined, this can result in a compilation
+ error. Instead, assume that if they are defined, the values will
+ be adequate to build Mbed TLS.
+ * The cipher suite TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 was not available
+ when SHA-1 was disabled and was offered when SHA-1 was enabled but SHA-384
+ was disabled. Fix the dependency. Fixes #4472.
+ * Do not offer SHA384 cipher suites when SHA-384 is disabled. Fixes #4499.
+ * With MBEDTLS_PSA_CRYPTO_C disabled, some functions were getting built
+ nonetheless, resulting in undefined reference errors when building a
+ shared library. Reported by Guillermo Garcia M. in #4411.
+ * Fix test suite code on platforms where int32_t is not int, such as
+ Arm Cortex-M. Fixes #4530.
+ * Fix some issues affecting MBEDTLS_ARIA_ALT implementations: a misplaced
+ directive in a header and a missing initialization in the self-test.
+ * Fix a missing initialization in the Camellia self-test, affecting
+ MBEDTLS_CAMELLIA_ALT implementations.
+ * Restore the ability to configure PSA via Mbed TLS options to support RSA
+ key pair operations but exclude RSA key generation. When MBEDTLS_GENPRIME
+ is not defined PSA will no longer attempt to use mbedtls_rsa_gen_key().
+ Fixes #4512.
+ * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites
+ (when the encrypt-then-MAC extension is not in use) with some ALT
+ implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing
+ the affected side to wrongly reject valid messages. Fixes #4118.
+ * Remove outdated check-config.h check that prevented implementing the
+ timing module on Mbed OS. Fixes #4633.
+ * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
+ about missing inputs.
+ * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with
+ MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465.
+ * Fix a resource leak in a test suite with an alternative AES
+ implementation. Fixes #4176.
+ * Fix a crash in mbedtls_mpi_debug_mpi on a bignum having 0 limbs. This
+ could notably be triggered by setting the TLS debug level to 3 or above
+ and using a Montgomery curve for the key exchange. Reported by lhuang04
+ in #4578. Fixes #4608.
+ * psa_verify_hash() was relying on implementation-specific behavior of
+ mbedtls_rsa_rsassa_pss_verify() and was causing failures in some _ALT
+ implementations. This reliance is now removed. Fixes #3990.
+ * Disallow inputs of length different from the corresponding hash when
+ signing or verifying with PSA_ALG_RSA_PSS (The PSA Crypto API mandates
+ that PSA_ALG_RSA_PSS uses the same hash throughout the algorithm.)
+ * Fix a null pointer dereference when mbedtls_mpi_exp_mod() was called with
+ A=0 represented with 0 limbs. Up to and including Mbed TLS 2.26, this bug
+ could not be triggered by code that constructed A with one of the
+ mbedtls_mpi_read_xxx functions (including in particular TLS code) since
+ those always built an mpi object with at least one limb.
+ Credit to OSS-Fuzz. Fixes #4641.
+ * Fix mbedtls_mpi_gcd(G,A,B) when the value of B is zero. This had no
+ effect on Mbed TLS's internal use of mbedtls_mpi_gcd(), but may affect
+ applications that call mbedtls_mpi_gcd() directly. Fixes #4642.
+ * The PSA API no longer allows the creation or destruction of keys with a
+ read-only lifetime. The persistence level PSA_KEY_PERSISTENCE_READ_ONLY
+ can now only be used as intended, for keys that cannot be modified through
+ normal use of the API.
+ * When MBEDTLS_PSA_CRYPTO_SPM is enabled, crypto_spe.h was not included
+ in all the right places. Include it from crypto_platform.h, which is
+ the natural place. Fixes #4649.
+ * mbedtls_pk_sign() and mbedtls_pk_verify() and their extended and
+ restartable variants now always honor the specified hash length if
+ nonzero. Before, for RSA, hash_len was ignored in favor of the length of
+ the specified hash algorithm.
+ * Fix which alert is sent in some cases to conform to the
+ applicable RFC: on an invalid Finished message value, an
+ invalid max_fragment_length extension, or an
+ unsupported extension used by the server.
+ * Correct (change from 12 to 13 bytes) the value of the macro describing the
+ maximum nonce length returned by psa_aead_generate_nonce().
+
+Changes
+ * Add extra printf compiler warning flags to builds.
+ * Fix memsan build false positive in x509_crt.c with Clang 11
+ * Fix the setting of the read timeout in the DTLS sample programs.
+ * Remove the AES sample application programs/aes/aescrypt2 which shows
+ bad cryptographic practice. Fix #1906.
+ * Alternative implementations of CMAC may now opt to not support 3DES as a
+ CMAC block cipher, and still pass the CMAC self test.
+ * Remove configs/config-psa-crypto.h, which was identical to the default
+ configuration except for having some extra cryptographic mechanisms
+ enabled and for unintended differences. This configuration was primarily
+ intended to demonstrate the PSA API, and lost most of its usefulness when
+ MBEDTLS_PSA_CRYPTO_C became enabled by default.
+ * When building the test suites with GNU make, invoke python3 or python, not
+ python2, which is no longer supported upstream.
+ * When using session cache based session resumption on the server,
+ double-check that custom session cache implementations return
+ sessions which are consistent with the negotiated ciphersuite
+ and compression method.
+ * Fix build failure on MinGW toolchain when __USE_MING_ANSI_STDIO is on.
+ When that flag is on, standard GNU C printf format specifiers
+ should be used.
+ * Reduce the default value of MBEDTLS_ECP_WINDOW_SIZE. This reduces RAM usage
+ during ECC operations at a negligible performance cost.
+ * mbedtls_mpi_read_binary(), mbedtls_mpi_read_binary_le() and
+ mbedtls_mpi_read_string() now construct an mbedtls_mpi object with 0 limbs
+ when their input has length 0. Note that this is an implementation detail
+ and can change at any time, so this change should be transparent, but it
+ may result in mbedtls_mpi_write_binary() or mbedtls_mpi_write_string()
+ now writing an empty string where it previously wrote one or more
+ zero digits when operating from values constructed with an mpi_read
+ function and some mpi operations.
+ * Implicitly add PSA_KEY_USAGE_SIGN_MESSAGE key usage policy flag when
+ PSA_KEY_USAGE_SIGN_HASH flag is set and PSA_KEY_USAGE_VERIFY_MESSAGE flag
+ when PSA_KEY_USAGE_VERIFY_HASH flag is set. This usage flag extension
+ is also applied when loading a key from storage.
+
= mbed TLS 2.26.0 branch released 2021-03-08
API changes
@@ -202,7 +402,7 @@
Johan Malmgren and Johan Uppman Bruce from Sectra.
Bugfix
- * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
+ * Fix an invalid (but non-zero) return code from mbedtls_pk_parse_subpubkey()
when the input has trailing garbage. Fixes #2512.
* Fix build failure in configurations where MBEDTLS_USE_PSA_CRYPTO is
enabled but ECDSA is disabled. Contributed by jdurkop. Fixes #3294.
diff --git a/ChangeLog.d/add-missing-parenthesis.txt b/ChangeLog.d/add-missing-parenthesis.txt
deleted file mode 100644
index 9576ff3..0000000
--- a/ChangeLog.d/add-missing-parenthesis.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
- defined. Fixes #4217.
diff --git a/ChangeLog.d/aescrypt2.txt b/ChangeLog.d/aescrypt2.txt
deleted file mode 100644
index 7ffa49e..0000000
--- a/ChangeLog.d/aescrypt2.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Remove the AES sample application programs/aes/aescrypt2 which shows
- bad cryptographic practice. Fix #1906.
diff --git a/ChangeLog.d/allow_alt_cmac_without_des.txt b/ChangeLog.d/allow_alt_cmac_without_des.txt
deleted file mode 100644
index 5193a9e..0000000
--- a/ChangeLog.d/allow_alt_cmac_without_des.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Alternative implementations of CMAC may now opt to not support 3DES as a
- CMAC block cipher, and still pass the CMAC self test.
diff --git a/ChangeLog.d/bugfix_PR3616.txt b/ChangeLog.d/bugfix_PR3616.txt
deleted file mode 100644
index 47d1044..0000000
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
- lead to the seed file corruption in case if the path to the seed file is
- equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
- Krasnoshchok in #3616.
diff --git a/ChangeLog.d/dhm_min_bitlen.txt b/ChangeLog.d/dhm_min_bitlen.txt
deleted file mode 100644
index e7ea827..0000000
--- a/ChangeLog.d/dhm_min_bitlen.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * In a TLS client, enforce the Diffie-Hellman minimum parameter size
- set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
- minimum size was rounded down to the nearest multiple of 8.
diff --git a/ChangeLog.d/dtls_sample_use_read_timeout.txt b/ChangeLog.d/dtls_sample_use_read_timeout.txt
deleted file mode 100644
index e3150d6..0000000
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix the setting of the read timeout in the DTLS sample programs.
diff --git a/ChangeLog.d/fix-invalid-id-error-code.txt b/ChangeLog.d/fix-invalid-id-error-code.txt
deleted file mode 100644
index 069a767..0000000
--- a/ChangeLog.d/fix-invalid-id-error-code.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
- than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
- to create is not valid, bringing them in line with version 1.0.0 of the
- specification. Fix #4271.
diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt
deleted file mode 100644
index 3aa330b..0000000
--- a/ChangeLog.d/fix-pk-parse-key-error-code.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix an incorrect error code when parsing a PKCS#8 private key.
diff --git a/ChangeLog.d/fix-printf-specifiers.txt b/ChangeLog.d/fix-printf-specifiers.txt
deleted file mode 100644
index 4867721..0000000
--- a/ChangeLog.d/fix-printf-specifiers.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Bugfix
- * Add printf function attributes to mbedtls_debug_print_msg to ensure we
- get printf format specifier warnings.
-Changes
- * Add extra printf compiler warning flags to builds.
-Requirement changes
- * The library now uses the %zu format specifier with the printf() family of
- functions, so requires a toolchain that supports it. This change does not
- affect the maintained LTS branches, so when contributing changes please
- bear this in mind and do not add them to backported code.
diff --git a/ChangeLog.d/fix_memsan_build_clang11.txt b/ChangeLog.d/fix_memsan_build_clang11.txt
deleted file mode 100644
index 3f5cc05..0000000
--- a/ChangeLog.d/fix_memsan_build_clang11.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Changes
- * Fix memsan build false positive in x509_crt.c with clang 11
diff --git a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt b/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
deleted file mode 100644
index dc6996e..0000000
--- a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
- rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
- in line with version 1.0.0 of the specification. Fix #4162.
diff --git a/ChangeLog.d/issue1792.txt b/ChangeLog.d/issue1792.txt
deleted file mode 100644
index 9949bf4..0000000
--- a/ChangeLog.d/issue1792.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
- zero. Fixes #1792
diff --git a/ChangeLog.d/mpi_read_negative_zero.txt b/ChangeLog.d/mpi_read_negative_zero.txt
deleted file mode 100644
index e338de7..0000000
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
- as equal to 0 in all cases. Fix it to produce the same object as "0".
diff --git a/ChangeLog.d/pkcs1_v21_sign_ext.txt b/ChangeLog.d/pkcs1_v21_sign_ext.txt
deleted file mode 100644
index 76dfaf9..0000000
--- a/ChangeLog.d/pkcs1_v21_sign_ext.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Features
- * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
- signature with a specific salt length. This function allows to validate
- test cases provided in the NIST's CAVP test suite. Contributed by Cédric
- Meuter in PR #3183.
diff --git a/ChangeLog.d/psa-aead-output-size-macros-1.0.txt b/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
deleted file mode 100644
index 94a66a5..0000000
--- a/ChangeLog.d/psa-aead-output-size-macros-1.0.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-API changes
- * Update AEAD output size macros to bring them in line with the PSA Crypto
- API version 1.0 spec. This version of the spec parameterizes them on the
- key type used, as well as the key bit-size in the case of
- PSA_AEAD_TAG_LENGTH.
- The old versions of these macros were renamed and deprecated as follows:
- - PSA_AEAD_TAG_LENGTH -> PSA_AEAD_TAG_LENGTH_1_ARG
- - PSA_AEAD_ENCRYPT_OUTPUT_SIZE -> PSA_AEAD_ENCRYPT_OUTPUT_SIZE_2_ARG
- - PSA_AEAD_DECRYPT_OUTPUT_SIZE -> PSA_AEAD_DECRYPT_OUTPUT_SIZE_2_ARG
- - PSA_AEAD_UPDATE_OUTPUT_SIZE -> PSA_AEAD_UPDATE_OUTPUT_SIZE_2_ARG
- - PSA_AEAD_FINISH_OUTPUT_SIZE -> PSA_AEAD_FINISH_OUTPUT_SIZE_1_ARG
- - PSA_AEAD_VERIFY_OUTPUT_SIZE -> PSA_AEAD_VERIFY_OUTPUT_SIZE_1_ARG
diff --git a/ChangeLog.d/psa-builtin-keys-implementation.txt b/ChangeLog.d/psa-builtin-keys-implementation.txt
deleted file mode 100644
index 66ba77d..0000000
--- a/ChangeLog.d/psa-builtin-keys-implementation.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Added support for built-in driver keys through the PSA opaque crypto
- driver interface. Refer to the documentation of
- MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS for more information.
diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h
deleted file mode 100644
index b98fc9c..0000000
--- a/configs/config-psa-crypto.h
+++ /dev/null
@@ -1,3371 +0,0 @@
-/**
- * \file config.h
- *
- * \brief Configuration options (set of defines)
- *
- * This set of compile-time options may be used to enable
- * or disable features selectively, and reduce the global
- * memory footprint.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-/**
- * \name SECTION: System support
- *
- * This section sets system specific settings.
- * \{
- */
-
-/**
- * \def MBEDTLS_HAVE_ASM
- *
- * The compiler has support for asm().
- *
- * Requires support for asm() in compiler.
- *
- * Used in:
- * library/aria.c
- * library/timing.c
- * include/mbedtls/bn_mul.h
- *
- * Required by:
- * MBEDTLS_AESNI_C
- * MBEDTLS_PADLOCK_C
- *
- * Comment to disable the use of assembly code.
- */
-#define MBEDTLS_HAVE_ASM
-
-/**
- * \def MBEDTLS_NO_UDBL_DIVISION
- *
- * The platform lacks support for double-width integer division (64-bit
- * division on a 32-bit platform, 128-bit division on a 64-bit platform).
- *
- * Used in:
- * include/mbedtls/bignum.h
- * library/bignum.c
- *
- * The bignum code uses double-width division to speed up some operations.
- * Double-width division is often implemented in software that needs to
- * be linked with the program. The presence of a double-width integer
- * type is usually detected automatically through preprocessor macros,
- * but the automatic detection cannot know whether the code needs to
- * and can be linked with an implementation of division for that type.
- * By default division is assumed to be usable if the type is present.
- * Uncomment this option to prevent the use of double-width division.
- *
- * Note that division for the native integer type is always required.
- * Furthermore, a 64-bit type is always required even on a 32-bit
- * platform, but it need not support multiplication or division. In some
- * cases it is also desirable to disable some double-width operations. For
- * example, if double-width division is implemented in software, disabling
- * it can reduce code size in some embedded targets.
- */
-//#define MBEDTLS_NO_UDBL_DIVISION
-
-/**
- * \def MBEDTLS_NO_64BIT_MULTIPLICATION
- *
- * The platform lacks support for 32x32 -> 64-bit multiplication.
- *
- * Used in:
- * library/poly1305.c
- *
- * Some parts of the library may use multiplication of two unsigned 32-bit
- * operands with a 64-bit result in order to speed up computations. On some
- * platforms, this is not available in hardware and has to be implemented in
- * software, usually in a library provided by the toolchain.
- *
- * Sometimes it is not desirable to have to link to that library. This option
- * removes the dependency of that library on platforms that lack a hardware
- * 64-bit multiplier by embedding a software implementation in Mbed TLS.
- *
- * Note that depending on the compiler, this may decrease performance compared
- * to using the library function provided by the toolchain.
- */
-//#define MBEDTLS_NO_64BIT_MULTIPLICATION
-
-/**
- * \def MBEDTLS_HAVE_SSE2
- *
- * CPU supports SSE2 instruction set.
- *
- * Uncomment if the CPU supports SSE2 (IA-32 specific).
- */
-//#define MBEDTLS_HAVE_SSE2
-
-/**
- * \def MBEDTLS_HAVE_TIME
- *
- * System has time.h and time().
- * The time does not need to be correct, only time differences are used,
- * by contrast with MBEDTLS_HAVE_TIME_DATE
- *
- * Defining MBEDTLS_HAVE_TIME allows you to specify MBEDTLS_PLATFORM_TIME_ALT,
- * MBEDTLS_PLATFORM_TIME_MACRO, MBEDTLS_PLATFORM_TIME_TYPE_MACRO and
- * MBEDTLS_PLATFORM_STD_TIME.
- *
- * Comment if your system does not support time functions
- */
-#define MBEDTLS_HAVE_TIME
-
-/**
- * \def MBEDTLS_HAVE_TIME_DATE
- *
- * System has time.h, time(), and an implementation for
- * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necessarily very accurate, but at least
- * the date should be correct). This is used to verify the validity period of
- * X.509 certificates.
- *
- * Comment if your system does not have a correct clock.
- *
- * \note mbedtls_platform_gmtime_r() is an abstraction in platform_util.h that
- * behaves similarly to the gmtime_r() function from the C standard. Refer to
- * the documentation for mbedtls_platform_gmtime_r() for more information.
- *
- * \note It is possible to configure an implementation for
- * mbedtls_platform_gmtime_r() at compile-time by using the macro
- * MBEDTLS_PLATFORM_GMTIME_R_ALT.
- */
-#define MBEDTLS_HAVE_TIME_DATE
-
-/**
- * \def MBEDTLS_PLATFORM_MEMORY
- *
- * Enable the memory allocation layer.
- *
- * By default mbed TLS uses the system-provided calloc() and free().
- * This allows different allocators (self-implemented or provided) to be
- * provided to the platform abstraction layer.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
- * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
- *
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
- * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
- * alternate function at compile time.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Enable this layer to allow use of alternative memory allocators.
- */
-//#define MBEDTLS_PLATFORM_MEMORY
-
-/**
- * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
- *
- * Do not assign standard functions in the platform layer (e.g. calloc() to
- * MBEDTLS_PLATFORM_STD_CALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
- *
- * This makes sure there are no linking errors on platforms that do not support
- * these functions. You will HAVE to provide alternatives, either at runtime
- * via the platform_set_xxx() functions or at compile time by setting
- * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
- * MBEDTLS_PLATFORM_XXX_MACRO.
- *
- * Requires: MBEDTLS_PLATFORM_C
- *
- * Uncomment to prevent default assignment of standard functions in the
- * platform layer.
- */
-//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
-
-/**
- * \def MBEDTLS_PLATFORM_EXIT_ALT
- *
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
- * function in the platform abstraction layer.
- *
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "mbedtls_platform_set_printf()" that allows you to set an
- * alternative printf function pointer.
- *
- * All these define require MBEDTLS_PLATFORM_C to be defined!
- *
- * \note MBEDTLS_PLATFORM_SNPRINTF_ALT is required on Windows;
- * it will be enabled automatically by check_config.h
- *
- * \warning MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
- * MBEDTLS_PLATFORM_XXX_MACRO!
- *
- * Requires: MBEDTLS_PLATFORM_TIME_ALT requires MBEDTLS_HAVE_TIME
- *
- * Uncomment a macro to enable alternate implementation of specific base
- * platform function
- */
-//#define MBEDTLS_PLATFORM_EXIT_ALT
-//#define MBEDTLS_PLATFORM_TIME_ALT
-//#define MBEDTLS_PLATFORM_FPRINTF_ALT
-//#define MBEDTLS_PLATFORM_PRINTF_ALT
-//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-//#define MBEDTLS_PLATFORM_NV_SEED_ALT
-//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
-
-/**
- * \def MBEDTLS_DEPRECATED_WARNING
- *
- * Mark deprecated functions so that they generate a warning if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * This only works with GCC and Clang. With other compilers, you may want to
- * use MBEDTLS_DEPRECATED_REMOVED
- *
- * Uncomment to get warnings on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_WARNING
-
-/**
- * \def MBEDTLS_DEPRECATED_REMOVED
- *
- * Remove deprecated functions so that they generate an error if used.
- * Functions deprecated in one version will usually be removed in the next
- * version. You can enable this to help you prepare the transition to a new
- * major version by making sure your code is not using these functions.
- *
- * Uncomment to get errors on using deprecated functions.
- */
-//#define MBEDTLS_DEPRECATED_REMOVED
-
-/**
- * \def MBEDTLS_CHECK_PARAMS
- *
- * This configuration option controls whether the library validates more of
- * the parameters passed to it.
- *
- * When this flag is not defined, the library only attempts to validate an
- * input parameter if: (1) they may come from the outside world (such as the
- * network, the filesystem, etc.) or (2) not validating them could result in
- * internal memory errors such as overflowing a buffer controlled by the
- * library. On the other hand, it doesn't attempt to validate parameters whose
- * values are fully controlled by the application (such as pointers).
- *
- * When this flag is defined, the library additionally attempts to validate
- * parameters that are fully controlled by the application, and should always
- * be valid if the application code is fully correct and trusted.
- *
- * For example, when a function accepts as input a pointer to a buffer that may
- * contain untrusted data, and its documentation mentions that this pointer
- * must not be NULL:
- * - the pointer is checked to be non-NULL only if this option is enabled
- * - the content of the buffer is always validated
- *
- * When this flag is defined, if a library function receives a parameter that
- * is invalid, it will:
- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
- * call to the function mbedtls_param_failed()
- * - immediately return (with a specific error code unless the function
- * returns void and can't communicate an error).
- *
- * When defining this flag, you also need to:
- * - either provide a definition of the function mbedtls_param_failed() in
- * your application (see platform_util.h for its prototype) as the library
- * calls that function, but does not provide a default definition for it,
- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
- * below if the above mechanism is not flexible enough to suit your needs.
- * See the documentation of this macro later in this file.
- *
- * Uncomment to enable validation of application-controlled parameters.
- */
-//#define MBEDTLS_CHECK_PARAMS
-
-/* \} name SECTION: System support */
-
-/**
- * \name SECTION: mbed TLS feature support
- *
- * This section sets support for features that are or are not needed
- * within the modules that are enabled.
- * \{
- */
-
-/**
- * \def MBEDTLS_TIMING_ALT
- *
- * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
- * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay()
- *
- * Only works if you have MBEDTLS_TIMING_C enabled.
- *
- * You will need to provide a header "timing_alt.h" and an implementation at
- * compile time.
- */
-//#define MBEDTLS_TIMING_ALT
-
-/**
- * \def MBEDTLS_AES_ALT
- *
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto, an arithmetic or hash
- * module (e.g. platform specific assembly optimized implementations). Keep
- * in mind that the function prototypes should remain the same.
- *
- * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base
- * function declarations and implementations. "aes_alt.h" will be included from
- * "aes.h" to include the new function definitions.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * module.
- *
- * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their
- * use constitutes a security risk. If possible, we recommend
- * avoiding dependencies on them, and considering stronger message
- * digests and ciphers instead.
- *
- */
-//#define MBEDTLS_AES_ALT
-//#define MBEDTLS_ARC4_ALT
-//#define MBEDTLS_ARIA_ALT
-//#define MBEDTLS_BLOWFISH_ALT
-//#define MBEDTLS_CAMELLIA_ALT
-//#define MBEDTLS_CCM_ALT
-//#define MBEDTLS_CHACHA20_ALT
-//#define MBEDTLS_CHACHAPOLY_ALT
-//#define MBEDTLS_CMAC_ALT
-//#define MBEDTLS_DES_ALT
-//#define MBEDTLS_DHM_ALT
-//#define MBEDTLS_ECJPAKE_ALT
-//#define MBEDTLS_GCM_ALT
-//#define MBEDTLS_NIST_KW_ALT
-//#define MBEDTLS_MD2_ALT
-//#define MBEDTLS_MD4_ALT
-//#define MBEDTLS_MD5_ALT
-//#define MBEDTLS_POLY1305_ALT
-//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
-//#define MBEDTLS_SHA1_ALT
-//#define MBEDTLS_SHA256_ALT
-//#define MBEDTLS_SHA512_ALT
-//#define MBEDTLS_XTEA_ALT
-
-/*
- * When replacing the elliptic curve module, pleace consider, that it is
- * implemented with two .c files:
- * - ecp.c
- * - ecp_curves.c
- * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
- * macros as described above. The only difference is that you have to make sure
- * that you provide functionality for both .c files.
- */
-//#define MBEDTLS_ECP_ALT
-
-/**
- * \def MBEDTLS_MD2_PROCESS_ALT
- *
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
- * alternate core implementation of symmetric crypto or hash function. Keep in
- * mind that function prototypes should remain the same.
- *
- * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
- *
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
- *
- * \note Because of a signature change, the core AES encryption and decryption routines are
- * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
- * respectively. When setting up alternative implementations, these functions should
- * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
- * must stay untouched.
- *
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
- * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- * tables.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- *
- * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
- * constitutes a security risk. If possible, we recommend avoiding
- * dependencies on them, and considering stronger message digests
- * and ciphers instead.
- *
- */
-//#define MBEDTLS_MD2_PROCESS_ALT
-//#define MBEDTLS_MD4_PROCESS_ALT
-//#define MBEDTLS_MD5_PROCESS_ALT
-//#define MBEDTLS_RIPEMD160_PROCESS_ALT
-//#define MBEDTLS_SHA1_PROCESS_ALT
-//#define MBEDTLS_SHA256_PROCESS_ALT
-//#define MBEDTLS_SHA512_PROCESS_ALT
-//#define MBEDTLS_DES_SETKEY_ALT
-//#define MBEDTLS_DES_CRYPT_ECB_ALT
-//#define MBEDTLS_DES3_CRYPT_ECB_ALT
-//#define MBEDTLS_AES_SETKEY_ENC_ALT
-//#define MBEDTLS_AES_SETKEY_DEC_ALT
-//#define MBEDTLS_AES_ENCRYPT_ALT
-//#define MBEDTLS_AES_DECRYPT_ALT
-//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT
-//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT
-//#define MBEDTLS_ECDSA_VERIFY_ALT
-//#define MBEDTLS_ECDSA_SIGN_ALT
-//#define MBEDTLS_ECDSA_GENKEY_ALT
-
-/**
- * \def MBEDTLS_ECP_INTERNAL_ALT
- *
- * Expose a part of the internal interface of the Elliptic Curve Point module.
- *
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternative core implementation of elliptic curve arithmetic. Keep in mind
- * that function prototypes should remain the same.
- *
- * This partially replaces one function. The header file from mbed TLS is still
- * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
- * is still present and it is used for group structures not supported by the
- * alternative.
- *
- * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
- * and implementing the following functions:
- * unsigned char mbedtls_internal_ecp_grp_capable(
- * const mbedtls_ecp_group *grp )
- * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
- * void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp )
- * The mbedtls_internal_ecp_grp_capable function should return 1 if the
- * replacement functions implement arithmetic for the given group and 0
- * otherwise.
- * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_free are
- * called before and after each point operation and provide an opportunity to
- * implement optimized set up and tear down instructions.
- *
- * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
- * function, but will use your mbedtls_internal_ecp_double_jac if the group is
- * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
- * receives it as an argument). If the group is not supported then the original
- * implementation is used. The other functions and the definition of
- * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
- * implementation of mbedtls_internal_ecp_double_jac and
- * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
- *
- * Uncomment a macro to enable alternate implementation of the corresponding
- * function.
- */
-/* Required for all the functions in this section */
-//#define MBEDTLS_ECP_INTERNAL_ALT
-/* Support for Weierstrass curves with Jacobi representation */
-//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
-//#define MBEDTLS_ECP_ADD_MIXED_ALT
-//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
-//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
-/* Support for curves with Montgomery arithmetic */
-//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
-//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
-//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
-
-/**
- * \def MBEDTLS_TEST_NULL_ENTROPY
- *
- * Enables testing and use of mbed TLS without any configured entropy sources.
- * This permits use of the library on platforms before an entropy source has
- * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
- * MBEDTLS_ENTROPY_NV_SEED switches).
- *
- * WARNING! This switch MUST be disabled in production builds, and is suitable
- * only for development.
- * Enabling the switch negates any security provided by the library.
- *
- * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- */
-//#define MBEDTLS_TEST_NULL_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_HARDWARE_ALT
- *
- * Uncomment this macro to let mbed TLS use your own implementation of a
- * hardware entropy collector.
- *
- * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
- *
- * Uncomment to use your own hardware entropy collector.
- */
-//#define MBEDTLS_ENTROPY_HARDWARE_ALT
-
-/**
- * \def MBEDTLS_AES_ROM_TABLES
- *
- * Use precomputed AES tables stored in ROM.
- *
- * Uncomment this macro to use precomputed AES tables stored in ROM.
- * Comment this macro to generate AES tables in RAM at runtime.
- *
- * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
- * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
- * initialization time before the first AES operation can be performed.
- * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
- * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
- * performance if ROM access is slower than RAM access.
- *
- * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
- *
- */
-//#define MBEDTLS_AES_ROM_TABLES
-
-/**
- * \def MBEDTLS_AES_FEWER_TABLES
- *
- * Use less ROM/RAM for AES tables.
- *
- * Uncommenting this macro omits 75% of the AES tables from
- * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
- * by computing their values on the fly during operations
- * (the tables are entry-wise rotations of one another).
- *
- * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
- * by ~6kb but at the cost of more arithmetic operations during
- * runtime. Specifically, one has to compare 4 accesses within
- * different tables to 4 accesses with additional arithmetic
- * operations within the same table. The performance gain/loss
- * depends on the system and memory details.
- *
- * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
- *
- */
-//#define MBEDTLS_AES_FEWER_TABLES
-
-/**
- * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
- *
- * Use less ROM for the Camellia implementation (saves about 768 bytes).
- *
- * Uncomment this macro to use less memory for Camellia.
- */
-//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CBC
- *
- * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CBC
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CFB
- *
- * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_CTR
- *
- * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_CTR
-
-/**
- * \def MBEDTLS_CIPHER_MODE_OFB
- *
- * Enable Output Feedback mode (OFB) for symmetric ciphers.
- */
-#define MBEDTLS_CIPHER_MODE_OFB
-
-/**
- * \def MBEDTLS_CIPHER_MODE_XTS
- *
- * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
- */
-#define MBEDTLS_CIPHER_MODE_XTS
-
-/**
- * \def MBEDTLS_CIPHER_NULL_CIPHER
- *
- * Enable NULL cipher.
- * Warning: Only do so when you know what you are doing. This allows for
- * encryption or channels without any security!
- *
- * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
- * the following ciphersuites:
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_WITH_NULL_SHA
- * MBEDTLS_TLS_RSA_WITH_NULL_MD5
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA384
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA256
- * MBEDTLS_TLS_PSK_WITH_NULL_SHA
- *
- * Uncomment this macro to enable the NULL cipher and ciphersuites
- */
-//#define MBEDTLS_CIPHER_NULL_CIPHER
-
-/**
- * \def MBEDTLS_CIPHER_PADDING_PKCS7
- *
- * MBEDTLS_CIPHER_PADDING_XXX: Uncomment or comment macros to add support for
- * specific padding modes in the cipher layer with cipher modes that support
- * padding (e.g. CBC)
- *
- * If you disable all padding modes, only full blocks can be used with CBC.
- *
- * Enable padding modes in the cipher layer.
- */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
-
-/**
- * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
- *
- * Enable weak ciphersuites in SSL / TLS.
- * Warning: Only do so when you know what you are doing. This allows for
- * channels with virtually no security at all!
- *
- * This enables the following ciphersuites:
- * MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
- *
- * Uncomment this macro to enable weak ciphersuites
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
-
-/**
- * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
- *
- * Remove RC4 ciphersuites by default in SSL / TLS.
- * This flag removes the ciphersuites based on RC4 from the default list as
- * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
- * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
- * explicitly.
- *
- * Uncomment this macro to remove RC4 ciphersuites by default.
- */
-#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
-
-/**
- * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
- *
- * MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
- * module. By default all supported curves are enabled.
- *
- * Comment macros to disable the curve and functions for it
- */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-
-/**
- * \def MBEDTLS_ECP_NIST_OPTIM
- *
- * Enable specific 'modulo p' routines for each NIST prime.
- * Depending on the prime and architecture, makes operations 4 to 8 times
- * faster on the corresponding curve.
- *
- * Comment this macro to disable NIST curves optimisation.
- */
-#define MBEDTLS_ECP_NIST_OPTIM
-
-/**
- * \def MBEDTLS_ECP_RESTARTABLE
- *
- * Enable "non-blocking" ECC operations that can return early and be resumed.
- *
- * This allows various functions to pause by returning
- * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
- * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
- * order to further progress and eventually complete their operation. This is
- * controlled through mbedtls_ecp_set_max_ops() which limits the maximum
- * number of ECC operations a function may perform before pausing; see
- * mbedtls_ecp_set_max_ops() for more information.
- *
- * This is useful in non-threaded environments if you want to avoid blocking
- * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
- *
- * Uncomment this macro to enable restartable ECC computations.
- *
- * \note This option only works with the default software implementation of
- * elliptic curve functionality. It is incompatible with
- * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
- */
-//#define MBEDTLS_ECP_RESTARTABLE
-
-/**
- * \def MBEDTLS_ECDSA_DETERMINISTIC
- *
- * Enable deterministic ECDSA (RFC 6979).
- * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
- * may result in a compromise of the long-term signing key. This is avoided by
- * the deterministic variant.
- *
- * Requires: MBEDTLS_HMAC_DRBG_C
- *
- * Comment this macro to disable deterministic ECDSA.
- */
-#define MBEDTLS_ECDSA_DETERMINISTIC
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
- *
- * Enable the PSK based ciphersuite modes in SSL / TLS.
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- *
- * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- *
- * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- *
- * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- *
- * Enable the RSA-only based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- */
-#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- *
- * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- *
- * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
- * MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- *
- * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- *
- * Enable the ECJPAKE based ciphersuite modes in SSL / TLS.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Requires: MBEDTLS_ECJPAKE_C
- * MBEDTLS_SHA256_C
- * MBEDTLS_ECP_DP_SECP256R1_ENABLED
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
- */
-//#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-
-/**
- * \def MBEDTLS_PK_PARSE_EC_EXTENDED
- *
- * Enhance support for reading EC keys using variants of SEC1 not allowed by
- * RFC 5915 and RFC 5480.
- *
- * Currently this means parsing the SpecifiedECDomain choice of EC
- * parameters (only known groups are supported, not arbitrary domains, to
- * avoid validation issues).
- *
- * Disable if you only need to support RFC 5915 + 5480 key formats.
- */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
-
-/**
- * \def MBEDTLS_ERROR_STRERROR_DUMMY
- *
- * Enable a dummy error function to make use of mbedtls_strerror() in
- * third party libraries easier when MBEDTLS_ERROR_C is disabled
- * (no effect when MBEDTLS_ERROR_C is enabled).
- *
- * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
- * not using mbedtls_strerror() or error_strerror() in your application.
- *
- * Disable if you run into name conflicts and want to really remove the
- * mbedtls_strerror()
- */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
-
-/**
- * \def MBEDTLS_GENPRIME
- *
- * Enable the prime-number generation code.
- *
- * Requires: MBEDTLS_BIGNUM_C
- */
-#define MBEDTLS_GENPRIME
-
-/**
- * \def MBEDTLS_FS_IO
- *
- * Enable functions that use the filesystem.
- */
-#define MBEDTLS_FS_IO
-
-/**
- * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- *
- * Do not add default entropy sources. These are the platform specific,
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
- *
- * This is useful to have more control over the added entropy sources in an
- * application.
- *
- * Uncomment this macro to prevent loading of default entropy functions.
- */
-//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-
-/**
- * \def MBEDTLS_NO_PLATFORM_ENTROPY
- *
- * Do not use built-in platform entropy functions.
- * This is useful if your platform does not support
- * standards like the /dev/urandom or Windows CryptoAPI.
- *
- * Uncomment this macro to disable the built-in platform entropy functions.
- */
-//#define MBEDTLS_NO_PLATFORM_ENTROPY
-
-/**
- * \def MBEDTLS_ENTROPY_FORCE_SHA256
- *
- * Force the entropy accumulator to use a SHA-256 accumulator instead of the
- * default SHA-512 based one (if both are available).
- *
- * Requires: MBEDTLS_SHA256_C
- *
- * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
- * if you have performance concerns.
- *
- * This option is only useful if both MBEDTLS_SHA256_C and
- * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
- */
-//#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/**
- * \def MBEDTLS_ENTROPY_NV_SEED
- *
- * Enable the non-volatile (NV) seed file-based entropy source.
- * (Also enables the NV seed read/write functions in the platform layer)
- *
- * This is crucial (if not required) on systems that do not have a
- * cryptographic entropy source (in hardware or kernel) available.
- *
- * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
- *
- * \note The read/write functions that are used by the entropy source are
- * determined in the platform layer, and can be modified at runtime and/or
- * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
- *
- * \note If you use the default implementation functions that read a seedfile
- * with regular fopen(), please make sure you make a seedfile with the
- * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
- * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
- * and written to or you will get an entropy source error! The default
- * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
- * bytes from the file.
- *
- * \note The entropy collector will write to the seed file before entropy is
- * given to an external source, to update it.
- */
-//#define MBEDTLS_ENTROPY_NV_SEED
-
-/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
- *
- * Enable key identifiers that encode a key owner identifier.
- *
- * This is only meaningful when building the library as part of a
- * multi-client service. When you activate this option, you must provide an
- * implementation of the type mbedtls_key_owner_id_t and a translation from
- * mbedtls_svc_key_id_t to file name in all the storage backends that you
- * you wish to support.
- *
- * Note that this option is meant for internal use only and may be removed
- * without notice.
- */
-//#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-
-/**
- * \def MBEDTLS_MEMORY_DEBUG
- *
- * Enable debugging of buffer allocator memory issues. Automatically prints
- * (to stderr) all (fatal) messages on memory allocation issues. Enables
- * function for 'debug output' of allocated memory.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Uncomment this macro to let the buffer allocator print out error messages.
- */
-//#define MBEDTLS_MEMORY_DEBUG
-
-/**
- * \def MBEDTLS_MEMORY_BACKTRACE
- *
- * Include backtrace information with each allocated block.
- *
- * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
- * GLIBC-compatible backtrace() an backtrace_symbols() support
- *
- * Uncomment this macro to include backtrace information
- */
-//#define MBEDTLS_MEMORY_BACKTRACE
-
-/**
- * \def MBEDTLS_PK_RSA_ALT_SUPPORT
- *
- * Support external private RSA keys (eg from a HSM) in the PK layer.
- *
- * Comment this macro to disable support for external private RSA keys.
- */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-
-/**
- * \def MBEDTLS_PKCS1_V15
- *
- * Enable support for PKCS#1 v1.5 encoding.
- *
- * Requires: MBEDTLS_RSA_C
- *
- * This enables support for PKCS#1 v1.5 operations.
- */
-#define MBEDTLS_PKCS1_V15
-
-/**
- * \def MBEDTLS_PKCS1_V21
- *
- * Enable support for PKCS#1 v2.1 encoding.
- *
- * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
- *
- * This enables support for RSAES-OAEP and RSASSA-PSS operations.
- */
-#define MBEDTLS_PKCS1_V21
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_SPM
- *
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
- * Partition Manager) integration which separates the code into two parts: a
- * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
- * Environment).
- *
- * Module: library/psa_crypto.c
- * Requires: MBEDTLS_PSA_CRYPTO_C
- *
- */
-//#define MBEDTLS_PSA_CRYPTO_SPM
-
-/**
- * \def MBEDTLS_PSA_INJECT_ENTROPY
- *
- * Enable support for entropy injection at first boot. This feature is
- * required on systems that do not have a built-in entropy source (TRNG).
- * This feature is currently not supported on systems that have a built-in
- * entropy source.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED
- *
- */
-//#define MBEDTLS_PSA_INJECT_ENTROPY
-
-/**
- * \def MBEDTLS_RSA_NO_CRT
- *
- * Do not use the Chinese Remainder Theorem
- * for the RSA private operation.
- *
- * Uncomment this macro to disable the use of CRT in RSA.
- *
- */
-//#define MBEDTLS_RSA_NO_CRT
-
-/**
- * \def MBEDTLS_SELF_TEST
- *
- * Enable the checkup functions (*_self_test).
- */
-#define MBEDTLS_SELF_TEST
-
-/**
- * \def MBEDTLS_SHA256_SMALLER
- *
- * Enable an implementation of SHA-256 that has lower ROM footprint but also
- * lower performance.
- *
- * The default implementation is meant to be a reasonnable compromise between
- * performance and size. This version optimizes more aggressively for size at
- * the expense of performance. Eg on Cortex-M4 it reduces the size of
- * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
- * 30%.
- *
- * Uncomment to enable the smaller implementation of SHA256.
- */
-//#define MBEDTLS_SHA256_SMALLER
-
-/**
- * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
- *
- * Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
- * with other servers, only debugging of failures is harder.
- *
- * The advantage of not sending alert messages, is that no information is given
- * about reasons for failures thus preventing adversaries of gaining intel.
- *
- * Enable sending of all alert messages
- */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
-
-/**
- * \def MBEDTLS_SSL_ASYNC_PRIVATE
- *
- * Enable asynchronous external private key operations in SSL. This allows
- * you to configure an SSL connection to call an external cryptographic
- * module to perform private key operations instead of performing the
- * operation inside the library.
- *
- */
-//#define MBEDTLS_SSL_ASYNC_PRIVATE
-
-/**
- * \def MBEDTLS_SSL_DEBUG_ALL
- *
- * Enable the debug messages in SSL module for all issues.
- * Debug messages have been disabled in some places to prevent timing
- * attacks due to (unbalanced) debugging function calls.
- *
- * If you need all error reporting you should enable this during debugging,
- * but remove this for production servers that should log as well.
- *
- * Uncomment this macro to report all debug messages on errors introducing
- * a timing side-channel.
- *
- */
-//#define MBEDTLS_SSL_DEBUG_ALL
-
-/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
- *
- * Enable support for Encrypt-then-MAC, RFC 7366.
- *
- * This allows peers that both support it to use a more robust protection for
- * ciphersuites using CBC, providing deep resistance against timing attacks
- * on the padding or underlying cipher.
- *
- * This only affects CBC ciphersuites, and is useless if none is defined.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1 or
- * MBEDTLS_SSL_PROTO_TLS1_1 or
- * MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Encrypt-then-MAC
- */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
-
-/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
- *
- * Enable support for Extended Master Secret, aka Session Hash
- * (draft-ietf-tls-session-hash-02).
- *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
- * attacks, but it is recommended to always use it (even if you disable
- * renegotiation), since it actually fixes a more fundamental issue in the
- * original SSL/TLS design, and has implications beyond Triple Handshake.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1 or
- * MBEDTLS_SSL_PROTO_TLS1_1 or
- * MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for Extended Master Secret.
- */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
-
-/**
- * \def MBEDTLS_SSL_FALLBACK_SCSV
- *
- * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
- *
- * For servers, it is recommended to always enable this, unless you support
- * only one version of TLS, or know for sure that none of your clients
- * implements a fallback strategy.
- *
- * For clients, you only need this if you're using a fallback strategy, which
- * is not recommended in the first place, unless you absolutely need it to
- * interoperate with buggy (version-intolerant) servers.
- *
- * Comment this macro to disable support for FALLBACK_SCSV
- */
-#define MBEDTLS_SSL_FALLBACK_SCSV
-
-/**
- * \def MBEDTLS_SSL_HW_RECORD_ACCEL
- *
- * Enable hooking functions in SSL module for hardware acceleration of
- * individual records.
- *
- * Uncomment this macro to enable hooking functions.
- */
-//#define MBEDTLS_SSL_HW_RECORD_ACCEL
-
-/**
- * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
- *
- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
- *
- * This is a countermeasure to the BEAST attack, which also minimizes the risk
- * of interoperability issues compared to sending 0-length records.
- *
- * Comment this macro to disable 1/n-1 record splitting.
- */
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
-
-/**
- * \def MBEDTLS_SSL_RENEGOTIATION
- *
- * Enable support for TLS renegotiation.
- *
- * The two main uses of renegotiation are (1) refresh keys on long-lived
- * connections and (2) client authentication after the initial handshake.
- * If you don't need renegotiation, it's probably better to disable it, since
- * it has been associated with security issues in the past and is easy to
- * misuse/misunderstand.
- *
- * Comment this to disable support for renegotiation.
- *
- * \note Even if this option is disabled, both client and server are aware
- * of the Renegotiation Indication Extension (RFC 5746) used to
- * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
- * (See \c mbedtls_ssl_conf_legacy_renegotiation for the
- * configuration of this extension).
- *
- */
-#define MBEDTLS_SSL_RENEGOTIATION
-
-/**
- * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
- *
- * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to enable support for SSLv2 Client Hello messages.
- */
-//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-
-/**
- * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
- *
- * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (MBEDTLS_SSL_SRV_C).
- *
- * Uncomment this macro to respect client's ciphersuite order
- */
-//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
-
-/**
- * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
- *
- * Enable support for RFC 6066 max_fragment_length extension in SSL.
- *
- * Comment this macro to disable support for the max_fragment_length extension
- */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
-
-/**
- * \def MBEDTLS_SSL_PROTO_SSL3
- *
- * Enable support for SSL 3.0.
- *
- * Requires: MBEDTLS_MD5_C
- * MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for SSL 3.0
- */
-//#define MBEDTLS_SSL_PROTO_SSL3
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1
- *
- * Enable support for TLS 1.0.
- *
- * Requires: MBEDTLS_MD5_C
- * MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_1
- *
- * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
- *
- * Requires: MBEDTLS_MD5_C
- * MBEDTLS_SHA1_C
- *
- * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
- */
-#define MBEDTLS_SSL_PROTO_TLS1_1
-
-/**
- * \def MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
- *
- * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
- * (Depends on ciphersuites)
- *
- * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
- */
-#define MBEDTLS_SSL_PROTO_TLS1_2
-
-/**
- * \def MBEDTLS_SSL_PROTO_DTLS
- *
- * Enable support for DTLS (all available versions).
- *
- * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
- *
- * Requires: MBEDTLS_SSL_PROTO_TLS1_1
- * or MBEDTLS_SSL_PROTO_TLS1_2
- *
- * Comment this macro to disable support for DTLS
- */
-#define MBEDTLS_SSL_PROTO_DTLS
-
-/**
- * \def MBEDTLS_SSL_ALPN
- *
- * Enable support for RFC 7301 Application Layer Protocol Negotiation.
- *
- * Comment this macro to disable support for ALPN.
- */
-#define MBEDTLS_SSL_ALPN
-
-/**
- * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
- *
- * Enable support for the anti-replay mechanism in DTLS.
- *
- * Requires: MBEDTLS_SSL_TLS_C
- * MBEDTLS_SSL_PROTO_DTLS
- *
- * \warning Disabling this is often a security risk!
- * See mbedtls_ssl_conf_dtls_anti_replay() for details.
- *
- * Comment this to disable anti-replay in DTLS.
- */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
-
-/**
- * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Enable support for HelloVerifyRequest on DTLS servers.
- *
- * This feature is highly recommended to prevent DTLS servers being used as
- * amplifiers in DoS attacks against other hosts. It should always be enabled
- * unless you know for sure amplification cannot be a problem in the
- * environment in which your server operates.
- *
- * \warning Disabling this can ba a security risk! (see above)
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- *
- * Comment this to disable support for HelloVerifyRequest.
- */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
-
-/**
- * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
- *
- * Enable server-side support for clients that reconnect from the same port.
- *
- * Some clients unexpectedly close the connection and try to reconnect using the
- * same source port. This needs special support from the server to handle the
- * new connection securely, as described in section 4.2.8 of RFC 6347. This
- * flag enables that support.
- *
- * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
- *
- * Comment this to disable support for clients reusing the source port.
- */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
-
-/**
- * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
- *
- * Enable support for a limit of records with bad MAC.
- *
- * See mbedtls_ssl_conf_dtls_badmac_limit().
- *
- * Requires: MBEDTLS_SSL_PROTO_DTLS
- */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
-
-/**
- * \def MBEDTLS_SSL_SESSION_TICKETS
- *
- * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintenance of a
- * session store remains the responsibility of the application, though).
- * Server-side, you also need to provide callbacks for writing and parsing
- * tickets, including authenticated encryption and key management. Example
- * callbacks are provided by MBEDTLS_SSL_TICKET_C.
- *
- * Comment this macro to disable support for SSL session tickets
- */
-#define MBEDTLS_SSL_SESSION_TICKETS
-
-/**
- * \def MBEDTLS_SSL_EXPORT_KEYS
- *
- * Enable support for exporting key block and master secret.
- * This is required for certain users of TLS, e.g. EAP-TLS.
- *
- * Comment this macro to disable support for key export
- */
-#define MBEDTLS_SSL_EXPORT_KEYS
-
-/**
- * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
- *
- * Enable support for RFC 6066 server name indication (SNI) in SSL.
- *
- * Requires: MBEDTLS_X509_CRT_PARSE_C
- *
- * Comment this macro to disable support for server name indication in SSL
- */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC
- *
- * Enable support for RFC 6066 truncated HMAC in SSL.
- *
- * Comment this macro to disable support for truncated HMAC in SSL
- */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
-
-/**
- * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
- *
- * Fallback to old (pre-2.7), non-conforming implementation of the truncated
- * HMAC extension which also truncates the HMAC key. Note that this option is
- * only meant for a transitory upgrade period and is likely to be removed in
- * a future version of the library.
- *
- * \warning The old implementation is non-compliant and has a security weakness
- * (2^80 brute force attack on the HMAC key used for a single,
- * uninterrupted connection). This should only be enabled temporarily
- * when (1) the use of truncated HMAC is essential in order to save
- * bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
- * the fixed implementation yet (pre-2.7).
- *
- * \deprecated This option is deprecated and will likely be removed in a
- * future version of Mbed TLS.
- *
- * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
- *
- * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
- */
-//#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-
-/**
- * \def MBEDTLS_THREADING_ALT
- *
- * Provide your own alternate threading implementation.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to allow your own alternate threading implementation.
- */
-//#define MBEDTLS_THREADING_ALT
-
-/**
- * \def MBEDTLS_THREADING_PTHREAD
- *
- * Enable the pthread wrapper layer for the threading layer.
- *
- * Requires: MBEDTLS_THREADING_C
- *
- * Uncomment this to enable pthread mutexes.
- */
-//#define MBEDTLS_THREADING_PTHREAD
-
-/**
- * \def MBEDTLS_USE_PSA_CRYPTO
- *
- * Make the X.509 and TLS library use PSA for cryptographic operations, see
- * #MBEDTLS_PSA_CRYPTO_C.
- *
- * Note: this option is still in progress, the full X.509 and TLS modules are
- * not covered yet, but parts that are not ported to PSA yet will still work
- * as usual, so enabling this option should not break backwards compatibility.
- *
- * \warning Support for PSA is still an experimental feature.
- * Any public API that depends on this option may change
- * at any time until this warning is removed.
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C.
- */
-//#define MBEDTLS_USE_PSA_CRYPTO
-
-/**
- * \def MBEDTLS_VERSION_FEATURES
- *
- * Allow run-time checking of compile-time enabled features. Thus allowing users
- * to check at run-time if the library is for instance compiled with threading
- * support via mbedtls_version_check_feature().
- *
- * Requires: MBEDTLS_VERSION_C
- *
- * Comment this to disable run-time checking and save ROM space
- */
-#define MBEDTLS_VERSION_FEATURES
-
-/**
- * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an extension in a v1 or v2 certificate.
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-
-/**
- * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
- *
- * If set, the X509 parser will not break-off when parsing an X509 certificate
- * and encountering an unknown critical extension.
- *
- * \warning Depending on your PKI use, enabling this can be a security risk!
- *
- * Uncomment to prevent an error.
- */
-//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
-
-/**
- * \def MBEDTLS_X509_CHECK_KEY_USAGE
- *
- * Enable verification of the keyUsage extension (CA and leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused
- * (intermediate) CA and leaf certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip keyUsage checking for both CA and leaf certificates.
- */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
- *
- * Enable verification of the extendedKeyUsage extension (leaf certificates).
- *
- * Disabling this avoids problems with mis-issued and/or misused certificates.
- *
- * \warning Depending on your PKI use, disabling this can be a security risk!
- *
- * Comment to skip extendedKeyUsage checking for certificates.
- */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-
-/**
- * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
- *
- * Enable parsing and verification of X.509 certificates, CRLs and CSRS
- * signed with RSASSA-PSS (aka PKCS#1 v2.1).
- *
- * Comment this macro to disallow using RSASSA-PSS in certificates.
- */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
-
-/**
- * \def MBEDTLS_ZLIB_SUPPORT
- *
- * If set, the SSL/TLS module uses ZLIB to support compression and
- * decompression of packet data.
- *
- * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
- * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be applicable to your use case.
- *
- * \note Currently compression can't be used with DTLS.
- *
- * \deprecated This feature is deprecated and will be removed
- * in the next major revision of the library.
- *
- * Used in: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This feature requires zlib library and headers to be present.
- *
- * Uncomment to enable use of ZLIB
- */
-//#define MBEDTLS_ZLIB_SUPPORT
-/* \} name SECTION: mbed TLS feature support */
-
-/**
- * \name SECTION: mbed TLS modules
- *
- * This section enables or disables entire modules in mbed TLS
- * \{
- */
-
-/**
- * \def MBEDTLS_AESNI_C
- *
- * Enable AES-NI support on x86-64.
- *
- * Module: library/aesni.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the AES-NI instructions on x86-64
- */
-#define MBEDTLS_AESNI_C
-
-/**
- * \def MBEDTLS_AES_C
- *
- * Enable the AES block cipher.
- *
- * Module: library/aes.c
- * Caller: library/cipher.c
- * library/pem.c
- * library/ctr_drbg.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
- *
- * PEM_PARSE uses AES for decrypting encrypted keys.
- */
-#define MBEDTLS_AES_C
-
-/**
- * \def MBEDTLS_ARC4_C
- *
- * Enable the ARCFOUR stream cipher.
- *
- * Module: library/arc4.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
- * MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
- * MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
- * MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
- * MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
- *
- * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. If possible, we recommend avoidng dependencies on
- * it, and considering stronger ciphers instead.
- *
- */
-#define MBEDTLS_ARC4_C
-
-/**
- * \def MBEDTLS_ASN1_PARSE_C
- *
- * Enable the generic ASN1 parser.
- *
- * Module: library/asn1.c
- * Caller: library/x509.c
- * library/dhm.c
- * library/pkcs12.c
- * library/pkcs5.c
- * library/pkparse.c
- */
-#define MBEDTLS_ASN1_PARSE_C
-
-/**
- * \def MBEDTLS_ASN1_WRITE_C
- *
- * Enable the generic ASN1 writer.
- *
- * Module: library/asn1write.c
- * Caller: library/ecdsa.c
- * library/pkwrite.c
- * library/x509_create.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- */
-#define MBEDTLS_ASN1_WRITE_C
-
-/**
- * \def MBEDTLS_BASE64_C
- *
- * Enable the Base64 module.
- *
- * Module: library/base64.c
- * Caller: library/pem.c
- *
- * This module is required for PEM support (required by X.509).
- */
-#define MBEDTLS_BASE64_C
-
-/**
- * \def MBEDTLS_BIGNUM_C
- *
- * Enable the multi-precision integer library.
- *
- * Module: library/bignum.c
- * Caller: library/dhm.c
- * library/ecp.c
- * library/ecdsa.c
- * library/rsa.c
- * library/rsa_internal.c
- * library/ssl_tls.c
- *
- * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
- */
-#define MBEDTLS_BIGNUM_C
-
-/**
- * \def MBEDTLS_BLOWFISH_C
- *
- * Enable the Blowfish block cipher.
- *
- * Module: library/blowfish.c
- */
-#define MBEDTLS_BLOWFISH_C
-
-/**
- * \def MBEDTLS_CAMELLIA_C
- *
- * Enable the Camellia block cipher.
- *
- * Module: library/camellia.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- */
-#define MBEDTLS_CAMELLIA_C
-
-/**
- * \def MBEDTLS_ARIA_C
- *
- * Enable the ARIA block cipher.
- *
- * Module: library/aria.c
- * Caller: library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- *
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384
- * MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256
- * MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256
- * MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384
- */
-//#define MBEDTLS_ARIA_C
-
-/**
- * \def MBEDTLS_CCM_C
- *
- * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
- *
- * Module: library/ccm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-CCM ciphersuites, if other requisites are
- * enabled as well.
- */
-#define MBEDTLS_CCM_C
-
-/**
- * \def MBEDTLS_CERTS_C
- *
- * Enable the test certificates.
- *
- * Module: library/certs.c
- * Caller:
- *
- * This module is used for testing (ssl_client/server).
- */
-#define MBEDTLS_CERTS_C
-
-/**
- * \def MBEDTLS_CHACHA20_C
- *
- * Enable the ChaCha20 stream cipher.
- *
- * Module: library/chacha20.c
- */
-#define MBEDTLS_CHACHA20_C
-
-/**
- * \def MBEDTLS_CHACHAPOLY_C
- *
- * Enable the ChaCha20-Poly1305 AEAD algorithm.
- *
- * Module: library/chachapoly.c
- *
- * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
- */
-#define MBEDTLS_CHACHAPOLY_C
-
-/**
- * \def MBEDTLS_CIPHER_C
- *
- * Enable the generic cipher layer.
- *
- * Module: library/cipher.c
- * Caller: library/ssl_tls.c
- *
- * Uncomment to enable generic cipher wrappers.
- */
-#define MBEDTLS_CIPHER_C
-
-/**
- * \def MBEDTLS_CMAC_C
- *
- * Enable the CMAC (Cipher-based Message Authentication Code) mode for block
- * ciphers.
- *
- * Module: library/cmac.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
- *
- */
-#define MBEDTLS_CMAC_C
-
-/**
- * \def MBEDTLS_CTR_DRBG_C
- *
- * Enable the CTR_DRBG AES-based random generator.
- * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
- *
- * Module: library/ctr_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_AES_C
- *
- * This module provides the CTR_DRBG AES random number generator.
- */
-#define MBEDTLS_CTR_DRBG_C
-
-/**
- * \def MBEDTLS_DEBUG_C
- *
- * Enable the debug functions.
- *
- * Module: library/debug.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module provides debugging functions.
- */
-#define MBEDTLS_DEBUG_C
-
-/**
- * \def MBEDTLS_DES_C
- *
- * Enable the DES block cipher.
- *
- * Module: library/des.c
- * Caller: library/pem.c
- * library/cipher.c
- *
- * This module enables the following ciphersuites (if other requisites are
- * enabled as well):
- * MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- * MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *
- * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
- *
- * \warning DES is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
- */
-#define MBEDTLS_DES_C
-
-/**
- * \def MBEDTLS_DHM_C
- *
- * Enable the Diffie-Hellman-Merkle module.
- *
- * Module: library/dhm.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * DHE-RSA, DHE-PSK
- *
- * \warning Using DHE constitutes a security risk as it
- * is not possible to validate custom DH parameters.
- * If possible, it is recommended users should consider
- * preferring other methods of key exchange.
- * See dhm.h for more details.
- *
- */
-#define MBEDTLS_DHM_C
-
-/**
- * \def MBEDTLS_ECDH_C
- *
- * Enable the elliptic curve Diffie-Hellman library.
- *
- * Module: library/ecdh.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
- *
- * Requires: MBEDTLS_ECP_C
- */
-#define MBEDTLS_ECDH_C
-
-/**
- * \def MBEDTLS_ECDSA_C
- *
- * Enable the elliptic curve DSA library.
- *
- * Module: library/ecdsa.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECDHE-ECDSA
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
- */
-#define MBEDTLS_ECDSA_C
-
-/**
- * \def MBEDTLS_ECJPAKE_C
- *
- * Enable the elliptic curve J-PAKE library.
- *
- * \warning This is currently experimental. EC J-PAKE support is based on the
- * Thread v1.0.0 specification; incompatible changes to the specification
- * might still happen. For this reason, this is disabled by default.
- *
- * Module: library/ecjpake.c
- * Caller:
- *
- * This module is used by the following key exchanges:
- * ECJPAKE
- *
- * Requires: MBEDTLS_ECP_C, MBEDTLS_MD_C
- */
-//#define MBEDTLS_ECJPAKE_C
-
-/**
- * \def MBEDTLS_ECP_C
- *
- * Enable the elliptic curve over GF(p) library.
- *
- * Module: library/ecp.c
- * Caller: library/ecdh.c
- * library/ecdsa.c
- * library/ecjpake.c
- *
- * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
- */
-#define MBEDTLS_ECP_C
-
-/**
- * \def MBEDTLS_ENTROPY_C
- *
- * Enable the platform-specific entropy code.
- *
- * Module: library/entropy.c
- * Caller:
- *
- * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
- *
- * This module provides a generic entropy pool
- */
-#define MBEDTLS_ENTROPY_C
-
-/**
- * \def MBEDTLS_ERROR_C
- *
- * Enable error code to error string conversion.
- *
- * Module: library/error.c
- * Caller:
- *
- * This module enables mbedtls_strerror().
- */
-#define MBEDTLS_ERROR_C
-
-/**
- * \def MBEDTLS_GCM_C
- *
- * Enable the Galois/Counter Mode (GCM) for AES.
- *
- * Module: library/gcm.c
- *
- * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
- *
- * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
- * requisites are enabled as well.
- */
-#define MBEDTLS_GCM_C
-
-/**
- * \def MBEDTLS_HAVEGE_C
- *
- * Enable the HAVEGE random generator.
- *
- * Warning: the HAVEGE random generator is not suitable for virtualized
- * environments
- *
- * Warning: the HAVEGE random generator is dependent on timing and specific
- * processor traits. It is therefore not advised to use HAVEGE as
- * your applications primary random generator or primary entropy pool
- * input. As a secondary input to your entropy pool, it IS able add
- * the (limited) extra entropy it provides.
- *
- * Module: library/havege.c
- * Caller:
- *
- * Requires: MBEDTLS_TIMING_C
- *
- * Uncomment to enable the HAVEGE random generator.
- */
-//#define MBEDTLS_HAVEGE_C
-
-/**
- * \def MBEDTLS_HKDF_C
- *
- * Enable the HKDF algorithm (RFC 5869).
- *
- * Module: library/hkdf.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the Hashed Message Authentication Code
- * (HMAC)-based key derivation function (HKDF).
- */
-#define MBEDTLS_HKDF_C
-
-/**
- * \def MBEDTLS_HMAC_DRBG_C
- *
- * Enable the HMAC_DRBG random generator.
- *
- * Module: library/hmac_drbg.c
- * Caller:
- *
- * Requires: MBEDTLS_MD_C
- *
- * Uncomment to enable the HMAC_DRBG random number geerator.
- */
-#define MBEDTLS_HMAC_DRBG_C
-
-/**
- * \def MBEDTLS_NIST_KW_C
- *
- * Enable the Key Wrapping mode for 128-bit block ciphers,
- * as defined in NIST SP 800-38F. Only KW and KWP modes
- * are supported. At the moment, only AES is approved by NIST.
- *
- * Module: library/nist_kw.c
- *
- * Requires: MBEDTLS_AES_C and MBEDTLS_CIPHER_C
- */
-//#define MBEDTLS_NIST_KW_C
-
-/**
- * \def MBEDTLS_MD_C
- *
- * Enable the generic message digest layer.
- *
- * Module: library/md.c
- * Caller:
- *
- * Uncomment to enable generic message digest wrappers.
- */
-#define MBEDTLS_MD_C
-
-/**
- * \def MBEDTLS_MD2_C
- *
- * Enable the MD2 hash algorithm.
- *
- * Module: library/md2.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD2-signed X.509 certs.
- *
- * \warning MD2 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD2_C
-
-/**
- * \def MBEDTLS_MD4_C
- *
- * Enable the MD4 hash algorithm.
- *
- * Module: library/md4.c
- * Caller:
- *
- * Uncomment to enable support for (rare) MD4-signed X.509 certs.
- *
- * \warning MD4 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_MD4_C
-
-/**
- * \def MBEDTLS_MD5_C
- *
- * Enable the MD5 hash algorithm.
- *
- * Module: library/md5.c
- * Caller: library/md.c
- * library/pem.c
- * library/ssl_tls.c
- *
- * This module is required for SSL/TLS up to version 1.1, and for TLS 1.2
- * depending on the handshake parameters. Further, it is used for checking
- * MD5-signed certificates, and for PBKDF1 when decrypting PEM-encoded
- * encrypted keys.
- *
- * \warning MD5 is considered a weak message digest and its use constitutes a
- * security risk. If possible, we recommend avoiding dependencies on
- * it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_MD5_C
-
-/**
- * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
- *
- * Enable the buffer allocator implementation that makes use of a (stack)
- * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
- * calls)
- *
- * Module: library/memory_buffer_alloc.c
- *
- * Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
- *
- * Enable this module to enable the buffer memory allocator.
- */
-//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
-
-/**
- * \def MBEDTLS_NET_C
- *
- * Enable the TCP and UDP over IPv6/IPv4 networking routines.
- *
- * \note This module only works on POSIX/Unix (including Linux, BSD and OS X)
- * and Windows. For other platforms, you'll want to disable it, and write your
- * own networking callbacks to be passed to \c mbedtls_ssl_set_bio().
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/net_sockets.c
- *
- * This module provides networking routines.
- */
-#define MBEDTLS_NET_C
-
-/**
- * \def MBEDTLS_OID_C
- *
- * Enable the OID database.
- *
- * Module: library/oid.c
- * Caller: library/asn1write.c
- * library/pkcs5.c
- * library/pkparse.c
- * library/pkwrite.c
- * library/rsa.c
- * library/x509.c
- * library/x509_create.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * This modules translates between OIDs and internal values.
- */
-#define MBEDTLS_OID_C
-
-/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define MBEDTLS_PADLOCK_C
-
-/**
- * \def MBEDTLS_PEM_PARSE_C
- *
- * Enable PEM decoding / parsing.
- *
- * Module: library/pem.c
- * Caller: library/dhm.c
- * library/pkparse.c
- * library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for decoding / parsing PEM files.
- */
-#define MBEDTLS_PEM_PARSE_C
-
-/**
- * \def MBEDTLS_PEM_WRITE_C
- *
- * Enable PEM encoding / writing.
- *
- * Module: library/pem.c
- * Caller: library/pkwrite.c
- * library/x509write_crt.c
- * library/x509write_csr.c
- *
- * Requires: MBEDTLS_BASE64_C
- *
- * This modules adds support for encoding / writing PEM files.
- */
-#define MBEDTLS_PEM_WRITE_C
-
-/**
- * \def MBEDTLS_PK_C
- *
- * Enable the generic public (asymetric) key layer.
- *
- * Module: library/pk.c
- * Caller: library/ssl_tls.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
- *
- * Uncomment to enable generic public key wrappers.
- */
-#define MBEDTLS_PK_C
-
-/**
- * \def MBEDTLS_PK_PARSE_C
- *
- * Enable the generic public (asymetric) key parser.
- *
- * Module: library/pkparse.c
- * Caller: library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key parse functions.
- */
-#define MBEDTLS_PK_PARSE_C
-
-/**
- * \def MBEDTLS_PK_WRITE_C
- *
- * Enable the generic public (asymetric) key writer.
- *
- * Module: library/pkwrite.c
- * Caller: library/x509write.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * Uncomment to enable generic public key write functions.
- */
-#define MBEDTLS_PK_WRITE_C
-
-/**
- * \def MBEDTLS_PKCS5_C
- *
- * Enable PKCS#5 functions.
- *
- * Module: library/pkcs5.c
- *
- * Requires: MBEDTLS_MD_C
- *
- * This module adds support for the PKCS#5 functions.
- */
-#define MBEDTLS_PKCS5_C
-
-/**
- * \def MBEDTLS_PKCS11_C
- *
- * Enable wrapper for PKCS#11 smartcard support.
- *
- * Module: library/pkcs11.c
- * Caller: library/pk.c
- *
- * Requires: MBEDTLS_PK_C
- *
- * This module enables SSL/TLS PKCS #11 smartcard support.
- * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
- */
-//#define MBEDTLS_PKCS11_C
-
-/**
- * \def MBEDTLS_PKCS12_C
- *
- * Enable PKCS#12 PBE functions.
- * Adds algorithms for parsing PKCS#8 encrypted private keys
- *
- * Module: library/pkcs12.c
- * Caller: library/pkparse.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * Can use: MBEDTLS_ARC4_C
- *
- * This module enables PKCS#12 functions.
- */
-#define MBEDTLS_PKCS12_C
-
-/**
- * \def MBEDTLS_PLATFORM_C
- *
- * Enable the platform abstraction layer that allows you to re-assign
- * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
- *
- * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
- * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
- * above to be specified at runtime or compile time respectively.
- *
- * \note This abstraction layer must be enabled on Windows (including MSYS2)
- * as other module rely on it for a fixed snprintf implementation.
- *
- * Module: library/platform.c
- * Caller: Most other .c files
- *
- * This module enables abstraction of common (libc) functions.
- */
-#define MBEDTLS_PLATFORM_C
-
-/**
- * \def MBEDTLS_POLY1305_C
- *
- * Enable the Poly1305 MAC algorithm.
- *
- * Module: library/poly1305.c
- * Caller: library/chachapoly.c
- */
-#define MBEDTLS_POLY1305_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_C
- *
- * Enable the Platform Security Architecture cryptography API.
- *
- * Module: library/psa_crypto.c
- *
- * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
- *
- */
-#define MBEDTLS_PSA_CRYPTO_C
-
-/**
- * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
- *
- * Enable the Platform Security Architecture persistent key storage.
- *
- * Module: library/psa_crypto_storage.c
- *
- * Requires: MBEDTLS_PSA_CRYPTO_C,
- * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
- * the PSA ITS interface
- */
-#define MBEDTLS_PSA_CRYPTO_STORAGE_C
-
-/**
- * \def MBEDTLS_PSA_ITS_FILE_C
- *
- * Enable the emulation of the Platform Security Architecture
- * Internal Trusted Storage (PSA ITS) over files.
- *
- * Module: library/psa_its_file.c
- *
- * Requires: MBEDTLS_FS_IO
- */
-#define MBEDTLS_PSA_ITS_FILE_C
-
-/**
- * \def MBEDTLS_RIPEMD160_C
- *
- * Enable the RIPEMD-160 hash algorithm.
- *
- * Module: library/ripemd160.c
- * Caller: library/md.c
- *
- */
-#define MBEDTLS_RIPEMD160_C
-
-/**
- * \def MBEDTLS_RSA_C
- *
- * Enable the RSA public-key cryptosystem.
- *
- * Module: library/rsa.c
- * library/rsa_internal.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509.c
- *
- * This module is used by the following key exchanges:
- * RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
- */
-#define MBEDTLS_RSA_C
-
-/**
- * \def MBEDTLS_SHA1_C
- *
- * Enable the SHA1 cryptographic hash algorithm.
- *
- * Module: library/sha1.c
- * Caller: library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- * library/x509write_crt.c
- *
- * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
- * depending on the handshake parameters, and for SHA1-signed certificates.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_SHA1_C
-
-/**
- * \def MBEDTLS_SHA256_C
- *
- * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
- *
- * Module: library/sha256.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * This module adds support for SHA-224 and SHA-256.
- * This module is required for the SSL/TLS 1.2 PRF function.
- */
-#define MBEDTLS_SHA256_C
-
-/**
- * \def MBEDTLS_SHA512_C
- *
- * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
- *
- * Module: library/sha512.c
- * Caller: library/entropy.c
- * library/md.c
- * library/ssl_cli.c
- * library/ssl_srv.c
- *
- * This module adds support for SHA-384 and SHA-512.
- */
-#define MBEDTLS_SHA512_C
-
-/**
- * \def MBEDTLS_SSL_CACHE_C
- *
- * Enable simple SSL cache implementation.
- *
- * Module: library/ssl_cache.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_CACHE_C
- */
-#define MBEDTLS_SSL_CACHE_C
-
-/**
- * \def MBEDTLS_SSL_COOKIE_C
- *
- * Enable basic implementation of DTLS cookies for hello verification.
- *
- * Module: library/ssl_cookie.c
- * Caller:
- */
-#define MBEDTLS_SSL_COOKIE_C
-
-/**
- * \def MBEDTLS_SSL_TICKET_C
- *
- * Enable an implementation of TLS server-side callbacks for session tickets.
- *
- * Module: library/ssl_ticket.c
- * Caller:
- *
- * Requires: MBEDTLS_CIPHER_C
- */
-#define MBEDTLS_SSL_TICKET_C
-
-/**
- * \def MBEDTLS_SSL_CLI_C
- *
- * Enable the SSL/TLS client code.
- *
- * Module: library/ssl_cli.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS client support.
- */
-#define MBEDTLS_SSL_CLI_C
-
-/**
- * \def MBEDTLS_SSL_SRV_C
- *
- * Enable the SSL/TLS server code.
- *
- * Module: library/ssl_srv.c
- * Caller:
- *
- * Requires: MBEDTLS_SSL_TLS_C
- *
- * This module is required for SSL/TLS server support.
- */
-#define MBEDTLS_SSL_SRV_C
-
-/**
- * \def MBEDTLS_SSL_TLS_C
- *
- * Enable the generic SSL/TLS code.
- *
- * Module: library/ssl_tls.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- *
- * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
- * and at least one of the MBEDTLS_SSL_PROTO_XXX defines
- *
- * This module is required for SSL/TLS.
- */
-#define MBEDTLS_SSL_TLS_C
-
-/**
- * \def MBEDTLS_THREADING_C
- *
- * Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
- * contexts are not shared between threads. If you do intend to use contexts
- * between threads, you will need to enable this layer to prevent race
- * conditions. See also our Knowledge Base article about threading:
- * https://tls.mbed.org/kb/development/thread-safety-and-multi-threading
- *
- * Module: library/threading.c
- *
- * This allows different threading implementations (self-implemented or
- * provided).
- *
- * You will have to enable either MBEDTLS_THREADING_ALT or
- * MBEDTLS_THREADING_PTHREAD.
- *
- * Enable this layer to allow use of mutexes within mbed TLS
- */
-//#define MBEDTLS_THREADING_C
-
-/**
- * \def MBEDTLS_TIMING_C
- *
- * Enable the semi-portable timing interface.
- *
- * \note The provided implementation only works on POSIX/Unix (including Linux,
- * BSD and OS X) and Windows. On other platforms, you can either disable that
- * module and provide your own implementations of the callbacks needed by
- * \c mbedtls_ssl_set_timer_cb() for DTLS, or leave it enabled and provide
- * your own implementation of the whole module by setting
- * \c MBEDTLS_TIMING_ALT in the current file.
- *
- * \note See also our Knowledge Base article about porting to a new
- * environment:
- * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
- *
- * Module: library/timing.c
- * Caller: library/havege.c
- *
- * This module is used by the HAVEGE random number generator.
- */
-#define MBEDTLS_TIMING_C
-
-/**
- * \def MBEDTLS_VERSION_C
- *
- * Enable run-time version information.
- *
- * Module: library/version.c
- *
- * This module provides run-time version information.
- */
-#define MBEDTLS_VERSION_C
-
-/**
- * \def MBEDTLS_X509_USE_C
- *
- * Enable X.509 core for using certificates.
- *
- * Module: library/x509.c
- * Caller: library/x509_crl.c
- * library/x509_crt.c
- * library/x509_csr.c
- *
- * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
- * MBEDTLS_PK_PARSE_C
- *
- * This module is required for the X.509 parsing modules.
- */
-#define MBEDTLS_X509_USE_C
-
-/**
- * \def MBEDTLS_X509_CRT_PARSE_C
- *
- * Enable X.509 certificate parsing.
- *
- * Module: library/x509_crt.c
- * Caller: library/ssl_cli.c
- * library/ssl_srv.c
- * library/ssl_tls.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 certificate parsing.
- */
-#define MBEDTLS_X509_CRT_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CRL_PARSE_C
- *
- * Enable X.509 CRL parsing.
- *
- * Module: library/x509_crl.c
- * Caller: library/x509_crt.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is required for X.509 CRL parsing.
- */
-#define MBEDTLS_X509_CRL_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CSR_PARSE_C
- *
- * Enable X.509 Certificate Signing Request (CSR) parsing.
- *
- * Module: library/x509_csr.c
- * Caller: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_USE_C
- *
- * This module is used for reading X.509 certificate request.
- */
-#define MBEDTLS_X509_CSR_PARSE_C
-
-/**
- * \def MBEDTLS_X509_CREATE_C
- *
- * Enable X.509 core for creating certificates.
- *
- * Module: library/x509_create.c
- *
- * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
- *
- * This module is the basis for creating X.509 certificates and CSRs.
- */
-#define MBEDTLS_X509_CREATE_C
-
-/**
- * \def MBEDTLS_X509_CRT_WRITE_C
- *
- * Enable creating X.509 certificates.
- *
- * Module: library/x509_crt_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate creation.
- */
-#define MBEDTLS_X509_CRT_WRITE_C
-
-/**
- * \def MBEDTLS_X509_CSR_WRITE_C
- *
- * Enable creating X.509 Certificate Signing Requests (CSR).
- *
- * Module: library/x509_csr_write.c
- *
- * Requires: MBEDTLS_X509_CREATE_C
- *
- * This module is required for X.509 certificate request writing.
- */
-#define MBEDTLS_X509_CSR_WRITE_C
-
-/**
- * \def MBEDTLS_XTEA_C
- *
- * Enable the XTEA block cipher.
- *
- * Module: library/xtea.c
- * Caller:
- */
-#define MBEDTLS_XTEA_C
-
-/* \} name SECTION: mbed TLS modules */
-
-/**
- * \name SECTION: Module configuration options
- *
- * This section allows for the setting of module specific sizes and
- * configuration options. The default values are already present in the
- * relevant header files and should suffice for the regular use cases.
- *
- * Our advice is to enable options and change their values here
- * only if you have a good reason and know the consequences.
- *
- * Please check the respective header file for documentation on these
- * parameters (to prevent duplicate documentation).
- * \{
- */
-
-/* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum windows size used. */
-//#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */
-
-/* CTR_DRBG options */
-//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_CTR_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-//#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
-
-/* HMAC_DRBG options */
-//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000 /**< Interval before reseed is performed by default */
-//#define MBEDTLS_HMAC_DRBG_MAX_INPUT 256 /**< Maximum number of additional input bytes */
-//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024 /**< Maximum number of requested bytes per call */
-//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
-
-/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
-//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
-
-/* Entropy options */
-//#define MBEDTLS_ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
-//#define MBEDTLS_ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */
-//#define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
-
-/* Memory buffer allocator options */
-//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4 /**< Align on multiples of this value */
-
-/* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< Default snprintf to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS 0 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE 1 /**< Default exit value to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_READ mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
-//#define MBEDTLS_PLATFORM_FPRINTF_MACRO fprintf /**< Default fprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_PRINTF_MACRO printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correctly zero-terminate the buffer! */
-//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf /**< Default snprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO vsnprintf /**< Default vsnprintf macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
-
-/**
- * \brief This macro is invoked by the library when an invalid parameter
- * is detected that is only checked with MBEDTLS_CHECK_PARAMS
- * (see the documentation of that option for context).
- *
- * When you leave this undefined here, a default definition is
- * provided that invokes the function mbedtls_param_failed(),
- * which is declared in platform_util.h for the benefit of the
- * library, but that you need to define in your application.
- *
- * When you define this here, this replaces the default
- * definition in platform_util.h (which no longer declares the
- * function mbedtls_param_failed()) and it is your responsibility
- * to make sure this macro expands to something suitable (in
- * particular, that all the necessary declarations are visible
- * from within the library - you can ensure that by providing
- * them in this file next to the macro definition).
- *
- * Note that you may define this macro to expand to nothing, in
- * which case you don't have to worry about declarations or
- * definitions. However, you will then be notified about invalid
- * parameters only in non-void functions, and void function will
- * just silently return early on invalid parameters, which
- * partially negates the benefits of enabling
- * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged.
- *
- * \param cond The expression that should evaluate to true, but doesn't.
- */
-//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
-
-/* SSL Cache options */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */
-//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES 50 /**< Maximum entries in cache */
-
-/* SSL options */
-
-/** \def MBEDTLS_SSL_MAX_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming and outgoing plaintext fragments.
- *
- * This determines the size of both the incoming and outgoing TLS I/O buffers
- * in such a way that both are capable of holding the specified amount of
- * plaintext data, regardless of the protection mechanism used.
- *
- * To configure incoming and outgoing I/O buffers separately, use
- * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN,
- * which overwrite the value set by this option.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- * recommended to use the Maximum Fragment Length (MFL) extension to
- * inform the server about this limitation. On the server, there
- * is no supported, standardized way of informing the client about
- * restriction on the maximum size of incoming messages, and unless
- * the limitation has been communicated by other means, it is recommended
- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- * while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of both
- * incoming and outgoing I/O buffers.
- */
-//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_IN_CONTENT_LEN
- *
- * Maximum length (in bytes) of incoming plaintext fragments.
- *
- * This determines the size of the incoming TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * If this option is undefined, it inherits its value from
- * #MBEDTLS_SSL_MAX_CONTENT_LEN.
- *
- * \note When using a value less than the default of 16KB on the client, it is
- * recommended to use the Maximum Fragment Length (MFL) extension to
- * inform the server about this limitation. On the server, there
- * is no supported, standardized way of informing the client about
- * restriction on the maximum size of incoming messages, and unless
- * the limitation has been communicated by other means, it is recommended
- * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN
- * while keeping the default value of 16KB for the incoming buffer.
- *
- * Uncomment to set the maximum plaintext size of the incoming I/O buffer
- * independently of the outgoing I/O buffer.
- */
-//#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_OUT_CONTENT_LEN
- *
- * Maximum length (in bytes) of outgoing plaintext fragments.
- *
- * This determines the size of the outgoing TLS I/O buffer in such a way
- * that it is capable of holding the specified amount of plaintext data,
- * regardless of the protection mechanism used.
- *
- * If this option undefined, it inherits its value from
- * #MBEDTLS_SSL_MAX_CONTENT_LEN.
- *
- * It is possible to save RAM by setting a smaller outward buffer, while keeping
- * the default inward 16384 byte buffer to conform to the TLS specification.
- *
- * The minimum required outward buffer size is determined by the handshake
- * protocol's usage. Handshaking will fail if the outward buffer is too small.
- * The specific size requirement depends on the configured ciphers and any
- * certificate data which is sent during the handshake.
- *
- * Uncomment to set the maximum plaintext size of the outgoing I/O buffer
- * independently of the incoming I/O buffer.
- */
-//#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
-
-/** \def MBEDTLS_SSL_DTLS_MAX_BUFFERING
- *
- * Maximum number of heap-allocated bytes for the purpose of
- * DTLS handshake message reassembly and future message buffering.
- *
- * This should be at least 9/8 * MBEDTLSSL_IN_CONTENT_LEN
- * to account for a reassembled handshake message of maximum size,
- * together with its reassembly bitmap.
- *
- * A value of 2 * MBEDTLS_SSL_IN_CONTENT_LEN (32768 by default)
- * should be sufficient for all practical situations as it allows
- * to reassembly a large handshake message (such as a certificate)
- * while buffering multiple smaller handshake messages.
- *
- */
-//#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
-
-//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 86400 /**< Lifetime of session tickets (if enabled) */
-//#define MBEDTLS_PSK_MAX_LEN 32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define MBEDTLS_SSL_COOKIE_TIMEOUT 60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-
-/**
- * Complete list of ciphersuites to use, in order of preference.
- *
- * \warning No dependency checking is done on that field! This option can only
- * be used to restrict the set of available ciphersuites. It is your
- * responsibility to make sure the needed modules are active.
- *
- * Use this to save a few hundred bytes of ROM (default ordering of all
- * available ciphersuites) and a few to a few hundred bytes of RAM.
- *
- * The value below is only an example, not the default.
- */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
-/* X509 options */
-//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
-//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-
-/**
- * Allow SHA-1 in the default TLS configuration for certificate signing.
- * Without this build-time option, SHA-1 support must be activated explicitly
- * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
- * recommended because of it is possible to generate SHA-1 collisions, however
- * this may be safe for legacy infrastructure where additional controls apply.
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
-
-/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/* \} name SECTION: Customisation configuration options */
-
-/* Target and application specific configurations
- *
- * Allow user to override any previous default.
- *
- */
-#if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
-#endif
-
-#include "mbedtls/check_config.h"
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 6eb03a9..9cad382 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -80,8 +80,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 384
-#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes
+#define MBEDTLS_MPI_MAX_SIZE 48 // 48 bytes for a 384-bit elliptic curve
/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE 2
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 47dd5e2..8464fcb 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -81,8 +81,7 @@
#define MBEDTLS_AES_ROM_TABLES
/* Save RAM by adjusting to our exact needs */
-#define MBEDTLS_ECP_MAX_BITS 256
-#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes
+#define MBEDTLS_MPI_MAX_SIZE 32 // 32 bytes for a 256-bit elliptic curve
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index 2bdbff4..23274c7 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -134,7 +134,7 @@
"entry_points": ["sign_hash"],
"algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)",
"PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384)"],
- "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)"],
+ "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)"],
"key_sizes": [256, 384]
}
```
@@ -164,7 +164,7 @@
Valid examples:
```
PSA_KEY_TYPE_AES
-PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)
+PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)
PSA_KEY_TYPE_ECC_KEY_PAIR(_)
```
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index dcbb705..4ff63ce 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage mbed TLS v2.26.0 source code documentation
+ * @mainpage mbed TLS v2.27.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 27cba6e..186c148 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.26.0"
+PROJECT_NAME = "mbed TLS v2.27.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index a4b27b3..6c73d10 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -61,14 +61,14 @@
/* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED -0x0058 /**< ARIA hardware accelerator failed. */
-#if !defined(MBEDTLS_ARIA_ALT)
-// Regular implementation
-//
-
#ifdef __cplusplus
extern "C" {
#endif
+#if !defined(MBEDTLS_ARIA_ALT)
+// Regular implementation
+//
+
/**
* \brief The ARIA context-type definition.
*/
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 637360e..f087035 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -871,6 +871,44 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
+/** Generate a random number uniformly in a range.
+ *
+ * This function generates a random number between \p min inclusive and
+ * \p N exclusive.
+ *
+ * The procedure complies with RFC 6979 §3.3 (deterministic ECDSA)
+ * when the RNG is a suitably parametrized instance of HMAC_DRBG
+ * and \p min is \c 1.
+ *
+ * \note There are `N - min` possible outputs. The lower bound
+ * \p min can be reached, but the upper bound \p N cannot.
+ *
+ * \param X The destination MPI. This must point to an initialized MPI.
+ * \param min The minimum value to return.
+ * It must be nonnegative.
+ * \param N The upper bound of the range, exclusive.
+ * In other words, this is one plus the maximum value to return.
+ * \p N must be strictly larger than \p min.
+ * \param f_rng The RNG function to use. This must not be \c NULL.
+ * \param p_rng The RNG parameter to be passed to \p f_rng.
+ *
+ * \return \c 0 if successful.
+ * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
+ * \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p min or \p N is invalid
+ * or if they are incompatible.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if the implementation was
+ * unable to find a suitable value within a limited number
+ * of attempts. This has a negligible probability if \p N
+ * is significantly larger than \p min, which is the case
+ * for all usual cryptographic applications.
+ * \return Another negative error code on failure.
+ */
+int mbedtls_mpi_random( mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
/**
* \brief Compute the greatest common divisor: G = gcd(A, B)
*
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index 17d057f..a0fa677 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -44,6 +44,46 @@
#include "mbedtls/bignum.h"
+
+/*
+ * Conversion macros for embedded constants:
+ * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
+ */
+#if defined(MBEDTLS_HAVE_INT32)
+
+#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
+ ( (mbedtls_mpi_uint) (a) << 0 ) | \
+ ( (mbedtls_mpi_uint) (b) << 8 ) | \
+ ( (mbedtls_mpi_uint) (c) << 16 ) | \
+ ( (mbedtls_mpi_uint) (d) << 24 )
+
+#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
+ MBEDTLS_BYTES_TO_T_UINT_4( a, b, 0, 0 )
+
+#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
+ MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ), \
+ MBEDTLS_BYTES_TO_T_UINT_4( e, f, g, h )
+
+#else /* 64-bits */
+
+#define MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
+ ( (mbedtls_mpi_uint) (a) << 0 ) | \
+ ( (mbedtls_mpi_uint) (b) << 8 ) | \
+ ( (mbedtls_mpi_uint) (c) << 16 ) | \
+ ( (mbedtls_mpi_uint) (d) << 24 ) | \
+ ( (mbedtls_mpi_uint) (e) << 32 ) | \
+ ( (mbedtls_mpi_uint) (f) << 40 ) | \
+ ( (mbedtls_mpi_uint) (g) << 48 ) | \
+ ( (mbedtls_mpi_uint) (h) << 56 )
+
+#define MBEDTLS_BYTES_TO_T_UINT_4( a, b, c, d ) \
+ MBEDTLS_BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
+
+#define MBEDTLS_BYTES_TO_T_UINT_2( a, b ) \
+ MBEDTLS_BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
+
+#endif /* bits in mbedtls_mpi_uint */
+
#if defined(MBEDTLS_HAVE_ASM)
#ifndef asm
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index a6545ab..ce25bd0 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -55,9 +55,8 @@
#endif
#endif /* _WIN32 */
-#if defined(TARGET_LIKE_MBED) && \
- ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) )
-#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS"
+#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
+#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
#endif
#if defined(MBEDTLS_DEPRECATED_WARNING) && \
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 09bab95..e2f460c 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -427,7 +427,7 @@
* be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
* must stay untouched.
*
- * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
* MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
* tables.
*
@@ -1897,7 +1897,7 @@
/**
* \def MBEDTLS_SSL_DTLS_SRTP
*
- * Enable support for negotation of DTLS-SRTP (RFC 5764)
+ * Enable support for negotiation of DTLS-SRTP (RFC 5764)
* through the use_srtp extension.
*
* \note This feature provides the minimum functionality required
@@ -3616,8 +3616,8 @@
//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */
/* ECP options */
-//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */
-//#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups. Normally determined automatically from the configured curves. */
+//#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< Maximum window size used */
//#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */
/* Entropy options */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index fa415d5..c2a4422 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -38,6 +38,30 @@
extern "C" {
#endif
+
+
+/****************************************************************/
+/* De facto synonyms */
+/****************************************************************/
+
+#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
+#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#endif
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#endif
+
+
+
+/****************************************************************/
+/* Require built-in implementations based on PSA requirements */
+/****************************************************************/
+
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
@@ -497,6 +521,12 @@
#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+
+/****************************************************************/
+/* Infer PSA requirements from Mbed TLS capabilities */
+/****************************************************************/
+
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
/*
@@ -522,6 +552,7 @@
#if defined(MBEDTLS_ECDSA_C)
#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_ECDSA_ANY 1
// Only add in DETERMINISTIC support if ECDSA is also enabled
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
@@ -586,6 +617,7 @@
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
#endif /* MBEDTLSS_PKCS1_V15 */
#if defined(MBEDTLS_PKCS1_V21)
#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index dd20ba0..3c08244 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -94,8 +94,13 @@
*/
#if defined(__has_attribute)
#if __has_attribute(format)
+#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
- __attribute__((format (printf, string_index, first_to_check)))
+ __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
+#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
+#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+ __attribute__((format(printf, string_index, first_to_check)))
+#endif
#else /* __has_attribute(format) */
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
#endif /* __has_attribute(format) */
@@ -115,14 +120,14 @@
*
* This module provides debugging functions.
*/
-#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
+#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
#include <inttypes.h>
#define MBEDTLS_PRINTF_SIZET PRIuPTR
#define MBEDTLS_PRINTF_LONGLONG "I64d"
-#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#else /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#define MBEDTLS_PRINTF_SIZET "zu"
#define MBEDTLS_PRINTF_LONGLONG "lld"
-#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#endif /* (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
#ifdef __cplusplus
extern "C" {
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 34dd0ea..06880a0 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -96,6 +96,7 @@
* - Add it at the end of this enum, otherwise you'll break the ABI by
* changing the numerical value for existing curves.
* - Increment MBEDTLS_ECP_DP_MAX below if needed.
+ * - Update the calculation of MBEDTLS_ECP_MAX_BITS_MIN below.
* - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to
* config.h.
* - List the curve as a dependency of MBEDTLS_ECP_C and
@@ -171,6 +172,40 @@
}
mbedtls_ecp_point;
+/* Determine the minimum safe value of MBEDTLS_ECP_MAX_BITS. */
+#if !defined(MBEDTLS_ECP_C)
+#define MBEDTLS_ECP_MAX_BITS_MIN 0
+/* Note: the curves must be listed in DECREASING size! */
+#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 521
+#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 512
+#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 448
+#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 384
+#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 384
+#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 256
+#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 256
+#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 256
+#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 255
+#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 225 // n is slightly above 2^224
+#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 224
+#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 192
+#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#define MBEDTLS_ECP_MAX_BITS_MIN 192
+#else
+#error "MBEDTLS_ECP_C enabled, but no curve?"
+#endif
+
#if !defined(MBEDTLS_ECP_ALT)
/*
* default mbed TLS elliptic curve arithmetic implementation
@@ -245,11 +280,23 @@
* \{
*/
-#if !defined(MBEDTLS_ECP_MAX_BITS)
+#if defined(MBEDTLS_ECP_MAX_BITS)
+
+#if MBEDTLS_ECP_MAX_BITS < MBEDTLS_ECP_MAX_BITS_MIN
+#error "MBEDTLS_ECP_MAX_BITS is smaller than the largest supported curve"
+#endif
+
+#elif defined(MBEDTLS_ECP_C)
/**
* The maximum size of the groups, that is, of \c N and \c P.
*/
-#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */
+#define MBEDTLS_ECP_MAX_BITS MBEDTLS_ECP_MAX_BITS_MIN
+
+#else
+/* MBEDTLS_ECP_MAX_BITS is not relevant without MBEDTLS_ECP_C, but set it
+ * to a nonzero value so that code that unconditionally allocates an array
+ * of a size based on it keeps working if built without ECC support. */
+#define MBEDTLS_ECP_MAX_BITS 1
#endif
#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
@@ -258,7 +305,8 @@
#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
/*
* Maximum "window" size used for point multiplication.
- * Default: 6.
+ * Default: a point where higher memory usage yields disminishing performance
+ * returns.
* Minimum value: 2. Maximum value: 7.
*
* Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
@@ -275,7 +323,7 @@
* 224 475 475 453 398 342
* 192 640 640 633 587 476
*/
-#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< The maximum window size used. */
+#define MBEDTLS_ECP_WINDOW_SIZE 4 /**< The maximum window size used. */
#endif /* MBEDTLS_ECP_WINDOW_SIZE */
#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
@@ -466,8 +514,7 @@
/**
* \brief This function retrieves the information defined in
- * mbedtls_ecp_curve_info() for all supported curves in order
- * of preference.
+ * mbedtls_ecp_curve_info() for all supported curves.
*
* \note This function returns information about all curves
* supported by the library. Some curves may not be
@@ -1180,7 +1227,7 @@
*
* \param grp_id The ECP group identifier.
* \param key The destination key.
- * \param buf The the buffer containing the binary representation of the
+ * \param buf The buffer containing the binary representation of the
* key. (Big endian integer for Weierstrass curves, byte
* string for Montgomery curves.)
* \param buflen The length of the buffer in bytes.
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index aabbe6c..6296cd3 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -151,8 +151,8 @@
*
* \param high high-level error code. See error.h for more details.
* \param low low-level error code. See error.h for more details.
- * \param file file where this error code addition occured.
- * \param line line where this error code addition occured.
+ * \param file file where this error code addition occurred.
+ * \param line line where this error code addition occurred.
*/
static inline int mbedtls_error_add( int high, int low,
const char *file, int line )
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 78dbeb6..4f4e400 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -71,7 +71,7 @@
*
* \param feature The feature to detect
*
- * \return 1 if CPU has support for the feature, 0 otherwise
+ * \return non-zero if CPU has support for the feature, 0 otherwise
*/
int mbedtls_padlock_has_support( int feature );
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index b4c9a04..991026e 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -976,12 +976,14 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \note The \p hash_id in the RSA context is the one used for the
- * encoding. \p md_alg in the function call is the type of hash
- * that is encoded. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx (when calling
+ * mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
+ * afterwards) selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same.
+ * Specifications</em>.
*
* \note This function enforces that the provided salt length complies
* with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
@@ -1029,12 +1031,14 @@
* \brief This function performs a PKCS#1 v2.1 PSS signature
* operation (RSASSA-PSS-SIGN).
*
- * \note The \p hash_id in the RSA context is the one used for the
- * encoding. \p md_alg in the function call is the type of hash
- * that is encoded. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx (when calling
+ * mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
+ * afterwards) selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same.
+ * Specifications</em>.
*
* \note This function always uses the maximum possible salt size,
* up to the length of the payload hash. This choice of salt
@@ -1064,7 +1068,7 @@
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
- * Ths is only used if \p md_alg is #MBEDTLS_MD_NONE.
+ * This is only used if \p md_alg is #MBEDTLS_MD_NONE.
* \param hash The buffer holding the message digest or raw data.
* If \p md_alg is #MBEDTLS_MD_NONE, this must be a readable
* buffer of length \p hashlen Bytes. If \p md_alg is not
@@ -1190,16 +1194,15 @@
* \brief This function performs a PKCS#1 v2.1 PSS verification
* operation (RSASSA-PSS-VERIFY).
*
- * The hash function for the MGF mask generating function
- * is that specified in the RSA context.
- *
- * \note The \p hash_id in the RSA context is the one used for the
- * verification. \p md_alg in the function call is the type of
- * hash that is verified. According to <em>RFC-3447: Public-Key
+ * \note The \c hash_id set in \p ctx (when calling
+ * mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
+ * afterwards) selects the hash used for the
+ * encoding operation and for the mask generation function
+ * (MGF1). For more details on the encoding operation and the
+ * mask generation function, consult <em>RFC-3447: Public-Key
* Cryptography Standards (PKCS) #1 v2.1: RSA Cryptography
- * Specifications</em> it is advised to keep both hashes the
- * same. If \p hash_id in the RSA context is unset,
- * the \p md_alg from the function call is used.
+ * Specifications</em>. If the \c hash_id set in \p ctx is
+ * #MBEDTLS_MD_NONE, the \p md_alg parameter is used.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
@@ -1247,13 +1250,12 @@
* \brief This function performs a PKCS#1 v2.1 PSS verification
* operation (RSASSA-PSS-VERIFY).
*
- * The hash function for the MGF mask generating function
- * is that specified in \p mgf1_hash_id.
- *
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
*
- * \note The \p hash_id in the RSA context is ignored.
+ * \note The \c hash_id set in \p ctx (when calling
+ * mbedtls_rsa_init() or by calling mbedtls_rsa_set_padding()
+ * afterwards) is ignored.
*
* \param ctx The initialized RSA public key context to use.
* \param f_rng The RNG function to use. If \p mode is #MBEDTLS_RSA_PRIVATE,
@@ -1272,7 +1274,13 @@
* buffer of length \p hashlen Bytes. If \p md_alg is not
* #MBEDTLS_MD_NONE, it must be a readable buffer of length
* the size of the hash corresponding to \p md_alg.
- * \param mgf1_hash_id The message digest used for mask generation.
+ * \param mgf1_hash_id The message digest algorithm used for the
+ * verification operation and the mask generation
+ * function (MGF1). For more details on the encoding
+ * operation and the mask generation function, consult
+ * <em>RFC-3447: Public-Key Cryptography Standards
+ * (PKCS) #1 v2.1: RSA Cryptography
+ * Specifications</em>.
* \param expected_salt_len The length of the salt used in padding. Use
* #MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length.
* \param sig The buffer holding the signature. This must be a readable
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7815ad9..30dfbce 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2987,7 +2987,9 @@
#if defined(MBEDTLS_ECP_C)
/**
* \brief Set the allowed curves in order of preference.
- * (Default: all defined curves.)
+ * (Default: all defined curves in order of decreasing size,
+ * except that Montgomery curves come last. This order
+ * is likely to change in a future version.)
*
* On server: this only affects selection of the ECDHE curve;
* the curves used for ECDH and ECDSA are determined by the
@@ -3019,7 +3021,9 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
/**
* \brief Set the allowed hashes for signatures during the handshake.
- * (Default: all available hashes except MD5.)
+ * (Default: all SHA-2 hashes, largest first. Also SHA-1 if
+ * the compile-time option
+ * `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is enabled.)
*
* \note This only affects which hashes are offered and can be used
* for signatures during the handshake. Hashes for message
@@ -4327,7 +4331,7 @@
/**
* \brief TLS-PRF function for key derivation.
*
- * \param prf The tls_prf type funtion type to be used.
+ * \param prf The tls_prf type function type to be used.
* \param secret Secret for the key derivation function.
* \param slen Length of the secret.
* \param label String label for the key derivation function,
@@ -4337,7 +4341,7 @@
* \param dstbuf The buffer holding the derived key.
* \param dlen Length of the output buffer.
*
- * \return 0 on sucess. An SSL specific error on failure.
+ * \return 0 on success. An SSL specific error on failure.
*/
int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index bf5fc97..a882eed 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -97,7 +97,7 @@
* Recommended value: 86400 (one day).
*
* \note It is highly recommended to select a cipher that is at
- * least as strong as the the strongest ciphersuite
+ * least as strong as the strongest ciphersuite
* supported. Usually that means a 256-bit key.
*
* \note The lifetime of the keys is twice the lifetime of tickets.
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 5b0c70f..2740479 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -37,7 +37,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 26
+#define MBEDTLS_VERSION_MINOR 27
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -45,9 +45,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x021A0000
-#define MBEDTLS_VERSION_STRING "2.26.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.26.0"
+#define MBEDTLS_VERSION_NUMBER 0x021B0000
+#define MBEDTLS_VERSION_STRING "2.27.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.27.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 8e389f8..64ccb43 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -263,12 +263,21 @@
/**
* Default security profile. Should provide a good balance between security
* and compatibility with current deployments.
+ *
+ * This profile permits:
+ * - SHA2 hashes.
+ * - All supported elliptic curves.
+ * - RSA with 2048 bits and above.
+ *
+ * New minor versions of Mbed TLS may extend this profile, for example if
+ * new curves are added to the library. New minor versions of Mbed TLS will
+ * not reduce this profile unless serious security concerns require it.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
/**
* Expected next default profile. Recommended for new deployments.
- * Currently targets a 128-bit security level, except for RSA-2048.
+ * Currently targets a 128-bit security level, except for allowing RSA-2048.
*/
extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 94b8f99..17bebf3 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -2890,6 +2890,123 @@
*/
/**
+ * \brief Sign a message with a private key. For hash-and-sign algorithms,
+ * this includes the hashing step.
+ *
+ * \note To perform a multi-part hash-and-sign signature algorithm, first use
+ * a multi-part hash operation and then pass the resulting hash to
+ * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+ * hash algorithm to use.
+ *
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. The key must
+ * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The input message to sign.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes. This
+ * must be appropriate for the selected
+ * algorithm and key:
+ * - The required signature size is
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and
+ * bit-size respectively of key.
+ * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+ * maximum signature size of any supported
+ * signature algorithm.
+ * \param[out] signature_length On success, the number of bytes that make up
+ * the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length );
+
+/** \brief Verify the signature of a message with a public key, using
+ * a hash-and-sign verification algorithm.
+ *
+ * \note To perform a multi-part hash-and-sign signature verification
+ * algorithm, first use a multi-part hash operation to hash the message
+ * and then pass the resulting hash to psa_verify_hash().
+ * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+ * to use.
+ *
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be a public key or an asymmetric key
+ * pair. The key must allow the usage
+ * #PSA_KEY_USAGE_VERIFY_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The message whose signature is to be verified.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed signature
+ * is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * \retval #PSA_ERROR_HARDWARE_FAILURE
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * \retval #PSA_ERROR_DATA_CORRUPT
+ * \retval #PSA_ERROR_DATA_INVALID
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ const uint8_t * signature,
+ size_t signature_length );
+
+/**
* \brief Sign a hash or short message with a private key.
*
* Note that to perform a hash-and-sign signature algorithm, you must
@@ -2942,7 +3059,7 @@
size_t *signature_length);
/**
- * \brief Verify the signature a hash or short message using a public key.
+ * \brief Verify the signature of a hash or short message using a public key.
*
* Note that to perform a hash-and-sign signature algorithm, you must
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
new file mode 100644
index 0000000..1d11b00
--- /dev/null
+++ b/include/psa/crypto_builtin_composites.h
@@ -0,0 +1,92 @@
+/*
+ * Context structure declaration of the Mbed TLS software-based PSA drivers
+ * called through the PSA Crypto driver dispatch layer.
+ * This file contains the context structures of those algorithms which need to
+ * rely on other algorithms, i.e. are 'composite' algorithms.
+ *
+ * \note This file may not be included directly. Applications must
+ * include psa/crypto.h.
+ *
+ * \note This header and its content is not part of the Mbed TLS API and
+ * applications must not depend on it. Its main purpose is to define the
+ * multi-part state objects of the Mbed TLS software-based PSA drivers. The
+ * definition of these objects are then used by crypto_struct.h to define the
+ * implementation-defined types of PSA multi-part state objects.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H
+#define PSA_CRYPTO_BUILTIN_COMPOSITES_H
+
+#include <psa/crypto_driver_common.h>
+
+/*
+ * MAC multi-part operation definitions.
+ */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_MAC
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
+typedef struct
+{
+ /** The HMAC algorithm in use */
+ psa_algorithm_t alg;
+ /** The hash context. */
+ struct psa_hash_operation_s hash_ctx;
+ /** The HMAC part of the context. */
+ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+} mbedtls_psa_hmac_operation_t;
+
+#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
+
+#include "mbedtls/cmac.h"
+
+typedef struct
+{
+ psa_algorithm_t alg;
+ union
+ {
+ unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_psa_hmac_operation_t hmac;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
+ mbedtls_cipher_context_t cmac;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
+ } ctx;
+} mbedtls_psa_mac_operation_t;
+
+#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}}
+
+/*
+ * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.
+ */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+typedef mbedtls_psa_mac_operation_t mbedtls_transparent_test_driver_mac_operation_t;
+typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t;
+
+#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
+#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */
diff --git a/include/psa/crypto_builtin.h b/include/psa/crypto_builtin_primitives.h
similarity index 91%
rename from include/psa/crypto_builtin.h
rename to include/psa/crypto_builtin_primitives.h
index b3bc140..d7a69e5 100644
--- a/include/psa/crypto_builtin.h
+++ b/include/psa/crypto_builtin_primitives.h
@@ -1,6 +1,8 @@
/*
* Context structure declaration of the Mbed TLS software-based PSA drivers
* called through the PSA Crypto driver dispatch layer.
+ * This file contains the context structures of those algorithms which do not
+ * rely on other algorithms, i.e. are 'primitive' algorithms.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
@@ -28,8 +30,8 @@
* limitations under the License.
*/
-#ifndef PSA_CRYPTO_BUILTIN_H
-#define PSA_CRYPTO_BUILTIN_H
+#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H
+#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H
#include <psa/crypto_driver_common.h>
@@ -111,7 +113,10 @@
psa_algorithm_t alg;
uint8_t iv_length;
uint8_t block_length;
- mbedtls_cipher_context_t cipher;
+ union {
+ unsigned int dummy;
+ mbedtls_cipher_context_t cipher;
+ } ctx;
} mbedtls_psa_cipher_operation_t;
#define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}}
@@ -141,4 +146,4 @@
#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_BUILTIN_H */
+#endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 5dabbd2..09ac488 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -44,7 +44,7 @@
#define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT
-/** Check wether an handle is null.
+/** Check whether an handle is null.
*
* \param handle Handle
*
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 736d9ab..246e894 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -57,6 +57,7 @@
#define PSA_WANT_ALG_CBC_NO_PADDING 1
#define PSA_WANT_ALG_CBC_PKCS7 1
#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CMAC 1
#define PSA_WANT_ALG_CFB 1
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
#define PSA_WANT_ALG_CMAC 1
diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts_composites.h
similarity index 74%
copy from include/psa/crypto_driver_contexts.h
copy to include/psa/crypto_driver_contexts_composites.h
index d725e84..239fdcb 100644
--- a/include/psa/crypto_driver_contexts.h
+++ b/include/psa/crypto_driver_contexts_composites.h
@@ -1,6 +1,8 @@
/*
* Declaration of context structures for use with the PSA driver wrapper
- * interface.
+ * interface. This file contains the context structures for 'composite'
+ * operations, i.e. those operations which need to make use of other operations
+ * from the primitives (crypto_driver_contexts_primitives.h)
*
* Warning: This file will be auto-generated in the future.
*
@@ -29,17 +31,16 @@
* limitations under the License.
*/
-#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_H
-#define PSA_CRYPTO_DRIVER_CONTEXTS_H
+#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
+#define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H
-#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
-#include "psa/crypto_builtin.h"
+#include "psa/crypto_builtin_composites.h"
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.
@@ -50,20 +51,12 @@
typedef union {
unsigned dummy; /* Make sure this union is always non-empty */
- mbedtls_psa_hash_operation_t mbedtls_ctx;
+ mbedtls_psa_mac_operation_t mbedtls_ctx;
#if defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_transparent_test_driver_hash_operation_t test_driver_ctx;
+ mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx;
+ mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx;
#endif
-} psa_driver_hash_context_t;
+} psa_driver_mac_context_t;
-typedef union {
- unsigned dummy; /* Make sure this union is always non-empty */
- mbedtls_psa_cipher_operation_t mbedtls_ctx;
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- mbedtls_transparent_test_driver_cipher_operation_t transparent_test_driver_ctx;
- mbedtls_opaque_test_driver_cipher_operation_t opaque_test_driver_ctx;
-#endif
-} psa_driver_cipher_context_t;
-
-#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */
+#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */
/* End of automatically generated file. */
diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts_primitives.h
similarity index 88%
rename from include/psa/crypto_driver_contexts.h
rename to include/psa/crypto_driver_contexts_primitives.h
index d725e84..104d4bd 100644
--- a/include/psa/crypto_driver_contexts.h
+++ b/include/psa/crypto_driver_contexts_primitives.h
@@ -1,6 +1,7 @@
/*
* Declaration of context structures for use with the PSA driver wrapper
- * interface.
+ * interface. This file contains the context structures for 'primitive'
+ * operations, i.e. those operations which do not rely on other contexts.
*
* Warning: This file will be auto-generated in the future.
*
@@ -29,17 +30,16 @@
* limitations under the License.
*/
-#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_H
-#define PSA_CRYPTO_DRIVER_CONTEXTS_H
+#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
+#define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H
-#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
/* Include the context structure definitions for those drivers that were
* declared during the autogeneration process. */
/* Include the context structure definitions for the Mbed TLS software drivers */
-#include "psa/crypto_builtin.h"
+#include "psa/crypto_builtin_primitives.h"
/* Define the context to be used for an operation that is executed through the
* PSA Driver wrapper layer as the union of all possible driver's contexts.
@@ -65,5 +65,5 @@
#endif
} psa_driver_cipher_context_t;
-#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */
+#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */
/* End of automatically generated file. */
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 8acf22c..66f4687 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -81,6 +81,18 @@
#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+/*
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
+ * (Secure Partition Manager) integration which separates the code into two
+ * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
+ * Environment). When building for the SPE, an additional header file should be
+ * included.
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+#define PSA_CRYPTO_SECURE 1
+#include "crypto_spe.h"
+#endif // MBEDTLS_PSA_CRYPTO_SPM
+
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
/** The type of the context passed to mbedtls_psa_external_get_random().
*
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index aaf117f..1dc8f9b 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -1159,7 +1159,7 @@
* can be problemmatic to manage on embedded platforms, the inputs are passed
* to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
* is called multiple times with different `collateral_id`s. Thus, for a key
- * derivation algorithm that required 3 paramter inputs, the flow would look
+ * derivation algorithm that required 3 parameter inputs, the flow would look
* something like:
* ~~~~~~~~~~~~~{.c}
* psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes);
@@ -1207,7 +1207,7 @@
* element key derivation or key agreement operation
*
* Since many key derivation algorithms require multiple parameters, it is
- * expeced that this function may be called multiple times for the same
+ * expected that this function may be called multiple times for the same
* operation, each with a different algorithm-specific `collateral_id`
*
* \param[in,out] op_context A hardware-specific structure containing any
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 8ac7ce1..94242f8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -76,8 +76,9 @@
#include "mbedtls/cmac.h"
#include "mbedtls/gcm.h"
-/* Include the context definition for the compiled-in drivers */
-#include "psa/crypto_driver_contexts.h"
+/* Include the context definition for the compiled-in drivers for the primitive
+ * algorithms. */
+#include "psa/crypto_driver_contexts_primitives.h"
struct psa_hash_operation_s
{
@@ -98,46 +99,6 @@
return( v );
}
-#if defined(MBEDTLS_MD_C)
-typedef struct
-{
- /** The HMAC algorithm in use */
- psa_algorithm_t alg;
- /** The hash context. */
- struct psa_hash_operation_s hash_ctx;
- /** The HMAC part of the context. */
- uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
-} psa_hmac_internal_data;
-#endif /* MBEDTLS_MD_C */
-
-struct psa_mac_operation_s
-{
- psa_algorithm_t alg;
- unsigned int key_set : 1;
- unsigned int iv_required : 1;
- unsigned int iv_set : 1;
- unsigned int has_input : 1;
- unsigned int is_sign : 1;
- uint8_t mac_size;
- union
- {
- unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
-#if defined(MBEDTLS_MD_C)
- psa_hmac_internal_data hmac;
-#endif
-#if defined(MBEDTLS_CMAC_C)
- mbedtls_cipher_context_t cmac;
-#endif
- } ctx;
-};
-
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}}
-static inline struct psa_mac_operation_s psa_mac_operation_init( void )
-{
- const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
- return( v );
-}
-
struct psa_cipher_operation_s
{
/** Unique ID indicating which driver got assigned to do the
@@ -163,6 +124,31 @@
return( v );
}
+/* Include the context definition for the compiled-in drivers for the composite
+ * algorithms. */
+#include "psa/crypto_driver_contexts_composites.h"
+
+struct psa_mac_operation_s
+{
+ /** Unique ID indicating which driver got assigned to do the
+ * operation. Since driver contexts are driver-specific, swapping
+ * drivers halfway through the operation is not supported.
+ * ID values are auto-generated in psa_driver_wrappers.h
+ * ID value zero means the context is not valid or not assigned to
+ * any driver (i.e. none of the driver contexts are active). */
+ unsigned int id;
+ uint8_t mac_size;
+ unsigned int is_sign : 1;
+ psa_driver_mac_context_t ctx;
+};
+
+#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
+static inline struct psa_mac_operation_s psa_mac_operation_init( void )
+{
+ const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
+ return( v );
+}
+
struct psa_aead_operation_s
{
psa_algorithm_t alg;
@@ -184,12 +170,12 @@
return( v );
}
-#if defined(MBEDTLS_MD_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
typedef struct
{
uint8_t *info;
size_t info_length;
- psa_hmac_internal_data hmac;
+ psa_mac_operation_t hmac;
uint8_t prk[PSA_HASH_MAX_SIZE];
uint8_t output_block[PSA_HASH_MAX_SIZE];
#if PSA_HASH_MAX_SIZE > 0xff
@@ -200,9 +186,10 @@
unsigned int state : 2;
unsigned int info_set : 1;
} psa_hkdf_key_derivation_t;
-#endif /* MBEDTLS_MD_C */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */
-#if defined(MBEDTLS_MD_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
typedef enum
{
PSA_TLS12_PRF_STATE_INIT, /* no input provided */
@@ -227,17 +214,20 @@
psa_tls12_prf_key_derivation_state_t state;
+ uint8_t *secret;
+ size_t secret_length;
uint8_t *seed;
size_t seed_length;
uint8_t *label;
size_t label_length;
- psa_hmac_internal_data hmac;
+
uint8_t Ai[PSA_HASH_MAX_SIZE];
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
uint8_t output_block[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
-#endif /* MBEDTLS_MD_C */
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
+ * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
struct psa_key_derivation_s
{
@@ -248,8 +238,11 @@
{
/* Make the union non-empty even with no supported algorithms. */
uint8_t dummy;
-#if defined(MBEDTLS_MD_C)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
psa_hkdf_key_derivation_t hkdf;
+#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
psa_tls12_prf_key_derivation_t tls12_prf;
#endif
} ctx;
@@ -398,9 +391,19 @@
return( attributes->core.lifetime );
}
+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
+{
+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+
+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+}
+
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
{
+ psa_extend_key_usage_flags( &usage_flags );
attributes->core.policy.usage = usage_flags;
}
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 9bfd5ab..3c82f2a 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1487,6 +1487,20 @@
PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \
PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg))
+/** Whether the specified algorithm is a signature algorithm that can be used
+ * with psa_sign_message() and psa_verify_message().
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if alg is a signature algorithm that can be used to sign a
+ * message. 0 if \p alg is a signature algorithm that can only be used
+ * to sign an already-calculated hash. 0 if \p alg is not a signature
+ * algorithm. This macro can return either 0 or 1 if \p alg is not a
+ * supported algorithm identifier.
+ */
+#define PSA_ALG_IS_SIGN_MESSAGE(alg) \
+ (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA )
+
/** Get the hash used by a hash-and-sign signature algorithm.
*
* A hash-and-sign algorithm is a signature algorithm which is
@@ -1881,6 +1895,27 @@
(PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
PSA_KEY_PERSISTENCE_VOLATILE)
+/** Whether a key lifetime indicates that the key is read-only.
+ *
+ * Read-only keys cannot be created or destroyed through the PSA Crypto API.
+ * They must be created through platform-specific means that bypass the API.
+ *
+ * Some platforms may offer ways to destroy read-only keys. For example,
+ * consider a platform with multiple levels of privilege, where a
+ * low-privilege application can use a key but is not allowed to destroy
+ * it, and the platform exposes the key to the application with a read-only
+ * lifetime. High-privilege code can destroy the key even though the
+ * application sees the key as read-only.
+ *
+ * \param lifetime The lifetime value to query (value of type
+ * ::psa_key_lifetime_t).
+ *
+ * \return \c 1 if the key is read-only, otherwise \c 0.
+ */
+#define PSA_KEY_LIFETIME_IS_READ_ONLY(lifetime) \
+ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \
+ PSA_KEY_PERSISTENCE_READ_ONLY)
+
/** Construct a lifetime from a persistence level and a location.
*
* \param persistence The persistence level
@@ -2001,7 +2036,7 @@
*/
static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
{
- return( ( key.key_id == 0 ) && ( key.owner == 0 ) );
+ return( key.key_id == 0 );
}
#endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@@ -2065,6 +2100,26 @@
/** Whether the key may be used to sign a message.
*
+ * This flag allows the key to be used for a MAC calculation operation or for
+ * an asymmetric message signature operation, if otherwise permitted by the
+ * key’s type and policy.
+ *
+ * For a key pair, this concerns the private key.
+ */
+#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400)
+
+/** Whether the key may be used to verify a message.
+ *
+ * This flag allows the key to be used for a MAC verification operation or for
+ * an asymmetric message signature verification operation, if otherwise
+ * permitted by the key’s type and policy.
+ *
+ * For a key pair, this concerns the public key.
+ */
+#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800)
+
+/** Whether the key may be used to sign a message.
+ *
* This flag allows the key to be used for a MAC calculation operation
* or for an asymmetric signature operation,
* if otherwise permitted by the key's type and policy.
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 256feef..a69e733 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -69,6 +69,7 @@
psa_crypto_driver_wrappers.c
psa_crypto_ecp.c
psa_crypto_hash.c
+ psa_crypto_mac.c
psa_crypto_rsa.c
psa_crypto_se.c
psa_crypto_slot_management.c
@@ -201,15 +202,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.26.0 SOVERSION 6)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.27.0 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.26.0 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.27.0 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.26.0 SOVERSION 13)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.27.0 SOVERSION 13)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index f089e0b..6fdc927 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -41,7 +41,7 @@
SOEXT_TLS=so.13
SOEXT_X509=so.1
-SOEXT_CRYPTO=so.6
+SOEXT_CRYPTO=so.7
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
@@ -126,6 +126,7 @@
psa_crypto_driver_wrappers.o \
psa_crypto_ecp.o \
psa_crypto_hash.o \
+ psa_crypto_mac.o \
psa_crypto_rsa.o \
psa_crypto_se.o \
psa_crypto_slot_management.o \
diff --git a/library/aria.c b/library/aria.c
index 1875635..a5786b3 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -921,7 +921,7 @@
{ \
if( verbose ) \
mbedtls_printf( "failed\n" ); \
- return( 1 ); \
+ goto exit; \
} else { \
if( verbose ) \
mbedtls_printf( "passed\n" ); \
@@ -935,6 +935,7 @@
int i;
uint8_t blk[MBEDTLS_ARIA_BLOCKSIZE];
mbedtls_aria_context ctx;
+ int ret = 1;
#if (defined(MBEDTLS_CIPHER_MODE_CFB) || defined(MBEDTLS_CIPHER_MODE_CTR))
size_t j;
@@ -946,6 +947,8 @@
uint8_t buf[48], iv[MBEDTLS_ARIA_BLOCKSIZE];
#endif
+ mbedtls_aria_init( &ctx );
+
/*
* Test set 1
*/
@@ -1065,7 +1068,11 @@
mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_aria_free( &ctx );
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/bignum.c b/library/bignum.c
index e00204b..20afa22 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -181,8 +181,35 @@
return( 0 );
}
+/* Resize X to have exactly n limbs and set it to 0. */
+static int mbedtls_mpi_resize_clear( mbedtls_mpi *X, size_t limbs )
+{
+ if( limbs == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+ else if( X->n == limbs )
+ {
+ memset( X->p, 0, limbs * ciL );
+ X->s = 1;
+ return( 0 );
+ }
+ else
+ {
+ mbedtls_mpi_free( X );
+ return( mbedtls_mpi_grow( X, limbs ) );
+ }
+}
+
/*
- * Copy the contents of Y into X
+ * Copy the contents of Y into X.
+ *
+ * This function is not constant-time. Leading zeros in Y may be removed.
+ *
+ * Ensure that X does not shrink. This is not guaranteed by the public API,
+ * but some code in the bignum module relies on this property, for example
+ * in mbedtls_mpi_exp_mod().
*/
int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y )
{
@@ -196,7 +223,11 @@
if( Y->n == 0 )
{
- mbedtls_mpi_free( X );
+ if( X->n != 0 )
+ {
+ X->s = 1;
+ memset( X->p, 0, X->n * ciL );
+ }
return( 0 );
}
@@ -237,6 +268,36 @@
memcpy( Y, &T, sizeof( mbedtls_mpi ) );
}
+/**
+ * Select between two sign values in constant-time.
+ *
+ * This is functionally equivalent to second ? a : b but uses only bit
+ * operations in order to avoid branches.
+ *
+ * \param[in] a The first sign; must be either +1 or -1.
+ * \param[in] b The second sign; must be either +1 or -1.
+ * \param[in] second Must be either 1 (return b) or 0 (return a).
+ *
+ * \return The selected sign value.
+ */
+static int mpi_safe_cond_select_sign( int a, int b, unsigned char second )
+{
+ /* In order to avoid questions about what we can reasonnably assume about
+ * the representations of signed integers, move everything to unsigned
+ * by taking advantage of the fact that a and b are either +1 or -1. */
+ unsigned ua = a + 1;
+ unsigned ub = b + 1;
+
+ /* second was 0 or 1, mask is 0 or 2 as are ua and ub */
+ const unsigned mask = second << 1;
+
+ /* select ua or ub */
+ unsigned ur = ( ua & ~mask ) | ( ub & mask );
+
+ /* ur is now 0 or 2, convert back to -1 or +1 */
+ return( (int) ur - 1 );
+}
+
/*
* Conditionally assign dest = src, without leaking information
* about whether the assignment was made or not.
@@ -249,8 +310,23 @@
unsigned char assign )
{
size_t i;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
+ const mbedtls_mpi_uint mask = -assign;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
for( i = 0; i < n; i++ )
- dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign;
+ dest[i] = ( src[i] & mask ) | ( dest[i] & ~mask );
}
/*
@@ -262,20 +338,34 @@
{
int ret = 0;
size_t i;
+ mbedtls_mpi_uint limb_mask;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( Y != NULL );
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
/* make sure assign is 0 or 1 in a time-constant manner */
- assign = (assign | (unsigned char)-assign) >> 7;
+ assign = (assign | (unsigned char)-assign) >> (sizeof( assign ) * 8 - 1);
+ /* all-bits 1 if assign is 1, all-bits 0 if assign is 0 */
+ limb_mask = -assign;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
- X->s = X->s * ( 1 - assign ) + Y->s * assign;
+ X->s = mpi_safe_cond_select_sign( X->s, Y->s, assign );
mpi_safe_cond_assign( Y->n, X->p, Y->p, assign );
for( i = Y->n; i < X->n; i++ )
- X->p[i] *= ( 1 - assign );
+ X->p[i] &= ~limb_mask;
cleanup:
return( ret );
@@ -291,6 +381,7 @@
{
int ret, s;
size_t i;
+ mbedtls_mpi_uint limb_mask;
mbedtls_mpi_uint tmp;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( Y != NULL );
@@ -298,22 +389,35 @@
if( X == Y )
return( 0 );
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
/* make sure swap is 0 or 1 in a time-constant manner */
- swap = (swap | (unsigned char)-swap) >> 7;
+ swap = (swap | (unsigned char)-swap) >> (sizeof( swap ) * 8 - 1);
+ /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
+ limb_mask = -swap;
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, Y->n ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( Y, X->n ) );
s = X->s;
- X->s = X->s * ( 1 - swap ) + Y->s * swap;
- Y->s = Y->s * ( 1 - swap ) + s * swap;
+ X->s = mpi_safe_cond_select_sign( X->s, Y->s, swap );
+ Y->s = mpi_safe_cond_select_sign( Y->s, s, swap );
for( i = 0; i < X->n; i++ )
{
tmp = X->p[i];
- X->p[i] = X->p[i] * ( 1 - swap ) + Y->p[i] * swap;
- Y->p[i] = Y->p[i] * ( 1 - swap ) + tmp * swap;
+ X->p[i] = ( X->p[i] & ~limb_mask ) | ( Y->p[i] & limb_mask );
+ Y->p[i] = ( Y->p[i] & ~limb_mask ) | ( tmp & limb_mask );
}
cleanup:
@@ -481,6 +585,12 @@
mbedtls_mpi_init( &T );
+ if( s[0] == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+
if( s[0] == '-' )
{
++s;
@@ -838,14 +948,7 @@
size_t const limbs = CHARS_TO_LIMBS( buflen );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
- }
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
for( i = 0; i < buflen; i++ )
X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
@@ -874,17 +977,11 @@
MPI_VALIDATE_RET( buflen == 0 || buf != NULL );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
- }
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
- /* Avoid calling `memcpy` with NULL source argument,
+ /* Avoid calling `memcpy` with NULL source or destination argument,
* even if buflen is 0. */
- if( buf != NULL )
+ if( buflen != 0 )
{
Xp = (unsigned char*) X->p;
memcpy( Xp + overhead, buf, buflen );
@@ -1617,6 +1714,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, j;
mbedtls_mpi TA, TB;
+ int result_is_zero = 0;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
@@ -1629,10 +1727,14 @@
for( i = A->n; i > 0; i-- )
if( A->p[i - 1] != 0 )
break;
+ if( i == 0 )
+ result_is_zero = 1;
for( j = B->n; j > 0; j-- )
if( B->p[j - 1] != 0 )
break;
+ if( j == 0 )
+ result_is_zero = 1;
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, i + j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
@@ -1640,7 +1742,14 @@
for( ; j > 0; j-- )
mpi_mul_hlp( i, A->p, X->p + j - 1, B->p[j - 1] );
- X->s = A->s * B->s;
+ /* If the result is 0, we don't shortcut the operation, which reduces
+ * but does not eliminate side channels leaking the zero-ness. We do
+ * need to take care to set the sign bit properly since the library does
+ * not fully support an MPI object with a value of 0 and s == -1. */
+ if( result_is_zero )
+ X->s = 1;
+ else
+ X->s = A->s * B->s;
cleanup:
@@ -2119,6 +2228,71 @@
}
/*
+ * Constant-flow boolean "equal" comparison:
+ * return x == y
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations - it can be used in conjunction with
+ * mbedtls_ssl_cf_mask_from_bit().
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+static size_t mbedtls_mpi_cf_bool_eq( size_t x, size_t y )
+{
+ /* diff = 0 if x == y, non-zero otherwise */
+ const size_t diff = x ^ y;
+
+ /* MSVC has a warning about unary minus on unsigned integer types,
+ * but this is well-defined and precisely what we want to do here. */
+#if defined(_MSC_VER)
+#pragma warning( push )
+#pragma warning( disable : 4146 )
+#endif
+
+ /* diff_msb's most significant bit is equal to x != y */
+ const size_t diff_msb = ( diff | (size_t) -diff );
+
+#if defined(_MSC_VER)
+#pragma warning( pop )
+#endif
+
+ /* diff1 = (x != y) ? 1 : 0 */
+ const size_t diff1 = diff_msb >> ( sizeof( diff_msb ) * 8 - 1 );
+
+ return( 1 ^ diff1 );
+}
+
+/**
+ * Select an MPI from a table without leaking the index.
+ *
+ * This is functionally equivalent to mbedtls_mpi_copy(R, T[idx]) except it
+ * reads the entire table in order to avoid leaking the value of idx to an
+ * attacker able to observe memory access patterns.
+ *
+ * \param[out] R Where to write the selected MPI.
+ * \param[in] T The table to read from.
+ * \param[in] T_size The number of elements in the table.
+ * \param[in] idx The index of the element to select;
+ * this must satisfy 0 <= idx < T_size.
+ *
+ * \return \c 0 on success, or a negative error code.
+ */
+static int mpi_select( mbedtls_mpi *R, const mbedtls_mpi *T, size_t T_size, size_t idx )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ for( size_t i = 0; i < T_size; i++ )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_safe_cond_assign( R, &T[i],
+ (unsigned char) mbedtls_mpi_cf_bool_eq( i, idx ) ) );
+ }
+
+cleanup:
+ return( ret );
+}
+
+/*
* Sliding-window exponentiation: X = A^E mod N (HAC 14.85)
*/
int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
@@ -2130,7 +2304,7 @@
size_t i, j, nblimbs;
size_t bufsize, nbits;
mbedtls_mpi_uint ei, mm, state;
- mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], Apos;
+ mbedtls_mpi RR, T, W[ 1 << MBEDTLS_MPI_WINDOW_SIZE ], WW, Apos;
int neg;
MPI_VALIDATE_RET( X != NULL );
@@ -2154,6 +2328,7 @@
mpi_montg_init( &mm, N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &T );
mbedtls_mpi_init( &Apos );
+ mbedtls_mpi_init( &WW );
memset( W, 0, sizeof( W ) );
i = mbedtls_mpi_bitlen( E );
@@ -2167,6 +2342,11 @@
#endif
j = N->n + 1;
+ /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
+ * and mpi_montred() calls later. Here we ensure that W[1] and X are
+ * large enough, and later we'll grow other W[i] to the same length.
+ * They must not be shrunk midway through this function!
+ */
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], j ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T, j * 2 ) );
@@ -2201,10 +2381,18 @@
* W[1] = A * R^2 * R^-1 mod N = A * R mod N
*/
if( mbedtls_mpi_cmp_mpi( A, N ) >= 0 )
+ {
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &W[1], A, N ) );
+ /* This should be a no-op because W[1] is already that large before
+ * mbedtls_mpi_mod_mpi(), but it's necessary to avoid an overflow
+ * in mpi_montmul() below, so let's make sure. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[1], N->n + 1 ) );
+ }
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) );
+ /* Note that this is safe because W[1] always has at least N->n limbs
+ * (it grew above and was preserved by mbedtls_mpi_copy()). */
mpi_montmul( &W[1], &RR, N, mm, &T );
/*
@@ -2294,7 +2482,8 @@
/*
* X = X * W[wbits] R^-1 mod N
*/
- mpi_montmul( X, &W[wbits], N, mm, &T );
+ MBEDTLS_MPI_CHK( mpi_select( &WW, W, (size_t) 1 << wsize, wbits ) );
+ mpi_montmul( X, &WW, N, mm, &T );
state--;
nbits = 0;
@@ -2332,6 +2521,7 @@
mbedtls_mpi_free( &W[i] );
mbedtls_mpi_free( &W[1] ); mbedtls_mpi_free( &T ); mbedtls_mpi_free( &Apos );
+ mbedtls_mpi_free( &WW );
if( _RR == NULL || _RR->p == NULL )
mbedtls_mpi_free( &RR );
@@ -2360,19 +2550,67 @@
lz = mbedtls_mpi_lsb( &TA );
lzt = mbedtls_mpi_lsb( &TB );
+ /* The loop below gives the correct result when A==0 but not when B==0.
+ * So have a special case for B==0. Leverage the fact that we just
+ * calculated the lsb and lsb(B)==0 iff B is odd or 0 to make the test
+ * slightly more efficient than cmp_int(). */
+ if( lzt == 0 && mbedtls_mpi_get_bit( &TB, 0 ) == 0 )
+ {
+ ret = mbedtls_mpi_copy( G, A );
+ goto cleanup;
+ }
+
if( lzt < lz )
lz = lzt;
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, lz ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, lz ) );
-
TA.s = TB.s = 1;
+ /* We mostly follow the procedure described in HAC 14.54, but with some
+ * minor differences:
+ * - Sequences of multiplications or divisions by 2 are grouped into a
+ * single shift operation.
+ * - The procedure in HAC assumes that 0 < TB <= TA.
+ * - The condition TB <= TA is not actually necessary for correctness.
+ * TA and TB have symmetric roles except for the loop termination
+ * condition, and the shifts at the beginning of the loop body
+ * remove any significance from the ordering of TA vs TB before
+ * the shifts.
+ * - If TA = 0, the loop goes through 0 iterations and the result is
+ * correctly TB.
+ * - The case TB = 0 was short-circuited above.
+ *
+ * For the correctness proof below, decompose the original values of
+ * A and B as
+ * A = sa * 2^a * A' with A'=0 or A' odd, and sa = +-1
+ * B = sb * 2^b * B' with B'=0 or B' odd, and sb = +-1
+ * Then gcd(A, B) = 2^{min(a,b)} * gcd(A',B'),
+ * and gcd(A',B') is odd or 0.
+ *
+ * At the beginning, we have TA = |A| and TB = |B| so gcd(A,B) = gcd(TA,TB).
+ * The code maintains the following invariant:
+ * gcd(A,B) = 2^k * gcd(TA,TB) for some k (I)
+ */
+
+ /* Proof that the loop terminates:
+ * At each iteration, either the right-shift by 1 is made on a nonzero
+ * value and the nonnegative integer bitlen(TA) + bitlen(TB) decreases
+ * by at least 1, or the right-shift by 1 is made on zero and then
+ * TA becomes 0 which ends the loop (TB cannot be 0 if it is right-shifted
+ * since in that case TB is calculated from TB-TA with the condition TB>TA).
+ */
while( mbedtls_mpi_cmp_int( &TA, 0 ) != 0 )
{
+ /* Divisions by 2 preserve the invariant (I). */
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TA, mbedtls_mpi_lsb( &TA ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, mbedtls_mpi_lsb( &TB ) ) );
+ /* Set either TA or TB to |TA-TB|/2. Since TA and TB are both odd,
+ * TA-TB is even so the division by 2 has an integer result.
+ * Invariant (I) is preserved since any odd divisor of both TA and TB
+ * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2
+ * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also
+ * divides TA.
+ */
if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TA, &TA, &TB ) );
@@ -2383,8 +2621,18 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( &TB, &TB, &TA ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &TB, 1 ) );
}
+ /* Note that one of TA or TB is still odd. */
}
+ /* By invariant (I), gcd(A,B) = 2^k * gcd(TA,TB) for some k.
+ * At the loop exit, TA = 0, so gcd(TA,TB) = TB.
+ * - If there was at least one loop iteration, then one of TA or TB is odd,
+ * and TA = 0, so TB is odd and gcd(TA,TB) = gcd(A',B'). In this case,
+ * lz = min(a,b) so gcd(A,B) = 2^lz * TB.
+ * - If there was no loop iteration, then A was 0, and gcd(A,B) = B.
+ * In this case, lz = 0 and B = TB so gcd(A,B) = B = 2^lz * TB as well.
+ */
+
MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &TB, lz ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( G, &TB ) );
@@ -2395,6 +2643,33 @@
return( ret );
}
+/* Fill X with n_bytes random bytes.
+ * X must already have room for those bytes.
+ * The ordering of the bytes returned from the RNG is suitable for
+ * deterministic ECDSA (see RFC 6979 §3.3 and mbedtls_mpi_random()).
+ * The size and sign of X are unchanged.
+ * n_bytes must not be 0.
+ */
+static int mpi_fill_random_internal(
+ mbedtls_mpi *X, size_t n_bytes,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ const size_t limbs = CHARS_TO_LIMBS( n_bytes );
+ const size_t overhead = ( limbs * ciL ) - n_bytes;
+
+ if( X->n < limbs )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+ memset( X->p, 0, overhead );
+ memset( (unsigned char *) X->p + limbs * ciL, 0, ( X->n - limbs ) * ciL );
+ MBEDTLS_MPI_CHK( f_rng( p_rng, (unsigned char *) X->p + overhead, n_bytes ) );
+ mpi_bigendian_to_host( X->p, limbs );
+
+cleanup:
+ return( ret );
+}
+
/*
* Fill X with size bytes of random.
*
@@ -2408,30 +2683,96 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t const limbs = CHARS_TO_LIMBS( size );
- size_t const overhead = ( limbs * ciL ) - size;
- unsigned char *Xp;
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( f_rng != NULL );
/* Ensure that target MPI has exactly the necessary number of limbs */
- if( X->n != limbs )
- {
- mbedtls_mpi_free( X );
- mbedtls_mpi_init( X );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
- }
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, limbs ) );
+ if( size == 0 )
+ return( 0 );
- Xp = (unsigned char*) X->p;
- MBEDTLS_MPI_CHK( f_rng( p_rng, Xp + overhead, size ) );
-
- mpi_bigendian_to_host( X->p, limbs );
+ ret = mpi_fill_random_internal( X, size, f_rng, p_rng );
cleanup:
return( ret );
}
+int mbedtls_mpi_random( mbedtls_mpi *X,
+ mbedtls_mpi_sint min,
+ const mbedtls_mpi *N,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+ int count;
+ unsigned lt_lower = 1, lt_upper = 0;
+ size_t n_bits = mbedtls_mpi_bitlen( N );
+ size_t n_bytes = ( n_bits + 7 ) / 8;
+ mbedtls_mpi lower_bound;
+
+ if( min < 0 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+ if( mbedtls_mpi_cmp_int( N, min ) <= 0 )
+ return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+
+ /*
+ * When min == 0, each try has at worst a probability 1/2 of failing
+ * (the msb has a probability 1/2 of being 0, and then the result will
+ * be < N), so after 30 tries failure probability is a most 2**(-30).
+ *
+ * When N is just below a power of 2, as is the case when generating
+ * a random scalar on most elliptic curves, 1 try is enough with
+ * overwhelming probability. When N is just above a power of 2,
+ * as when generating a random scalar on secp224k1, each try has
+ * a probability of failing that is almost 1/2.
+ *
+ * The probabilities are almost the same if min is nonzero but negligible
+ * compared to N. This is always the case when N is crypto-sized, but
+ * it's convenient to support small N for testing purposes. When N
+ * is small, use a higher repeat count, otherwise the probability of
+ * failure is macroscopic.
+ */
+ count = ( n_bytes > 4 ? 30 : 250 );
+
+ mbedtls_mpi_init( &lower_bound );
+
+ /* Ensure that target MPI has exactly the same number of limbs
+ * as the upper bound, even if the upper bound has leading zeros.
+ * This is necessary for the mbedtls_mpi_lt_mpi_ct() check. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_resize_clear( X, N->n ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &lower_bound, N->n ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &lower_bound, min ) );
+
+ /*
+ * Match the procedure given in RFC 6979 §3.3 (deterministic ECDSA)
+ * when f_rng is a suitably parametrized instance of HMAC_DRBG:
+ * - use the same byte ordering;
+ * - keep the leftmost n_bits bits of the generated octet string;
+ * - try until result is in the desired range.
+ * This also avoids any bias, which is especially important for ECDSA.
+ */
+ do
+ {
+ MBEDTLS_MPI_CHK( mpi_fill_random_internal( X, n_bytes, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( X, 8 * n_bytes - n_bits ) );
+
+ if( --count == 0 )
+ {
+ ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, &lower_bound, <_lower ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( X, N, <_upper ) );
+ }
+ while( lt_lower != 0 || lt_upper == 0 );
+
+cleanup:
+ mbedtls_mpi_free( &lower_bound );
+ return( ret );
+}
+
/*
* Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
*/
diff --git a/library/camellia.c b/library/camellia.c
index d60f931..f7e0136 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -942,9 +942,11 @@
unsigned char nonce_counter[16];
unsigned char stream_block[16];
#endif
+ int ret = 1;
mbedtls_camellia_context ctx;
+ mbedtls_camellia_init( &ctx );
memset( key, 0, 32 );
for( j = 0; j < 6; j++ ) {
@@ -974,8 +976,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1027,8 +1028,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1071,8 +1071,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
else
@@ -1087,8 +1086,7 @@
{
if( verbose != 0 )
mbedtls_printf( "failed\n" );
-
- return( 1 );
+ goto exit;
}
}
@@ -1100,7 +1098,11 @@
mbedtls_printf( "\n" );
#endif /* MBEDTLS_CIPHER_MODE_CTR */
- return( 0 );
+ ret = 0;
+
+exit:
+ mbedtls_camellia_free( &ctx );
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST */
diff --git a/library/debug.c b/library/debug.c
index e91d1ad..e108600 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -220,8 +220,8 @@
const char *text, const mbedtls_mpi *X )
{
char str[DEBUG_BUF_SIZE];
- int j, k, zeros = 1;
- size_t i, n, idx = 0;
+ size_t bitlen;
+ size_t idx = 0;
if( NULL == ssl ||
NULL == ssl->conf ||
@@ -232,55 +232,43 @@
return;
}
- for( n = X->n - 1; n > 0; n-- )
- if( X->p[n] != 0 )
- break;
+ bitlen = mbedtls_mpi_bitlen( X );
- for( j = ( sizeof(mbedtls_mpi_uint) << 3 ) - 1; j >= 0; j-- )
- if( ( ( X->p[n] >> j ) & 1 ) != 0 )
- break;
-
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "value of '%s' (%d bits) is:\n",
- text, (int) ( ( n * ( sizeof(mbedtls_mpi_uint) << 3 ) ) + j + 1 ) );
-
+ mbedtls_snprintf( str, sizeof( str ), "value of '%s' (%u bits) is:\n",
+ text, (unsigned) bitlen );
debug_send_line( ssl, level, file, line, str );
- idx = 0;
- for( i = n + 1, j = 0; i > 0; i-- )
+ if( bitlen == 0 )
{
- if( zeros && X->p[i - 1] == 0 )
- continue;
-
- for( k = sizeof( mbedtls_mpi_uint ) - 1; k >= 0; k-- )
+ str[0] = ' '; str[1] = '0'; str[2] = '0';
+ idx = 3;
+ }
+ else
+ {
+ int n;
+ for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
{
- if( zeros && ( ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF ) == 0 )
- continue;
- else
- zeros = 0;
-
- if( j % 16 == 0 )
+ size_t limb_offset = n / sizeof( mbedtls_mpi_uint );
+ size_t offset_in_limb = n % sizeof( mbedtls_mpi_uint );
+ unsigned char octet =
+ ( X->p[limb_offset] >> ( offset_in_limb * 8 ) ) & 0xff;
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", octet );
+ idx += 3;
+ /* Wrap lines after 16 octets that each take 3 columns */
+ if( idx >= 3 * 16 )
{
- if( j > 0 )
- {
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
- idx = 0;
- }
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+ debug_send_line( ssl, level, file, line, str );
+ idx = 0;
}
-
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " %02x", (unsigned int)
- ( X->p[i - 1] >> ( k << 3 ) ) & 0xFF );
-
- j++;
}
-
}
- if( zeros == 1 )
- idx += mbedtls_snprintf( str + idx, sizeof( str ) - idx, " 00" );
-
- mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
- debug_send_line( ssl, level, file, line, str );
+ if( idx != 0 )
+ {
+ mbedtls_snprintf( str + idx, sizeof( str ) - idx, "\n" );
+ debug_send_line( ssl, level, file, line, str );
+ }
}
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/library/dhm.c b/library/dhm.c
index 9758af7..accd5a8 100644
--- a/library/dhm.c
+++ b/library/dhm.c
@@ -100,22 +100,21 @@
*/
static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
{
- mbedtls_mpi L, U;
+ mbedtls_mpi U;
int ret = 0;
- mbedtls_mpi_init( &L ); mbedtls_mpi_init( &U );
+ mbedtls_mpi_init( &U );
- MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &L, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &U, P, 2 ) );
- if( mbedtls_mpi_cmp_mpi( param, &L ) < 0 ||
+ if( mbedtls_mpi_cmp_int( param, 2 ) < 0 ||
mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
{
ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
}
cleanup:
- mbedtls_mpi_free( &L ); mbedtls_mpi_free( &U );
+ mbedtls_mpi_free( &U );
return( ret );
}
@@ -151,38 +150,44 @@
}
/*
- * Setup and write the ServerKeyExchange parameters
+ * Pick a random R in the range [2, M-2] for blinding or key generation.
*/
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
- unsigned char *output, size_t *olen,
- int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng )
+static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret, count = 0;
- size_t n1, n2, n3;
- unsigned char *p;
- DHM_VALIDATE_RET( ctx != NULL );
- DHM_VALIDATE_RET( output != NULL );
- DHM_VALIDATE_RET( olen != NULL );
- DHM_VALIDATE_RET( f_rng != NULL );
+ int ret;
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( R, 3, M, f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( R, R, 1 ) );
+
+cleanup:
+ return( ret );
+}
+
+static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = 0;
if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+ if( x_size < 0 )
+ return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
- /*
- * Generate X as large as possible ( < P )
- */
- do
+ if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
}
- while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
+ else
+ {
+ /* Generate X as large as possible ( <= P - 2 ) */
+ ret = dhm_random_below( &ctx->X, &ctx->P, f_rng, p_rng );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
+ if( ret != 0 )
+ return( ret );
+ }
/*
* Calculate GX = G^X mod P
@@ -193,8 +198,33 @@
if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
return( ret );
+cleanup:
+ return( ret );
+}
+
+/*
+ * Setup and write the ServerKeyExchange parameters
+ */
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
+ unsigned char *output, size_t *olen,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret;
+ size_t n1, n2, n3;
+ unsigned char *p;
+ DHM_VALIDATE_RET( ctx != NULL );
+ DHM_VALIDATE_RET( output != NULL );
+ DHM_VALIDATE_RET( olen != NULL );
+ DHM_VALIDATE_RET( f_rng != NULL );
+
+ ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
+ if( ret != 0 )
+ goto cleanup;
+
/*
- * export P, G, GX
+ * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
+ * not required". We omit leading zeros for compactness.
*/
#define DHM_MPI_EXPORT( X, n ) \
do { \
@@ -220,11 +250,9 @@
ctx->len = n1;
cleanup:
-
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ) );
-
- return( 0 );
+ if( ret != 0 && ret > -128 )
+ ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret );
+ return( ret );
}
/*
@@ -276,7 +304,7 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret, count = 0;
+ int ret;
DHM_VALIDATE_RET( ctx != NULL );
DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( f_rng != NULL );
@@ -284,62 +312,17 @@
if( olen < 1 || olen > ctx->len )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
- if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
- return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
- /*
- * generate X and calculate GX = G^X mod P
- */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
- }
- while( dhm_check_range( &ctx->X, &ctx->P ) != 0 );
-
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->GX, &ctx->G, &ctx->X,
- &ctx->P , &ctx->RP ) );
-
- if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
- return( ret );
+ ret = dhm_make_common( ctx, x_size, f_rng, p_rng );
+ if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
+ return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
+ if( ret != 0 )
+ goto cleanup;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->GX, output, olen ) );
cleanup:
-
- if( ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret ) );
-
- return( 0 );
-}
-
-/*
- * Pick a random R in the range [2, M) for blinding purposes
- */
-static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
-{
- int ret, count;
-
- count = 0;
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( R, mbedtls_mpi_size( M ), f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( R, M ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( R, 1 ) );
-
- if( count++ > 10 )
- return( MBEDTLS_ERR_MPI_NOT_ACCEPTABLE );
- }
- while( mbedtls_mpi_cmp_int( R, 1 ) <= 0 );
-
-cleanup:
+ if( ret != 0 && ret > -128 )
+ ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret );
return( ret );
}
@@ -390,7 +373,7 @@
* We need to generate blinding values from scratch
*/
- /* Vi = random( 2, P-1 ) */
+ /* Vi = random( 2, P-2 ) */
MBEDTLS_MPI_CHK( dhm_random_below( &ctx->Vi, &ctx->P, f_rng, p_rng ) );
/* Vf = Vi^-X mod P
@@ -454,8 +437,9 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
}
+ /* Output the secret without any leading zero byte. This is mandatory
+ * for TLS per RFC 5246 §8.1.2. */
*olen = mbedtls_mpi_size( &ctx->K );
-
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->K, output, *olen ) );
cleanup:
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 7f259e1..640eb24 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -726,7 +726,7 @@
unsigned char *sig, size_t *slen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
+ unsigned char buf[MBEDTLS_ECDSA_MAX_LEN] = {0};
unsigned char *p = buf + sizeof( buf );
size_t len = 0;
diff --git a/library/ecp.c b/library/ecp.c
index 6b29415..ca49f99 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -76,6 +76,7 @@
#include "mbedtls/threading.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/bn_mul.h"
#include "ecp_invasive.h"
@@ -1701,26 +1702,11 @@
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l, ll;
- int count = 0;
- size_t p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
/* Generate l such that 1 < l < p */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
- if( count++ > 10 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
/* Z = l * Z */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &pt->Z, &pt->Z, &l ) );
@@ -1736,6 +1722,8 @@
cleanup:
mbedtls_mpi_free( &l ); mbedtls_mpi_free( &ll );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) */
}
@@ -2485,25 +2473,10 @@
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_mpi l;
- int count = 0;
- size_t p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l );
/* Generate l such that 1 < l < p */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) );
-
- while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) );
-
- if( count++ > 10 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_random( &l, 2, &grp->P, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->X, &P->X, &l ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mod( grp, &P->Z, &P->Z, &l ) );
@@ -2511,6 +2484,8 @@
cleanup:
mbedtls_mpi_free( &l );
+ if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+ ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
return( ret );
#endif /* !defined(MBEDTLS_ECP_NO_FALLBACK) || !defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) */
}
@@ -2961,6 +2936,97 @@
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
+#define ECP_MPI_INIT_ARRAY(x) \
+ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
+/*
+ * Constants for the two points other than 0, 1, -1 (mod p) in
+ * https://cr.yp.to/ecdh.html#validate
+ * See ecp_check_pubkey_x25519().
+ */
+static const mbedtls_mpi_uint x25519_bad_point_1[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 ),
+};
+static const mbedtls_mpi_uint x25519_bad_point_2[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 ),
+};
+static const mbedtls_mpi ecp_x25519_bad_point_1 = ECP_MPI_INIT_ARRAY(
+ x25519_bad_point_1 );
+static const mbedtls_mpi ecp_x25519_bad_point_2 = ECP_MPI_INIT_ARRAY(
+ x25519_bad_point_2 );
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+/*
+ * Check that the input point is not one of the low-order points.
+ * This is recommended by the "May the Fourth" paper:
+ * https://eprint.iacr.org/2017/806.pdf
+ * Those points are never sent by an honest peer.
+ */
+static int ecp_check_bad_points_mx( const mbedtls_mpi *X, const mbedtls_mpi *P,
+ const mbedtls_ecp_group_id grp_id )
+{
+ int ret;
+ mbedtls_mpi XmP;
+
+ mbedtls_mpi_init( &XmP );
+
+ /* Reduce X mod P so that we only need to check values less than P.
+ * We know X < 2^256 so we can proceed by subtraction. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &XmP, X ) );
+ while( mbedtls_mpi_cmp_mpi( &XmP, P ) >= 0 )
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &XmP, &XmP, P ) );
+
+ /* Check against the known bad values that are less than P. For Curve448
+ * these are 0, 1 and -1. For Curve25519 we check the values less than P
+ * from the following list: https://cr.yp.to/ecdh.html#validate */
+ if( mbedtls_mpi_cmp_int( &XmP, 1 ) <= 0 ) /* takes care of 0 and 1 */
+ {
+ ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+ goto cleanup;
+ }
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
+ {
+ if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_1 ) == 0 )
+ {
+ ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+ goto cleanup;
+ }
+
+ if( mbedtls_mpi_cmp_mpi( &XmP, &ecp_x25519_bad_point_2 ) == 0 )
+ {
+ ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+ goto cleanup;
+ }
+ }
+#else
+ (void) grp_id;
+#endif
+
+ /* Final check: check if XmP + 1 is P (final because it changes XmP!) */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &XmP, &XmP, 1 ) );
+ if( mbedtls_mpi_cmp_mpi( &XmP, P ) == 0 )
+ {
+ ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ mbedtls_mpi_free( &XmP );
+
+ return( ret );
+}
+
/*
* Check validity of a public key for Montgomery curves with x-only schemes
*/
@@ -2972,7 +3038,13 @@
if( mbedtls_mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
return( MBEDTLS_ERR_ECP_INVALID_KEY );
- return( 0 );
+ /* Implicit in all standards (as they don't consider negative numbers):
+ * X must be non-negative. This is normally ensured by the way it's
+ * encoded for transmission, but let's be extra sure. */
+ if( mbedtls_mpi_cmp_int( &pt->X, 0 ) < 0 )
+ return( MBEDTLS_ERR_ECP_INVALID_KEY );
+
+ return( ecp_check_bad_points_mx( &pt->X, &grp->P, grp->id ) );
}
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
@@ -3040,6 +3112,56 @@
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
+#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_gen_privkey_mx( size_t high_bit,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
+{
+ int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ size_t n_random_bytes = high_bit / 8 + 1;
+
+ /* [Curve25519] page 5 */
+ /* Generate a (high_bit+1)-bit random number by generating just enough
+ * random bytes, then shifting out extra bits from the top (necessary
+ * when (high_bit+1) is not a multiple of 8). */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_random_bytes,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_random_bytes - high_bit - 1 ) );
+
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, high_bit, 1 ) );
+
+ /* Make sure the last two bits are unset for Curve448, three bits for
+ Curve25519 */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
+ if( high_bit == 254 )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
+ }
+
+cleanup:
+ return( ret );
+}
+#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
+
+#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
+static int mbedtls_ecp_gen_privkey_sw(
+ const mbedtls_mpi *N, mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret = mbedtls_mpi_random( d, 1, N, f_rng, p_rng );
+ switch( ret )
+ {
+ case MBEDTLS_ERR_MPI_NOT_ACCEPTABLE:
+ return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+ default:
+ return( ret );
+ }
+}
+#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
+
/*
* Generate a private key
*/
@@ -3048,89 +3170,21 @@
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
- int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
- size_t n_size;
-
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( d != NULL );
ECP_VALIDATE_RET( f_rng != NULL );
- n_size = ( grp->nbits + 7 ) / 8;
-
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
- {
- /* [M225] page 5 */
- size_t b;
-
- do {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
- } while( mbedtls_mpi_bitlen( d ) == 0);
-
- /* Make sure the most significant bit is nbits */
- b = mbedtls_mpi_bitlen( d ) - 1; /* mbedtls_mpi_bitlen is one-based */
- if( b > grp->nbits )
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, b - grp->nbits ) );
- else
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, grp->nbits, 1 ) );
-
- /* Make sure the last two bits are unset for Curve448, three bits for
- Curve25519 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 0, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 1, 0 ) );
- if( grp->nbits == 254 )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( d, 2, 0 ) );
- }
- }
+ return( mbedtls_ecp_gen_privkey_mx( grp->nbits, d, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
- {
- /* SEC1 3.2.1: Generate d such that 1 <= n < N */
- int count = 0;
- unsigned cmp = 0;
-
- /*
- * Match the procedure given in RFC 6979 (deterministic ECDSA):
- * - use the same byte ordering;
- * - keep the leftmost nbits bits of the generated octet string;
- * - try until result is in the desired range.
- * This also avoids any biais, which is especially important for ECDSA.
- */
- do
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( d, n_size, f_rng, p_rng ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( d, 8 * n_size - grp->nbits ) );
-
- /*
- * Each try has at worst a probability 1/2 of failing (the msb has
- * a probability 1/2 of being 0, and then the result will be < N),
- * so after 30 tries failure probability is a most 2**(-30).
- *
- * For most curves, 1 try is enough with overwhelming probability,
- * since N starts with a lot of 1s in binary, but some curves
- * such as secp224k1 are actually very close to the worst case.
- */
- if( ++count > 30 )
- {
- ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
- goto cleanup;
- }
-
- ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp );
- if( ret != 0 )
- {
- goto cleanup;
- }
- }
- while( mbedtls_mpi_cmp_int( d, 1 ) < 0 || cmp != 1 );
- }
+ return( mbedtls_ecp_gen_privkey_sw( &grp->N, d, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
-cleanup:
- return( ret );
+ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
/*
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 165c315..ff26a18 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -24,6 +24,7 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/bn_mul.h"
#include "ecp_invasive.h"
@@ -42,44 +43,10 @@
#define inline __inline
#endif
-/*
- * Conversion macros for embedded constants:
- * build lists of mbedtls_mpi_uint's from lists of unsigned char's grouped by 8, 4 or 2
- */
-#if defined(MBEDTLS_HAVE_INT32)
+#define ECP_MPI_INIT(s, n, p) {s, (n), (mbedtls_mpi_uint *)(p)}
-#define BYTES_TO_T_UINT_4( a, b, c, d ) \
- ( (mbedtls_mpi_uint) (a) << 0 ) | \
- ( (mbedtls_mpi_uint) (b) << 8 ) | \
- ( (mbedtls_mpi_uint) (c) << 16 ) | \
- ( (mbedtls_mpi_uint) (d) << 24 )
-
-#define BYTES_TO_T_UINT_2( a, b ) \
- BYTES_TO_T_UINT_4( a, b, 0, 0 )
-
-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
- BYTES_TO_T_UINT_4( a, b, c, d ), \
- BYTES_TO_T_UINT_4( e, f, g, h )
-
-#else /* 64-bits */
-
-#define BYTES_TO_T_UINT_8( a, b, c, d, e, f, g, h ) \
- ( (mbedtls_mpi_uint) (a) << 0 ) | \
- ( (mbedtls_mpi_uint) (b) << 8 ) | \
- ( (mbedtls_mpi_uint) (c) << 16 ) | \
- ( (mbedtls_mpi_uint) (d) << 24 ) | \
- ( (mbedtls_mpi_uint) (e) << 32 ) | \
- ( (mbedtls_mpi_uint) (f) << 40 ) | \
- ( (mbedtls_mpi_uint) (g) << 48 ) | \
- ( (mbedtls_mpi_uint) (h) << 56 )
-
-#define BYTES_TO_T_UINT_4( a, b, c, d ) \
- BYTES_TO_T_UINT_8( a, b, c, d, 0, 0, 0, 0 )
-
-#define BYTES_TO_T_UINT_2( a, b ) \
- BYTES_TO_T_UINT_8( a, b, 0, 0, 0, 0, 0, 0 )
-
-#endif /* bits in mbedtls_mpi_uint */
+#define ECP_MPI_INIT_ARRAY(x) \
+ ECP_MPI_INIT(1, sizeof(x) / sizeof(mbedtls_mpi_uint), x)
/*
* Note: the constants are in little-endian order
@@ -91,29 +58,29 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
static const mbedtls_mpi_uint secp192r1_p[] = {
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp192r1_b[] = {
- BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
- BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
- BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB1, 0xB9, 0x46, 0xC1, 0xEC, 0xDE, 0xB8, 0xFE ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x49, 0x30, 0x24, 0x72, 0xAB, 0xE9, 0xA7, 0x0F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x80, 0x9C, 0xE5, 0x19, 0x05, 0x21, 0x64 ),
};
static const mbedtls_mpi_uint secp192r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
- BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
- BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x10, 0xFF, 0x82, 0xFD, 0x0A, 0xFF, 0xF4 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x88, 0xA1, 0x43, 0xEB, 0x20, 0xBF, 0x7C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0x90, 0x30, 0xB0, 0x0E, 0xA8, 0x8D, 0x18 ),
};
static const mbedtls_mpi_uint secp192r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
- BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
- BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x48, 0x79, 0x1E, 0xA1, 0x77, 0xF9, 0x73 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0xCD, 0x24, 0x6B, 0xED, 0x11, 0x10, 0x63 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x78, 0xDA, 0xC8, 0xFF, 0x95, 0x2B, 0x19, 0x07 ),
};
static const mbedtls_mpi_uint secp192r1_n[] = {
- BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
- BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x31, 0x28, 0xD2, 0xB4, 0xB1, 0xC9, 0x6B, 0x14 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x36, 0xF8, 0xDE, 0x99, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -122,34 +89,34 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
static const mbedtls_mpi_uint secp224r1_p[] = {
- BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
};
static const mbedtls_mpi_uint secp224r1_b[] = {
- BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
- BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
- BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
- BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0xFF, 0x55, 0x23, 0x43, 0x39, 0x0B, 0x27 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0xD8, 0xBF, 0xD7, 0xB7, 0xB0, 0x44, 0x50 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x56, 0x32, 0x41, 0xF5, 0xAB, 0xB3, 0x04, 0x0C ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0x85, 0x0A, 0x05, 0xB4 ),
};
static const mbedtls_mpi_uint secp224r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
- BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
- BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
- BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0x1D, 0x5C, 0x11, 0xD6, 0x80, 0x32, 0x34 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0x11, 0xC2, 0x56, 0xD3, 0xC1, 0x03, 0x4A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0x90, 0x13, 0x32, 0x7F, 0xBF, 0xB4, 0x6B ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0xBD, 0x0C, 0x0E, 0xB7 ),
};
static const mbedtls_mpi_uint secp224r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
- BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
- BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
- BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x7E, 0x00, 0x85, 0x99, 0x81, 0xD5, 0x44 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x47, 0x07, 0x5A, 0xA0, 0x75, 0x43, 0xCD ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0xDF, 0x22, 0x4C, 0xFB, 0x23, 0xF7, 0xB5 ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0x88, 0x63, 0x37, 0xBD ),
};
static const mbedtls_mpi_uint secp224r1_n[] = {
- BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
- BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x3D, 0x2A, 0x5C, 0x5C, 0x45, 0x29, 0xDD, 0x13 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x3E, 0xF0, 0xB8, 0xE0, 0xA2, 0x16, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
@@ -158,34 +125,34 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
static const mbedtls_mpi_uint secp256r1_p[] = {
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp256r1_b[] = {
- BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
- BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
- BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
- BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x4B, 0x60, 0xD2, 0x27, 0x3E, 0x3C, 0xCE, 0x3B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF6, 0xB0, 0x53, 0xCC, 0xB0, 0x06, 0x1D, 0x65 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x86, 0x98, 0x76, 0x55, 0xBD, 0xEB, 0xB3 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0x93, 0x3A, 0xAA, 0xD8, 0x35, 0xC6, 0x5A ),
};
static const mbedtls_mpi_uint secp256r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
- BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
- BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
- BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x96, 0xC2, 0x98, 0xD8, 0x45, 0x39, 0xA1, 0xF4 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0x33, 0xEB, 0x2D, 0x81, 0x7D, 0x03, 0x77 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF2, 0x40, 0xA4, 0x63, 0xE5, 0xE6, 0xBC, 0xF8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x42, 0x2C, 0xE1, 0xF2, 0xD1, 0x17, 0x6B ),
};
static const mbedtls_mpi_uint secp256r1_gy[] = {
- BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
- BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
- BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
- BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF5, 0x51, 0xBF, 0x37, 0x68, 0x40, 0xB6, 0xCB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0x5E, 0x31, 0x6B, 0x57, 0x33, 0xCE, 0x2B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x16, 0x9E, 0x0F, 0x7C, 0x4A, 0xEB, 0xE7, 0x8E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x7F, 0x1A, 0xFE, 0xE2, 0x42, 0xE3, 0x4F ),
};
static const mbedtls_mpi_uint secp256r1_n[] = {
- BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
- BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x51, 0x25, 0x63, 0xFC, 0xC2, 0xCA, 0xB9, 0xF3 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x9E, 0x17, 0xA7, 0xAD, 0xFA, 0xE6, 0xBC ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
@@ -194,44 +161,44 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
static const mbedtls_mpi_uint secp384r1_p[] = {
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp384r1_b[] = {
- BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
- BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
- BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
- BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
- BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
- BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xEF, 0x2A, 0xEC, 0xD3, 0xED, 0xC8, 0x85, 0x2A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0xD1, 0x2E, 0x8A, 0x8D, 0x39, 0x56, 0xC6 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x87, 0x13, 0x50, 0x8F, 0x08, 0x14, 0x03 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x12, 0x41, 0x81, 0xFE, 0x6E, 0x9C, 0x1D, 0x18 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x2D, 0xF8, 0xE3, 0x6B, 0x05, 0x8E, 0x98 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE4, 0xE7, 0x3E, 0xE2, 0xA7, 0x2F, 0x31, 0xB3 ),
};
static const mbedtls_mpi_uint secp384r1_gx[] = {
- BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
- BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
- BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
- BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
- BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
- BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB7, 0x0A, 0x76, 0x72, 0x38, 0x5E, 0x54, 0x3A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x29, 0x55, 0xBF, 0x5D, 0xF2, 0x02, 0x55 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x38, 0x2A, 0x54, 0x82, 0xE0, 0x41, 0xF7, 0x59 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x9B, 0xA7, 0x8B, 0x62, 0x3B, 0x1D, 0x6E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x74, 0xAD, 0x20, 0xF3, 0x1E, 0xC7, 0xB1, 0x8E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0x05, 0x8B, 0xBE, 0x22, 0xCA, 0x87, 0xAA ),
};
static const mbedtls_mpi_uint secp384r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
- BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
- BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
- BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
- BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
- BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x0E, 0xEA, 0x90, 0x7C, 0x1D, 0x43, 0x7A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x81, 0x7E, 0x1D, 0xCE, 0xB1, 0x60, 0x0A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC0, 0xB8, 0xF0, 0xB5, 0x13, 0x31, 0xDA, 0xE9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x14, 0x9A, 0x28, 0xBD, 0x1D, 0xF4, 0xF8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x29, 0xDC, 0x92, 0x92, 0xBF, 0x98, 0x9E, 0x5D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6F, 0x2C, 0x26, 0x96, 0x4A, 0xDE, 0x17, 0x36 ),
};
static const mbedtls_mpi_uint secp384r1_n[] = {
- BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
- BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
- BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x73, 0x29, 0xC5, 0xCC, 0x6A, 0x19, 0xEC, 0xEC ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x7A, 0xA7, 0xB0, 0x48, 0xB2, 0x0D, 0x1A, 0x58 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x2D, 0x37, 0xF4, 0x81, 0x4D, 0x63, 0xC7 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
@@ -240,154 +207,154 @@
*/
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
static const mbedtls_mpi_uint secp521r1_p[] = {
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
};
static const mbedtls_mpi_uint secp521r1_b[] = {
- BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
- BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
- BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
- BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
- BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
- BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
- BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
- BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
- BYTES_TO_T_UINT_2( 0x51, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x3F, 0x50, 0x6B, 0xD4, 0x1F, 0x45, 0xEF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF1, 0x34, 0x2C, 0x3D, 0x88, 0xDF, 0x73, 0x35 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xBF, 0xB1, 0x3B, 0xBD, 0xC0, 0x52, 0x16 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x7B, 0x93, 0x7E, 0xEC, 0x51, 0x39, 0x19, 0x56 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE1, 0x09, 0xF1, 0x8E, 0x91, 0x89, 0xB4, 0xB8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x15, 0xB3, 0x99, 0x5B, 0x72, 0xDA, 0xA2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xEE, 0x40, 0x85, 0xB6, 0xA0, 0x21, 0x9A, 0x92 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x1F, 0x9A, 0x1C, 0x8E, 0x61, 0xB9, 0x3E, 0x95 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x51, 0x00 ),
};
static const mbedtls_mpi_uint secp521r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
- BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
- BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
- BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
- BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
- BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
- BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
- BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
- BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x66, 0xBD, 0xE5, 0xC2, 0x31, 0x7E, 0x7E, 0xF9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x9B, 0x42, 0x6A, 0x85, 0xC1, 0xB3, 0x48, 0x33 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDE, 0xA8, 0xFF, 0xA2, 0x27, 0xC1, 0x1D, 0xFE ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x59, 0xE7, 0xEF, 0x77, 0x5E, 0x4B, 0xA1 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBA, 0x3D, 0x4D, 0x6B, 0x60, 0xAF, 0x28, 0xF8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x21, 0xB5, 0x3F, 0x05, 0x39, 0x81, 0x64, 0x9C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0xB4, 0x95, 0x23, 0x66, 0xCB, 0x3E, 0x9E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCD, 0xE9, 0x04, 0x04, 0xB7, 0x06, 0x8E, 0x85 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0xC6, 0x00 ),
};
static const mbedtls_mpi_uint secp521r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
- BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
- BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
- BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
- BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
- BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
- BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
- BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
- BYTES_TO_T_UINT_2( 0x18, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x50, 0x66, 0xD1, 0x9F, 0x76, 0x94, 0xBE, 0x88 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0xC2, 0x72, 0xA2, 0x86, 0x70, 0x3C, 0x35 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x61, 0x07, 0xAD, 0x3F, 0x01, 0xB9, 0x50, 0xC5 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x40, 0x26, 0xF4, 0x5E, 0x99, 0x72, 0xEE, 0x97 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x2C, 0x66, 0x3E, 0x27, 0x17, 0xBD, 0xAF, 0x17 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x44, 0x9B, 0x57, 0x49, 0x44, 0xF5, 0x98 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x1B, 0x7D, 0x2C, 0xB4, 0x5F, 0x8A, 0x5C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x04, 0xC0, 0x3B, 0x9A, 0x78, 0x6A, 0x29, 0x39 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x18, 0x01 ),
};
static const mbedtls_mpi_uint secp521r1_n[] = {
- BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
- BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
- BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
- BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
- BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x09, 0x64, 0x38, 0x91, 0x1E, 0xB7, 0x6F, 0xBB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x47, 0x9C, 0x89, 0xB8, 0xC9, 0xB5, 0x3B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD0, 0xA5, 0x09, 0xF7, 0x48, 0x01, 0xCC, 0x7F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x96, 0x2F, 0xBF, 0x83, 0x87, 0x86, 0x51 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0xFF, 0x01 ),
};
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static const mbedtls_mpi_uint secp192k1_p[] = {
- BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp192k1_a[] = {
- BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static const mbedtls_mpi_uint secp192k1_b[] = {
- BYTES_TO_T_UINT_2( 0x03, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x03, 0x00 ),
};
static const mbedtls_mpi_uint secp192k1_gx[] = {
- BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
- BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
- BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
};
static const mbedtls_mpi_uint secp192k1_gy[] = {
- BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
- BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
- BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
};
static const mbedtls_mpi_uint secp192k1_n[] = {
- BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
- BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
static const mbedtls_mpi_uint secp224k1_p[] = {
- BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp224k1_a[] = {
- BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static const mbedtls_mpi_uint secp224k1_b[] = {
- BYTES_TO_T_UINT_2( 0x05, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x05, 0x00 ),
};
static const mbedtls_mpi_uint secp224k1_gx[] = {
- BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
- BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
- BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
- BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
};
static const mbedtls_mpi_uint secp224k1_gy[] = {
- BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
- BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
- BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
- BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
+ MBEDTLS_BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
};
static const mbedtls_mpi_uint secp224k1_n[] = {
- BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
- BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
- BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
};
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static const mbedtls_mpi_uint secp256k1_p[] = {
- BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static const mbedtls_mpi_uint secp256k1_a[] = {
- BYTES_TO_T_UINT_2( 0x00, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static const mbedtls_mpi_uint secp256k1_b[] = {
- BYTES_TO_T_UINT_2( 0x07, 0x00 ),
+ MBEDTLS_BYTES_TO_T_UINT_2( 0x07, 0x00 ),
};
static const mbedtls_mpi_uint secp256k1_gx[] = {
- BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
- BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
- BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
- BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
};
static const mbedtls_mpi_uint secp256k1_gy[] = {
- BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
- BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
- BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
- BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
};
static const mbedtls_mpi_uint secp256k1_n[] = {
- BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
- BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
- BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
- BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
@@ -396,40 +363,40 @@
*/
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP256r1_p[] = {
- BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
- BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
- BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
- BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x77, 0x53, 0x6E, 0x1F, 0x1D, 0x48, 0x13, 0x20 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x20, 0x26, 0xD5, 0x23, 0xF6, 0x3B, 0x6E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x72, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
};
static const mbedtls_mpi_uint brainpoolP256r1_a[] = {
- BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
- BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
- BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
- BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD9, 0xB5, 0x30, 0xF3, 0x44, 0x4B, 0x4A, 0xE9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6C, 0x5C, 0xDC, 0x26, 0xC1, 0x55, 0x80, 0xFB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE7, 0xFF, 0x7A, 0x41, 0x30, 0x75, 0xF6, 0xEE ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x57, 0x30, 0x2C, 0xFC, 0x75, 0x09, 0x5A, 0x7D ),
};
static const mbedtls_mpi_uint brainpoolP256r1_b[] = {
- BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
- BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
- BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
- BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB6, 0x07, 0x8C, 0xFF, 0x18, 0xDC, 0xCC, 0x6B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCE, 0xE1, 0xF7, 0x5C, 0x29, 0x16, 0x84, 0x95 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBF, 0x7C, 0xD7, 0xBB, 0xD9, 0xB5, 0x30, 0xF3 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x44, 0x4B, 0x4A, 0xE9, 0x6C, 0x5C, 0xDC, 0x26 ),
};
static const mbedtls_mpi_uint brainpoolP256r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
- BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
- BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
- BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x62, 0x32, 0xCE, 0x9A, 0xBD, 0x53, 0x44, 0x3A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC2, 0x23, 0xBD, 0xE3, 0xE1, 0x27, 0xDE, 0xB9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAF, 0xB7, 0x81, 0xFC, 0x2F, 0x48, 0x4B, 0x2C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCB, 0x57, 0x7E, 0xCB, 0xB9, 0xAE, 0xD2, 0x8B ),
};
static const mbedtls_mpi_uint brainpoolP256r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
- BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
- BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
- BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x97, 0x69, 0x04, 0x2F, 0xC7, 0x54, 0x1D, 0x5C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x54, 0x8E, 0xED, 0x2D, 0x13, 0x45, 0x77, 0xC2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x1D, 0x61, 0x14, 0x1A, 0x46, 0xF8, 0x97 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0xC4, 0xDA, 0xC3, 0x35, 0xF8, 0x7E, 0x54 ),
};
static const mbedtls_mpi_uint brainpoolP256r1_n[] = {
- BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
- BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
- BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
- BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x56, 0x48, 0x97, 0x82, 0x0E, 0x1E, 0x90 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF7, 0xA6, 0x61, 0xB5, 0xA3, 0x7A, 0x39, 0x8C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x8D, 0x83, 0x9D, 0x90, 0x0A, 0x66, 0x3E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0xA9, 0xEE, 0xA1, 0xDB, 0x57, 0xFB, 0xA9 ),
};
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
@@ -438,52 +405,52 @@
*/
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP384r1_p[] = {
- BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
- BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
- BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
- BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
- BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
- BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x53, 0xEC, 0x07, 0x31, 0x13, 0x00, 0x47, 0x87 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x1A, 0x1D, 0x90, 0x29, 0xA7, 0xD3, 0xAC ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0x11, 0xB7, 0x7F, 0x19, 0xDA, 0xB1, 0x12 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB4, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
};
static const mbedtls_mpi_uint brainpoolP384r1_a[] = {
- BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
- BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
- BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
- BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
- BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
- BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xEB, 0xD4, 0x3A, 0x50, 0x4A, 0x81, 0xA5, 0x8A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x0F, 0xF9, 0x91, 0xBA, 0xEF, 0x65, 0x91, 0x13 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x87, 0x27, 0xB2, 0x4F, 0x8E, 0xA2, 0xBE, 0xC2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA0, 0xAF, 0x05, 0xCE, 0x0A, 0x08, 0x72, 0x3C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x0C, 0x15, 0x8C, 0x3D, 0xC6, 0x82, 0xC3, 0x7B ),
};
static const mbedtls_mpi_uint brainpoolP384r1_b[] = {
- BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
- BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
- BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
- BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
- BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
- BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x4C, 0x50, 0xFA, 0x96, 0x86, 0xB7, 0x3A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x94, 0xC9, 0xDB, 0x95, 0x02, 0x39, 0xB4, 0x7C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD5, 0x62, 0xEB, 0x3E, 0xA5, 0x0E, 0x88, 0x2E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA6, 0xD2, 0xDC, 0x07, 0xE1, 0x7D, 0xB7, 0x2F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x7C, 0x44, 0xF0, 0x16, 0x54, 0xB5, 0x39, 0x8B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x26, 0x28, 0xCE, 0x22, 0xDD, 0xC7, 0xA8, 0x04 ),
};
static const mbedtls_mpi_uint brainpoolP384r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
- BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
- BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
- BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
- BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
- BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x1E, 0xAF, 0xD4, 0x47, 0xE2, 0xB2, 0x87, 0xEF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAA, 0x46, 0xD6, 0x36, 0x34, 0xE0, 0x26, 0xE8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE8, 0x10, 0xBD, 0x0C, 0xFE, 0xCA, 0x7F, 0xDB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE3, 0x4F, 0xF1, 0x7E, 0xE7, 0xA3, 0x47, 0x88 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x6B, 0x3F, 0xC1, 0xB7, 0x81, 0x3A, 0xA6, 0xA2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFF, 0x45, 0xCF, 0x68, 0xF0, 0x64, 0x1C, 0x1D ),
};
static const mbedtls_mpi_uint brainpoolP384r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
- BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
- BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
- BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
- BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
- BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x15, 0x53, 0x3C, 0x26, 0x41, 0x03, 0x82, 0x42 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x91, 0x77, 0x21, 0x46, 0x46, 0x0E ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x29, 0x91, 0xF9, 0x4F, 0x05, 0x9C, 0xE1 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0x58, 0xEC, 0xFE, 0x29, 0x0B, 0xB7, 0x62 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x52, 0xD5, 0xCF, 0x95, 0x8E, 0xEB, 0xB1, 0x5C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA4, 0xC2, 0xF9, 0x20, 0x75, 0x1D, 0xBE, 0x8A ),
};
static const mbedtls_mpi_uint brainpoolP384r1_n[] = {
- BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
- BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
- BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
- BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
- BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
- BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x65, 0x65, 0x04, 0xE9, 0x02, 0x32, 0x88, 0x3B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0xC3, 0x7F, 0x6B, 0xAF, 0xB6, 0x3A, 0xCF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x25, 0x04, 0xAC, 0x6C, 0x6E, 0x16, 0x1F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB3, 0x56, 0x54, 0xED, 0x09, 0x71, 0x2F, 0x15 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDF, 0x41, 0xE6, 0x50, 0x7E, 0x6F, 0x5D, 0x0F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x28, 0x6D, 0x38, 0xA3, 0x82, 0x1E, 0xB9, 0x8C ),
};
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
@@ -492,64 +459,64 @@
*/
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
static const mbedtls_mpi_uint brainpoolP512r1_p[] = {
- BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
- BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
- BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
- BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
- BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
- BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
- BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
- BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xF3, 0x48, 0x3A, 0x58, 0x56, 0x60, 0xAA, 0x28 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x85, 0xC6, 0x82, 0x2D, 0x2F, 0xFF, 0x81, 0x28 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xE6, 0x80, 0xA3, 0xE6, 0x2A, 0xA1, 0xCD, 0xAE ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x42, 0x68, 0xC6, 0x9B, 0x00, 0x9B, 0x4D, 0x7D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x71, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
};
static const mbedtls_mpi_uint brainpoolP512r1_a[] = {
- BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
- BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
- BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
- BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
- BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
- BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
- BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
- BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x94, 0xFC, 0x77, 0x4D, 0xAC, 0xC1, 0xE7 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB9, 0xC7, 0xF2, 0x2B, 0xA7, 0x17, 0x11, 0x7F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xB5, 0xC8, 0x9A, 0x8B, 0xC9, 0xF1, 0x2E, 0x0A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA1, 0x3A, 0x25, 0xA8, 0x5A, 0x5D, 0xED, 0x2D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xBC, 0x63, 0x98, 0xEA, 0xCA, 0x41, 0x34, 0xA8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x10, 0x16, 0xF9, 0x3D, 0x8D, 0xDD, 0xCB, 0x94 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC5, 0x4C, 0x23, 0xAC, 0x45, 0x71, 0x32, 0xE2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x89, 0x3B, 0x60, 0x8B, 0x31, 0xA3, 0x30, 0x78 ),
};
static const mbedtls_mpi_uint brainpoolP512r1_b[] = {
- BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
- BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
- BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
- BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
- BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
- BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
- BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
- BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x23, 0xF7, 0x16, 0x80, 0x63, 0xBD, 0x09, 0x28 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xE5, 0xBA, 0x5E, 0xB7, 0x50, 0x40, 0x98 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x67, 0x3E, 0x08, 0xDC, 0xCA, 0x94, 0xFC, 0x77 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x4D, 0xAC, 0xC1, 0xE7, 0xB9, 0xC7, 0xF2, 0x2B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xA7, 0x17, 0x11, 0x7F, 0xB5, 0xC8, 0x9A, 0x8B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0xF1, 0x2E, 0x0A, 0xA1, 0x3A, 0x25, 0xA8 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5A, 0x5D, 0xED, 0x2D, 0xBC, 0x63, 0x98, 0xEA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xCA, 0x41, 0x34, 0xA8, 0x10, 0x16, 0xF9, 0x3D ),
};
static const mbedtls_mpi_uint brainpoolP512r1_gx[] = {
- BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
- BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
- BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
- BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
- BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
- BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
- BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
- BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x22, 0xF8, 0xB9, 0xBC, 0x09, 0x22, 0x35, 0x8B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x68, 0x5E, 0x6A, 0x40, 0x47, 0x50, 0x6D, 0x7C ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5F, 0x7D, 0xB9, 0x93, 0x7B, 0x68, 0xD1, 0x50 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x8D, 0xD4, 0xD0, 0xE2, 0x78, 0x1F, 0x3B, 0xFF ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x8E, 0x09, 0xD0, 0xF4, 0xEE, 0x62, 0x3B, 0xB4 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC1, 0x16, 0xD9, 0xB5, 0x70, 0x9F, 0xED, 0x85 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x6A, 0x4C, 0x9C, 0x2E, 0x32, 0x21, 0x5A ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x64, 0xD9, 0x2E, 0xD8, 0xBD, 0xE4, 0xAE, 0x81 ),
};
static const mbedtls_mpi_uint brainpoolP512r1_gy[] = {
- BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
- BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
- BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
- BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
- BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
- BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
- BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
- BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x92, 0x08, 0xD8, 0x3A, 0x0F, 0x1E, 0xCD, 0x78 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x06, 0x54, 0xF0, 0xA8, 0x2F, 0x2B, 0xCA, 0xD1 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xAE, 0x63, 0x27, 0x8A, 0xD8, 0x4B, 0xCA, 0x5B ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x5E, 0x48, 0x5F, 0x4A, 0x49, 0xDE, 0xDC, 0xB2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x11, 0x81, 0x1F, 0x88, 0x5B, 0xC5, 0x00, 0xA0 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x1A, 0x7B, 0xA5, 0x24, 0x00, 0xF7, 0x09, 0xF2 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xFD, 0x22, 0x78, 0xCF, 0xA9, 0xBF, 0xEA, 0xC0 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xEC, 0x32, 0x63, 0x56, 0x5D, 0x38, 0xDE, 0x7D ),
};
static const mbedtls_mpi_uint brainpoolP512r1_n[] = {
- BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
- BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
- BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
- BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
- BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
- BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
- BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
- BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x69, 0x00, 0xA9, 0x9C, 0x82, 0x96, 0x87, 0xB5 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xDD, 0xDA, 0x5D, 0x08, 0x81, 0xD3, 0xB1, 0x1D ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x47, 0x10, 0xAC, 0x7F, 0x19, 0x61, 0x86, 0x41 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x19, 0x26, 0xA9, 0x4C, 0x41, 0x5C, 0x3E, 0x55 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x70, 0x08, 0x33, 0x70, 0xCA, 0x9C, 0x63, 0xD6 ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x0E, 0xD2, 0xC9, 0xB3, 0xB3, 0x8D, 0x30, 0xCB ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x07, 0xFC, 0xC9, 0x33, 0xAE, 0xE6, 0xD4, 0x3F ),
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x8B, 0xC4, 0xE9, 0xDB, 0xB8, 0x9D, 0xDD, 0xAA ),
};
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
@@ -680,6 +647,13 @@
#endif /* ECP_LOAD_GROUP */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+/* Constants used by ecp_use_curve25519() */
+static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
+static const unsigned char curve25519_part_of_n[] = {
+ 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
+ 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
+};
+
/*
* Specialized function for creating the Curve25519 group
*/
@@ -688,7 +662,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Actually ( A + 2 ) / 4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "01DB42" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve25519_a24 ) );
/* P = 2^255 - 19 */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
@@ -697,8 +671,8 @@
grp->pbits = mbedtls_mpi_bitlen( &grp->P );
/* N = 2^252 + 27742317777372353535851937790883648493 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16,
- "14DEF9DEA2F79CD65812631A5CF5D3ED" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &grp->N,
+ curve25519_part_of_n, sizeof( curve25519_part_of_n ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) );
/* Y intentionally not set, since we use x/z coordinates.
@@ -719,6 +693,15 @@
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+/* Constants used by ecp_use_curve448() */
+static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
+static const unsigned char curve448_part_of_n[] = {
+ 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24,
+ 0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93,
+ 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC,
+ 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
+};
+
/*
* Specialized function for creating the Curve448 group
*/
@@ -730,7 +713,7 @@
mbedtls_mpi_init( &Ns );
/* Actually ( A + 2 ) / 4 */
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->A, 16, "98AA" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->A, curve448_a24 ) );
/* P = 2^448 - 2^224 - 1 */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->P, 1 ) );
@@ -748,8 +731,8 @@
/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 446, 1 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &Ns, 16,
- "8335DC163BB124B65129C96FDE933D8D723A70AADC873D6D54A7BB0D" ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &Ns,
+ curve448_part_of_n, sizeof( curve448_part_of_n ) ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &grp->N, &grp->N, &Ns ) );
/* Actually, the required msb for private keys */
@@ -1446,9 +1429,11 @@
static int ecp_mod_p192k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
- BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00 ) };
- return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+ return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+ 0 ) );
}
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
@@ -1460,12 +1445,14 @@
static int ecp_mod_p224k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
- BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
+ MBEDTLS_BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00 ) };
#if defined(MBEDTLS_HAVE_INT64)
return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
#else
- return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+ return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+ 0 ) );
#endif
}
@@ -1479,8 +1466,10 @@
static int ecp_mod_p256k1( mbedtls_mpi *N )
{
static mbedtls_mpi_uint Rp[] = {
- BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
- return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0, 0 ) );
+ MBEDTLS_BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
+ 0x00 ) };
+ return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+ 0 ) );
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index b523967..71c7702 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -27,6 +27,7 @@
#define MBEDTLS_ECP_INVASIVE_H
#include "common.h"
+#include "mbedtls/bignum.h"
#include "mbedtls/ecp.h"
#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C)
@@ -46,6 +47,35 @@
void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits );
#endif
+#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
+/** Generate a private key on a Montgomery curve (Curve25519 or Curve448).
+ *
+ * This function implements key generation for the set of secret keys
+ * specified in [Curve25519] p. 5 and in [Curve448]. The resulting value
+ * has the lower bits masked but is not necessarily canonical.
+ *
+ * \note - [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * - [RFC7748] https://tools.ietf.org/html/rfc7748
+ *
+ * \p high_bit The position of the high-order bit of the key to generate.
+ * This is the bit-size of the key minus 1:
+ * 254 for Curve25519 or 447 for Curve448.
+ * \param d The randomly generated key. This is a number of size
+ * exactly \p n_bits + 1 bits, with the least significant bits
+ * masked as specified in [Curve25519] and in [RFC7748] §5.
+ * \param f_rng The RNG function.
+ * \param p_rng The RNG context to be passed to \p f_rng.
+ *
+ * \return \c 0 on success.
+ * \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
+ */
+int mbedtls_ecp_gen_privkey_mx( size_t n_bits,
+ mbedtls_mpi *d,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+
+#endif /* MBEDTLS_ECP_MONTGOMERY_ENABLED */
+
#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */
#endif /* MBEDTLS_ECP_INVASIVE_H */
diff --git a/library/net_sockets.c b/library/net_sockets.c
index ad1ac13..5fbe1f7 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -20,8 +20,12 @@
/* Enable definition of getaddrinfo() even when compiling with -std=c99. Must
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
+#ifndef _POSIX_C_SOURCE
#define _POSIX_C_SOURCE 200112L
+#endif
+#ifndef _XOPEN_SOURCE
#define _XOPEN_SOURCE 600 /* sockaddr_storage */
+#endif
#include "common.h"
@@ -132,6 +136,31 @@
}
/*
+ * Return 0 if the file descriptor is valid, an error otherwise.
+ * If for_select != 0, check whether the file descriptor is within the range
+ * allowed for fd_set used for the FD_xxx macros and the select() function.
+ */
+static int check_fd( int fd, int for_select )
+{
+ if( fd < 0 )
+ return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+ (void) for_select;
+#else
+ /* A limitation of select() is that it only works with file descriptors
+ * that are strictly less than FD_SETSIZE. This is a limitation of the
+ * fd_set type. Error out early, because attempting to call FD_SET on a
+ * large file descriptor is a buffer overflow on typical platforms. */
+ if( for_select && fd >= FD_SETSIZE )
+ return( MBEDTLS_ERR_NET_POLL_FAILED );
+#endif
+
+ return( 0 );
+}
+
+/*
* Initialize a context
*/
void mbedtls_net_init( mbedtls_net_context *ctx )
@@ -462,15 +491,9 @@
int fd = ctx->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
- /* A limitation of select() is that it only works with file descriptors
- * that are strictly less than FD_SETSIZE. This is a limitation of the
- * fd_set type. Error out early, because attempting to call FD_SET on a
- * large file descriptor is a buffer overflow on typical platforms. */
- if( fd >= FD_SETSIZE )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = check_fd( fd, 1 );
+ if( ret != 0 )
+ return( ret );
#if defined(__has_feature)
#if __has_feature(memory_sanitizer)
@@ -549,8 +572,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ ret = check_fd( fd, 0 );
+ if( ret != 0 )
+ return( ret );
ret = (int) read( fd, buf, len );
@@ -588,15 +612,9 @@
fd_set read_fds;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
-
- /* A limitation of select() is that it only works with file descriptors
- * that are strictly less than FD_SETSIZE. This is a limitation of the
- * fd_set type. Error out early, because attempting to call FD_SET on a
- * large file descriptor is a buffer overflow on typical platforms. */
- if( fd >= FD_SETSIZE )
- return( MBEDTLS_ERR_NET_POLL_FAILED );
+ ret = check_fd( fd, 1 );
+ if( ret != 0 )
+ return( ret );
FD_ZERO( &read_fds );
FD_SET( fd, &read_fds );
@@ -636,8 +654,9 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int fd = ((mbedtls_net_context *) ctx)->fd;
- if( fd < 0 )
- return( MBEDTLS_ERR_NET_INVALID_CONTEXT );
+ ret = check_fd( fd, 0 );
+ if( ret != 0 )
+ return( ret );
ret = (int) write( fd, buf, len );
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 04829a0..5054ca2 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -189,8 +189,6 @@
uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
- unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
- unsigned char *A = output;
*out_len = 0;
/*
@@ -266,6 +264,9 @@
}
else
{
+ unsigned char *R2 = output + KW_SEMIBLOCK_LENGTH;
+ unsigned char *A = output;
+
/*
* Do the wrapping function W, as defined in RFC 3394 section 2.2.1
*/
@@ -329,7 +330,7 @@
uint64_t t = 0;
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
- unsigned char *R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
+ unsigned char *R = NULL;
*out_len = 0;
if( semiblocks < MIN_SEMIBLOCKS_COUNT )
@@ -339,6 +340,7 @@
memcpy( A, input, KW_SEMIBLOCK_LENGTH );
memmove( output, input + KW_SEMIBLOCK_LENGTH, ( semiblocks - 1 ) * KW_SEMIBLOCK_LENGTH );
+ R = output + ( semiblocks - 2 ) * KW_SEMIBLOCK_LENGTH;
/* Calculate intermediate values */
for( t = s; t >= 1; t-- )
diff --git a/library/pk.c b/library/pk.c
index ecf002d..05cc213 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -235,12 +235,15 @@
{
const mbedtls_md_info_t *md_info;
- if( *hash_len != 0 )
+ if( *hash_len != 0 && md_alg == MBEDTLS_MD_NONE )
return( 0 );
if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
return( -1 );
+ if ( *hash_len != 0 && *hash_len != mbedtls_md_get_size( md_info ) )
+ return ( -1 );
+
*hash_len = mbedtls_md_get_size( md_info );
return( 0 );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f58df4a..a424c89 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -26,7 +26,6 @@
#include "check_crypto_config.h"
#endif
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
@@ -35,6 +34,7 @@
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_hash.h"
+#include "psa_crypto_mac.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_ecp.h"
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -92,20 +92,6 @@
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
-/* constant-time buffer comparison */
-static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n )
-{
- size_t i;
- unsigned char diff = 0;
-
- for( i = 0; i < n; i++ )
- diff |= a[i] ^ b[i];
-
- return( diff );
-}
-
-
-
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
@@ -1146,6 +1132,17 @@
return( PSA_ERROR_GENERIC_ERROR );
}
+ if( PSA_KEY_LIFETIME_IS_READ_ONLY( slot->attr.lifetime ) )
+ {
+ /* Refuse the destruction of a read-only key (which may or may not work
+ * if we attempt it, depending on whether the key is merely read-only
+ * by policy or actually physically read-only).
+ * Just do the best we can, which is to wipe the copy in memory
+ * (done in this function's cleanup code). */
+ overall_status = PSA_ERROR_NOT_PERMITTED;
+ goto exit;
+ }
+
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
driver = psa_get_se_driver_entry( slot->attr.lifetime );
if( driver != NULL )
@@ -1207,12 +1204,10 @@
}
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
exit:
-#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
status = psa_wipe_key_slot( slot );
/* Prioritize CORRUPTION_DETECTED from wiping over a storage error */
- if( overall_status == PSA_SUCCESS )
+ if( status != PSA_SUCCESS )
overall_status = status;
return( overall_status );
}
@@ -1556,6 +1551,8 @@
PSA_KEY_USAGE_COPY |
PSA_KEY_USAGE_ENCRYPT |
PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE |
PSA_KEY_USAGE_SIGN_HASH |
PSA_KEY_USAGE_VERIFY_HASH |
PSA_KEY_USAGE_DERIVE ) ) != 0 )
@@ -2171,34 +2168,54 @@
psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
psa_algorithm_t alg )
{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( !PSA_ALG_IS_HASH( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
/* Ensure all of the context is zeroized, since PSA_HASH_OPERATION_INIT only
* directly zeroes the int-sized dummy member of the context union. */
memset( &operation->ctx, 0, sizeof( operation->ctx ) );
- return( psa_driver_wrapper_hash_setup( operation, alg ) );
+ status = psa_driver_wrapper_hash_setup( operation, alg );
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_hash_abort( operation );
+
+ return status;
}
psa_status_t psa_hash_update( psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length )
{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
/* Don't require hash implementations to behave correctly on a
* zero-length input, which may have an invalid pointer. */
if( input_length == 0 )
return( PSA_SUCCESS );
- psa_status_t status = psa_driver_wrapper_hash_update( operation,
- input, input_length );
+ status = psa_driver_wrapper_hash_update( operation, input, input_length );
+
+exit:
if( status != PSA_SUCCESS )
psa_hash_abort( operation );
@@ -2230,13 +2247,24 @@
operation,
actual_hash, sizeof( actual_hash ),
&actual_hash_length );
+
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
+
if( actual_hash_length != hash_length )
- return( PSA_ERROR_INVALID_SIGNATURE );
- if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
- return( PSA_ERROR_INVALID_SIGNATURE );
- return( PSA_SUCCESS );
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+
+ if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ status = PSA_ERROR_INVALID_SIGNATURE;
+
+exit:
+ if( status != PSA_SUCCESS )
+ psa_hash_abort(operation);
+
+ return( status );
}
psa_status_t psa_hash_compute( psa_algorithm_t alg,
@@ -2270,7 +2298,7 @@
return( status );
if( actual_hash_length != hash_length )
return( PSA_ERROR_INVALID_SIGNATURE );
- if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+ if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
return( PSA_ERROR_INVALID_SIGNATURE );
return( PSA_SUCCESS );
}
@@ -2297,222 +2325,59 @@
/* MAC */
/****************************************************************/
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-static size_t psa_get_hash_block_size( psa_algorithm_t alg )
-{
- switch( alg )
- {
- case PSA_ALG_MD2:
- return( 16 );
- case PSA_ALG_MD4:
- return( 64 );
- case PSA_ALG_MD5:
- return( 64 );
- case PSA_ALG_RIPEMD160:
- return( 64 );
- case PSA_ALG_SHA_1:
- return( 64 );
- case PSA_ALG_SHA_224:
- return( 64 );
- case PSA_ALG_SHA_256:
- return( 64 );
- case PSA_ALG_SHA_384:
- return( 128 );
- case PSA_ALG_SHA_512:
- return( 128 );
- default:
- return( 0 );
- }
-}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) */
-
-/* Initialize the MAC operation structure. Once this function has been
- * called, psa_mac_abort can run and will do the right thing. */
-static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
- psa_algorithm_t alg )
-{
- psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
-
- operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg );
- operation->key_set = 0;
- operation->iv_set = 0;
- operation->iv_required = 0;
- operation->has_input = 0;
- operation->is_sign = 0;
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( operation->alg == PSA_ALG_CMAC )
- {
- operation->iv_required = 0;
- mbedtls_cipher_init( &operation->ctx.cmac );
- status = PSA_SUCCESS;
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- /* We'll set up the hash operation later in psa_hmac_setup_internal. */
- operation->ctx.hmac.alg = 0;
- status = PSA_SUCCESS;
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
- {
- if( ! PSA_ALG_IS_MAC( alg ) )
- status = PSA_ERROR_INVALID_ARGUMENT;
- }
-
- if( status != PSA_SUCCESS )
- memset( operation, 0, sizeof( *operation ) );
- return( status );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
-{
- mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
- return( psa_hash_abort( &hmac->hash_ctx ) );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
{
- if( operation->alg == 0 )
- {
- /* The object has (apparently) been initialized but it is not
- * in use. It's ok to call abort on such an object, and there's
- * nothing to do. */
+ /* Aborting a non-active operation is allowed */
+ if( operation->id == 0 )
return( PSA_SUCCESS );
- }
- else
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( operation->alg == PSA_ALG_CMAC )
- {
- mbedtls_cipher_free( &operation->ctx.cmac );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- psa_hmac_abort_internal( &operation->ctx.hmac );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
- {
- /* Sanity check (shouldn't happen: operation->alg should
- * always have been initialized to a valid value). */
- goto bad_state;
- }
- operation->alg = 0;
- operation->key_set = 0;
- operation->iv_set = 0;
- operation->iv_required = 0;
- operation->has_input = 0;
+ psa_status_t status = psa_driver_wrapper_mac_abort( operation );
+ operation->mac_size = 0;
operation->is_sign = 0;
-
- return( PSA_SUCCESS );
-
-bad_state:
- /* If abort is called on an uninitialized object, we can't trust
- * anything. Wipe the object in case it contains confidential data.
- * This may result in a memory leak if a pointer gets overwritten,
- * but it's too late to do anything about this. */
- memset( operation, 0, sizeof( *operation ) );
- return( PSA_ERROR_BAD_STATE );
-}
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
-static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation,
- psa_key_slot_t *slot )
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_cipher_info_t *cipher_info =
- mbedtls_cipher_info_from_psa( PSA_ALG_CMAC,
- slot->attr.type, slot->attr.bits,
- NULL );
- if( cipher_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
-
- ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
- slot->key.data,
- slot->attr.bits );
-exit:
- return( mbedtls_to_psa_error( ret ) );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t hash_alg )
-{
- uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
- size_t i;
- size_t hash_size = PSA_HASH_LENGTH( hash_alg );
- size_t block_size = psa_get_hash_block_size( hash_alg );
- psa_status_t status;
-
- hmac->alg = hash_alg;
-
- /* Sanity checks on block_size, to guarantee that there won't be a buffer
- * overflow below. This should never trigger if the hash algorithm
- * is implemented correctly. */
- /* The size checks against the ipad and opad buffers cannot be written
- * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
- * because that triggers -Wlogical-op on GCC 7.3. */
- if( block_size > sizeof( ipad ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( block_size > sizeof( hmac->opad ) )
- return( PSA_ERROR_NOT_SUPPORTED );
- if( block_size < hash_size )
- return( PSA_ERROR_NOT_SUPPORTED );
-
- if( key_length > block_size )
- {
- status = psa_hash_compute( hash_alg, key, key_length,
- ipad, sizeof( ipad ), &key_length );
- if( status != PSA_SUCCESS )
- goto cleanup;
- }
- /* A 0-length key is not commonly used in HMAC when used as a MAC,
- * but it is permitted. It is common when HMAC is used in HKDF, for
- * example. Don't call `memcpy` in the 0-length because `key` could be
- * an invalid pointer which would make the behavior undefined. */
- else if( key_length != 0 )
- memcpy( ipad, key, key_length );
-
- /* ipad contains the key followed by garbage. Xor and fill with 0x36
- * to create the ipad value. */
- for( i = 0; i < key_length; i++ )
- ipad[i] ^= 0x36;
- memset( ipad + key_length, 0x36, block_size - key_length );
-
- /* Copy the key material from ipad to opad, flipping the requisite bits,
- * and filling the rest of opad with the requisite constant. */
- for( i = 0; i < key_length; i++ )
- hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
- memset( hmac->opad + key_length, 0x5C, block_size - key_length );
-
- status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
- if( status != PSA_SUCCESS )
- goto cleanup;
-
- status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
-
-cleanup:
- mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
+ operation->id = 0;
return( status );
}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
+
+static psa_status_t psa_mac_finalize_alg_and_key_validation(
+ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
+ uint8_t *mac_size )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t key_type = psa_get_key_type( attributes );
+ size_t key_bits = psa_get_key_bits( attributes );
+
+ if( ! PSA_ALG_IS_MAC( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ /* Validate the combination of key type and algorithm */
+ status = psa_mac_key_can_do( alg, key_type );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ /* Get the output length for the algorithm and key combination */
+ *mac_size = PSA_MAC_LENGTH( key_type, key_bits, alg );
+
+ if( *mac_size < 4 )
+ {
+ /* A very short MAC is too short for security since it can be
+ * brute-forced. Ancient protocols with 32-bit MACs do exist,
+ * so we make this our minimum, even though 32 bits is still
+ * too small for security. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ if( *mac_size > PSA_MAC_LENGTH( key_type, key_bits,
+ PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
+ {
+ /* It's impossible to "truncate" to a larger length than the full length
+ * of the algorithm. */
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ return( PSA_SUCCESS );
+}
static psa_status_t psa_mac_setup( psa_mac_operation_t *operation,
mbedtls_svc_key_id_t key,
@@ -2521,99 +2386,54 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
- psa_key_usage_t usage =
- is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH;
+ psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
- if( operation->alg != 0 )
+ if( operation->id != 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
- status = psa_mac_init( operation, alg );
+ status = psa_get_and_lock_key_slot_with_policy(
+ key,
+ &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+ alg );
if( status != PSA_SUCCESS )
- return( status );
+ goto exit;
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
+ &operation->mac_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ operation->is_sign = is_sign;
+ /* Dispatch the MAC setup call with validated input */
if( is_sign )
- operation->is_sign = 1;
-
- status = psa_get_and_lock_transparent_key_slot_with_policy(
- key, &slot, usage, alg );
- if( status != PSA_SUCCESS )
- goto exit;
-
- /* Validate the combination of key type and algorithm */
- status = psa_mac_key_can_do( alg, slot->attr.type );
- if( status != PSA_SUCCESS )
- goto exit;
-
- /* Get the output length for the algorithm and key combination. None of the
- * currently supported algorithms have an output length dependent on actual
- * key size, so setting it to a bogus value is currently OK. */
- operation->mac_size = PSA_MAC_LENGTH( slot->attr.type, 0, alg );
-
- if( operation->mac_size < 4 )
{
- /* A very short MAC is too short for security since it can be
- * brute-forced. Ancient protocols with 32-bit MACs do exist,
- * so we make this our minimum, even though 32 bits is still
- * too small for security. */
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
- if( operation->mac_size >
- PSA_MAC_LENGTH( slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC( alg ) ) )
- {
- /* It's impossible to "truncate" to a larger length than the full length
- * of the algorithm. */
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
- {
- status = psa_cmac_setup( operation, slot );
+ status = psa_driver_wrapper_mac_sign_setup( operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg );
}
else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( alg ) )
{
- /* Sanity check. This shouldn't fail on a valid configuration. */
- if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) )
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
- if( slot->attr.type != PSA_KEY_TYPE_HMAC )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
- status = psa_hmac_setup_internal( &operation->ctx.hmac,
- slot->key.data,
- slot->key.bytes,
- PSA_ALG_HMAC_GET_HASH( alg ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
- {
- status = PSA_ERROR_NOT_SUPPORTED;
+ status = psa_driver_wrapper_mac_verify_setup( operation,
+ &attributes,
+ slot->key.data,
+ slot->key.bytes,
+ alg );
}
exit:
if( status != PSA_SUCCESS )
- {
psa_mac_abort( operation );
- }
- else
- {
- operation->key_set = 1;
- }
unlock_status = psa_unlock_key_slot( slot );
@@ -2638,209 +2458,479 @@
const uint8_t *input,
size_t input_length )
{
- psa_status_t status = PSA_ERROR_BAD_STATE;
- if( ! operation->key_set )
+ if( operation->id == 0 )
return( PSA_ERROR_BAD_STATE );
- if( operation->iv_required && ! operation->iv_set )
- return( PSA_ERROR_BAD_STATE );
- operation->has_input = 1;
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( operation->alg == PSA_ALG_CMAC )
- {
- int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac,
- input, input_length );
- status = mbedtls_to_psa_error( ret );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input,
- input_length );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
- {
- /* This shouldn't happen if `operation` was initialized by
- * a setup function. */
- return( PSA_ERROR_BAD_STATE );
- }
+ /* Don't require hash implementations to behave correctly on a
+ * zero-length input, which may have an invalid pointer. */
+ if( input_length == 0 )
+ return( PSA_SUCCESS );
+ psa_status_t status = psa_driver_wrapper_mac_update( operation,
+ input, input_length );
if( status != PSA_SUCCESS )
psa_mac_abort( operation );
+
return( status );
}
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
-static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac,
- uint8_t *mac,
- size_t mac_size )
-{
- uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
- psa_algorithm_t hash_alg = hmac->alg;
- size_t hash_size = 0;
- size_t block_size = psa_get_hash_block_size( hash_alg );
- psa_status_t status;
-
- status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
- if( status != PSA_SUCCESS )
- return( status );
- /* From here on, tmp needs to be wiped. */
-
- status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
- if( status != PSA_SUCCESS )
- goto exit;
-
- status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
- if( status != PSA_SUCCESS )
- goto exit;
-
- memcpy( mac, tmp, mac_size );
-
-exit:
- mbedtls_platform_zeroize( tmp, hash_size );
- return( status );
-}
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
-
-static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size )
-{
- if( ! operation->key_set )
- return( PSA_ERROR_BAD_STATE );
- if( operation->iv_required && ! operation->iv_set )
- return( PSA_ERROR_BAD_STATE );
-
- if( mac_size < operation->mac_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
-
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)
- if( operation->alg == PSA_ALG_CMAC )
- {
- uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
- int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
- if( ret == 0 )
- memcpy( mac, tmp, operation->mac_size );
- mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
- return( mbedtls_to_psa_error( ret ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC)
- if( PSA_ALG_IS_HMAC( operation->alg ) )
- {
- return( psa_hmac_finish_internal( &operation->ctx.hmac,
- mac, operation->mac_size ) );
- }
- else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */
- {
- /* This shouldn't happen if `operation` was initialized by
- * a setup function. */
- return( PSA_ERROR_BAD_STATE );
- }
-}
-
psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length )
{
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->alg == 0 )
+ if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
- /* Fill the output buffer with something that isn't a valid mac
- * (barring an attack on the mac and deliberately-crafted input),
- * in case the caller doesn't check the return status properly. */
- *mac_length = mac_size;
- /* If mac_size is 0 then mac may be NULL and then the
- * call to memset would have undefined behavior. */
- if( mac_size != 0 )
- memset( mac, '!', mac_size );
-
if( ! operation->is_sign )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
- status = psa_mac_finish_internal( operation, mac, mac_size );
-
- if( status == PSA_SUCCESS )
+ /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
+ * once all the error checks are done. */
+ if( operation->mac_size == 0 )
{
- status = psa_mac_abort( operation );
- if( status == PSA_SUCCESS )
- *mac_length = operation->mac_size;
- else
- memset( mac, '!', mac_size );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
- else
- psa_mac_abort( operation );
- return( status );
+
+ if( mac_size < operation->mac_size )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ status = psa_driver_wrapper_mac_sign_finish( operation,
+ mac, operation->mac_size,
+ mac_length );
+
+exit:
+ /* In case of success, set the potential excess room in the output buffer
+ * to an invalid value, to avoid potentially leaking a longer MAC.
+ * In case of error, set the output length and content to a safe default,
+ * such that in case the caller misses an error check, the output would be
+ * an unachievable MAC.
+ */
+ if( status != PSA_SUCCESS )
+ {
+ *mac_length = mac_size;
+ operation->mac_size = 0;
+ }
+
+ if( mac_size > operation->mac_size )
+ memset( &mac[operation->mac_size], '!',
+ mac_size - operation->mac_size );
+
+ abort_status = psa_mac_abort( operation );
+
+ return( status == PSA_SUCCESS ? abort_status : status );
}
psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length )
{
- uint8_t actual_mac[PSA_MAC_MAX_SIZE];
- psa_status_t status;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
- if( operation->alg == 0 )
+ if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
if( operation->is_sign )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
+
if( operation->mac_size != mac_length )
{
status = PSA_ERROR_INVALID_SIGNATURE;
- goto cleanup;
+ goto exit;
}
- status = psa_mac_finish_internal( operation,
- actual_mac, sizeof( actual_mac ) );
- if( status != PSA_SUCCESS )
- goto cleanup;
+ status = psa_driver_wrapper_mac_verify_finish( operation,
+ mac, mac_length );
- if( safer_memcmp( mac, actual_mac, mac_length ) != 0 )
- status = PSA_ERROR_INVALID_SIGNATURE;
+exit:
+ abort_status = psa_mac_abort( operation );
-cleanup:
- if( status == PSA_SUCCESS )
- status = psa_mac_abort( operation );
- else
- psa_mac_abort( operation );
-
- mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
-
- return( status );
+ return( status == PSA_SUCCESS ? abort_status : status );
}
+static psa_status_t psa_mac_compute_internal( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length,
+ int is_sign )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+ uint8_t operation_mac_size = 0;
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot,
+ is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH,
+ alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ status = psa_mac_finalize_alg_and_key_validation( alg, &attributes,
+ &operation_mac_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( mac_size < operation_mac_size )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ status = psa_driver_wrapper_mac_compute(
+ &attributes,
+ slot->key.data, slot->key.bytes,
+ alg,
+ input, input_length,
+ mac, operation_mac_size, mac_length );
+
+exit:
+ /* In case of success, set the potential excess room in the output buffer
+ * to an invalid value, to avoid potentially leaking a longer MAC.
+ * In case of error, set the output length and content to a safe default,
+ * such that in case the caller misses an error check, the output would be
+ * an unachievable MAC.
+ */
+ if( status != PSA_SUCCESS )
+ {
+ *mac_length = mac_size;
+ operation_mac_size = 0;
+ }
+ if( mac_size > operation_mac_size )
+ memset( &mac[operation_mac_size], '!', mac_size - operation_mac_size );
+
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+}
+
+psa_status_t psa_mac_compute( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length)
+{
+ return( psa_mac_compute_internal( key, alg,
+ input, input_length,
+ mac, mac_size, mac_length, 1 ) );
+}
+
+psa_status_t psa_mac_verify( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ size_t mac_length)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t actual_mac[PSA_MAC_MAX_SIZE];
+ size_t actual_mac_length;
+
+ status = psa_mac_compute_internal( key, alg,
+ input, input_length,
+ actual_mac, sizeof( actual_mac ),
+ &actual_mac_length, 0 );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( mac_length != actual_mac_length )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+ if( mbedtls_psa_safer_memcmp( mac, actual_mac, actual_mac_length ) != 0 )
+ {
+ status = PSA_ERROR_INVALID_SIGNATURE;
+ goto exit;
+ }
+
+exit:
+ mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+
+ return ( status );
+}
/****************************************************************/
/* Asymmetric cryptography */
/****************************************************************/
-psa_status_t psa_sign_hash_internal(
+static psa_status_t psa_sign_verify_check_alg( int input_is_message,
+ psa_algorithm_t alg )
+{
+ if( input_is_message )
+ {
+ if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+ }
+ else
+ {
+ if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+
+ return( PSA_SUCCESS );
+}
+
+static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+
+ *signature_length = 0;
+
+ status = psa_sign_verify_check_alg( input_is_message, alg );
+ if( status != PSA_SUCCESS )
+ return status;
+
+ /* Immediately reject a zero-length signature buffer. This guarantees
+ * that signature must be a valid pointer. (On the other hand, the input
+ * buffer can in principle be empty since it doesn't actually have
+ * to be a hash.) */
+ if( signature_size == 0 )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE :
+ PSA_KEY_USAGE_SIGN_HASH,
+ alg );
+
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ if( input_is_message )
+ {
+ status = psa_driver_wrapper_sign_message(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ signature, signature_size, signature_length );
+ }
+ else
+ {
+
+ status = psa_driver_wrapper_sign_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ signature, signature_size, signature_length );
+ }
+
+
+exit:
+ /* Fill the unused part of the output buffer (the whole buffer on error,
+ * the trailing part on success) with something that isn't a valid signature
+ * (barring an attack on the signature and deliberately-crafted input),
+ * in case the caller doesn't check the return status properly. */
+ if( status == PSA_SUCCESS )
+ memset( signature + *signature_length, '!',
+ signature_size - *signature_length );
+ else
+ memset( signature, '!', signature_size );
+ /* If signature_size is 0 then we have nothing to do. We must not call
+ * memset because signature may be NULL in this case. */
+
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+}
+
+static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key,
+ int input_is_message,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ const uint8_t * signature,
+ size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+
+ status = psa_sign_verify_check_alg( input_is_message, alg );
+ if( status != PSA_SUCCESS )
+ return status;
+
+ status = psa_get_and_lock_key_slot_with_policy(
+ key, &slot,
+ input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_VERIFY_HASH,
+ alg );
+
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ if( input_is_message )
+ {
+ status = psa_driver_wrapper_verify_message(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ signature, signature_length );
+ }
+ else
+ {
+ status = psa_driver_wrapper_verify_hash(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ signature, signature_length );
+ }
+
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+
+}
+
+psa_status_t psa_sign_message_builtin(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ size_t hash_length;
+ uint8_t hash[PSA_HASH_MAX_SIZE];
+
+ status = psa_driver_wrapper_hash_compute(
+ PSA_ALG_SIGN_GET_HASH( alg ),
+ input, input_length,
+ hash, sizeof( hash ), &hash_length );
+
+ if( status != PSA_SUCCESS )
+ return status;
+
+ return psa_driver_wrapper_sign_hash(
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length );
+ }
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_sign_message( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ uint8_t * signature,
+ size_t signature_size,
+ size_t * signature_length )
+{
+ return psa_sign_internal(
+ key, 1, alg, input, input_length,
+ signature, signature_size, signature_length );
+}
+
+psa_status_t psa_verify_message_builtin(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ size_t hash_length;
+ uint8_t hash[PSA_HASH_MAX_SIZE];
+
+ status = psa_driver_wrapper_hash_compute(
+ PSA_ALG_SIGN_GET_HASH( alg ),
+ input, input_length,
+ hash, sizeof( hash ), &hash_length );
+
+ if( status != PSA_SUCCESS )
+ return status;
+
+ return psa_driver_wrapper_verify_hash(
+ attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length );
+ }
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t psa_verify_message( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t * input,
+ size_t input_length,
+ const uint8_t * signature,
+ size_t signature_length )
+{
+ return psa_verify_internal(
+ key, 1, alg, input, input_length,
+ signature, signature_length );
+}
+
+psa_status_t psa_sign_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -2906,57 +2996,12 @@
size_t signature_size,
size_t *signature_length )
{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
-
- *signature_length = signature_size;
- /* Immediately reject a zero-length signature buffer. This guarantees
- * that signature must be a valid pointer. (On the other hand, the hash
- * buffer can in principle be empty since it doesn't actually have
- * to be a hash.) */
- if( signature_size == 0 )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
-
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_SIGN_HASH,
- alg );
- if( status != PSA_SUCCESS )
- goto exit;
- if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) )
- {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
-
- status = psa_driver_wrapper_sign_hash(
- &attributes, slot->key.data, slot->key.bytes,
- alg, hash, hash_length,
+ return psa_sign_internal(
+ key, 0, alg, hash, hash_length,
signature, signature_size, signature_length );
-
-exit:
- /* Fill the unused part of the output buffer (the whole buffer on error,
- * the trailing part on success) with something that isn't a valid mac
- * (barring an attack on the mac and deliberately-crafted input),
- * in case the caller doesn't check the return status properly. */
- if( status == PSA_SUCCESS )
- memset( signature + *signature_length, '!',
- signature_size - *signature_length );
- else
- memset( signature, '!', signature_size );
- /* If signature_size is 0 then we have nothing to do. We must not call
- * memset because signature may be NULL in this case. */
-
- unlock_status = psa_unlock_key_slot( slot );
-
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
-psa_status_t psa_verify_hash_internal(
+psa_status_t psa_verify_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -3020,28 +3065,9 @@
const uint8_t *signature,
size_t signature_length )
{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
-
- status = psa_get_and_lock_key_slot_with_policy( key, &slot,
- PSA_KEY_USAGE_VERIFY_HASH,
- alg );
- if( status != PSA_SUCCESS )
- return( status );
-
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
-
- status = psa_driver_wrapper_verify_hash(
- &attributes, slot->key.data, slot->key.bytes,
- alg, hash, hash_length,
+ return psa_verify_internal(
+ key, 0, alg, hash, hash_length,
signature, signature_length );
-
- unlock_status = psa_unlock_key_slot( slot );
-
- return( ( status == PSA_SUCCESS ) ? unlock_status : status );
}
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
@@ -3281,20 +3307,24 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_slot_t *slot;
+ psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = ( cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
PSA_KEY_USAGE_DECRYPT );
/* A context must be freshly initialized before it can be set up. */
if( operation->id != 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
- /* The requested algorithm must be one that can be processed by cipher. */
if( ! PSA_ALG_IS_CIPHER( alg ) )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
- /* Fetch key material from key storage. */
status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg );
if( status != PSA_SUCCESS )
goto exit;
@@ -3362,12 +3392,14 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
if( operation->iv_set || ! operation->iv_required )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
if( iv_size < operation->default_iv_length )
@@ -3403,18 +3435,28 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( operation->iv_set || ! operation->iv_required )
- return( PSA_ERROR_BAD_STATE );
+ {
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
+ }
if( iv_length > PSA_CIPHER_IV_MAX_SIZE )
- return( PSA_ERROR_INVALID_ARGUMENT );
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
status = psa_driver_wrapper_cipher_set_iv( operation,
iv,
iv_length );
+exit:
if( status == PSA_SUCCESS )
operation->iv_set = 1;
else
@@ -3433,11 +3475,14 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
+
if( operation->iv_required && ! operation->iv_set )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
status = psa_driver_wrapper_cipher_update( operation,
@@ -3446,6 +3491,8 @@
output,
output_size,
output_length );
+
+exit:
if( status != PSA_SUCCESS )
psa_cipher_abort( operation );
@@ -3461,17 +3508,22 @@
if( operation->id == 0 )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
+
if( operation->iv_required && ! operation->iv_set )
{
- return( PSA_ERROR_BAD_STATE );
+ status = PSA_ERROR_BAD_STATE;
+ goto exit;
}
status = psa_driver_wrapper_cipher_finish( operation,
output,
output_size,
output_length );
+
+exit:
if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) );
else
@@ -3502,6 +3554,107 @@
return( PSA_SUCCESS );
}
+psa_status_t psa_cipher_encrypt( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+ psa_key_type_t key_type;
+ size_t iv_length;
+
+ *output_length = 0;
+
+ if( ! PSA_ALG_IS_CIPHER( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_and_lock_key_slot_with_policy( key, &slot,
+ PSA_KEY_USAGE_ENCRYPT,
+ alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ key_type = slot->attr.type;
+ iv_length = PSA_CIPHER_IV_LENGTH( key_type, alg );
+
+ if( iv_length > 0 )
+ {
+ if( output_size < iv_length )
+ {
+ status = PSA_ERROR_BUFFER_TOO_SMALL;
+ goto exit;
+ }
+
+ status = psa_generate_random( output, iv_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+
+ status = psa_driver_wrapper_cipher_encrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ output, output_size, output_length );
+
+exit:
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+}
+
+psa_status_t psa_cipher_decrypt( mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_slot_t *slot;
+
+ *output_length = 0;
+
+ if( ! PSA_ALG_IS_CIPHER( alg ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = psa_get_and_lock_key_slot_with_policy( key, &slot,
+ PSA_KEY_USAGE_DECRYPT,
+ alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+ psa_key_attributes_t attributes = {
+ .core = slot->attr
+ };
+
+ if( input_length < PSA_CIPHER_IV_LENGTH( slot->attr.type, alg ) )
+ {
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ goto exit;
+ }
+
+ status = psa_driver_wrapper_cipher_decrypt(
+ &attributes, slot->key.data, slot->key.bytes,
+ alg, input, input_length,
+ output, output_size, output_length );
+
+exit:
+ unlock_status = psa_unlock_key_slot( slot );
+
+ return( ( status == PSA_SUCCESS ) ? unlock_status : status );
+}
+
+
/****************************************************************/
/* AEAD */
/****************************************************************/
@@ -3604,7 +3757,35 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
#define AT_LEAST_ONE_BUILTIN_KDF
-#endif
+#endif /* At least one builtin KDF */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
+static psa_status_t psa_key_derivation_start_hmac(
+ psa_mac_operation_t *operation,
+ psa_algorithm_t hash_alg,
+ const uint8_t *hmac_key,
+ size_t hmac_key_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC );
+ psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+
+ operation->is_sign = 1;
+ operation->mac_size = PSA_HASH_LENGTH( hash_alg );
+
+ status = psa_driver_wrapper_mac_sign_setup( operation,
+ &attributes,
+ hmac_key, hmac_key_length,
+ PSA_ALG_HMAC( hash_alg ) );
+
+ psa_reset_key_attributes( &attributes );
+ return( status );
+}
+#endif /* KDF algorithms reliant on HMAC */
#define HKDF_STATE_INIT 0 /* no input yet */
#define HKDF_STATE_STARTED 1 /* got salt */
@@ -3635,7 +3816,7 @@
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
mbedtls_free( operation->ctx.hkdf.info );
- status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
+ status = psa_mac_abort( &operation->ctx.hkdf.hmac );
}
else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */
@@ -3645,6 +3826,13 @@
/* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
+ if( operation->ctx.tls12_prf.secret != NULL )
+ {
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.secret,
+ operation->ctx.tls12_prf.secret_length );
+ mbedtls_free( operation->ctx.tls12_prf.secret );
+ }
+
if( operation->ctx.tls12_prf.seed != NULL )
{
mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
@@ -3659,7 +3847,7 @@
mbedtls_free( operation->ctx.tls12_prf.label );
}
- status = psa_hmac_abort_internal( &operation->ctx.tls12_prf.hmac );
+ status = PSA_SUCCESS;
/* We leave the fields Ai and output_block to be erased safely by the
* mbedtls_platform_zeroize() in the end of this function. */
@@ -3702,11 +3890,12 @@
/* Read some bytes from an HKDF-based operation. This performs a chunk
* of the expand phase of the HKDF algorithm. */
static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
- psa_algorithm_t hash_alg,
- uint8_t *output,
- size_t output_length )
+ psa_algorithm_t hash_alg,
+ uint8_t *output,
+ size_t output_length )
{
uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
+ size_t hmac_output_length;
psa_status_t status;
if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
@@ -3736,31 +3925,35 @@
/* We need a new block */
++hkdf->block_number;
hkdf->offset_in_block = 0;
- status = psa_hmac_setup_internal( &hkdf->hmac,
- hkdf->prk, hash_length,
- hash_alg );
+
+ status = psa_key_derivation_start_hmac( &hkdf->hmac,
+ hash_alg,
+ hkdf->prk,
+ hash_length );
if( status != PSA_SUCCESS )
return( status );
+
if( hkdf->block_number != 1 )
{
- status = psa_hash_update( &hkdf->hmac.hash_ctx,
- hkdf->output_block,
- hash_length );
+ status = psa_mac_update( &hkdf->hmac,
+ hkdf->output_block,
+ hash_length );
if( status != PSA_SUCCESS )
return( status );
}
- status = psa_hash_update( &hkdf->hmac.hash_ctx,
- hkdf->info,
- hkdf->info_length );
+ status = psa_mac_update( &hkdf->hmac,
+ hkdf->info,
+ hkdf->info_length );
if( status != PSA_SUCCESS )
return( status );
- status = psa_hash_update( &hkdf->hmac.hash_ctx,
- &hkdf->block_number, 1 );
+ status = psa_mac_update( &hkdf->hmac,
+ &hkdf->block_number, 1 );
if( status != PSA_SUCCESS )
return( status );
- status = psa_hmac_finish_internal( &hkdf->hmac,
- hkdf->output_block,
- sizeof( hkdf->output_block ) );
+ status = psa_mac_sign_finish( &hkdf->hmac,
+ hkdf->output_block,
+ sizeof( hkdf->output_block ),
+ &hmac_output_length );
if( status != PSA_SUCCESS )
return( status );
}
@@ -3777,7 +3970,8 @@
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
- psa_hash_operation_t backup = PSA_HASH_OPERATION_INIT;
+ psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT;
+ size_t hmac_output_length;
psa_status_t status, cleanup_status;
/* We can't be wanting more output after block 0xff, otherwise
@@ -3809,10 +4003,10 @@
* `block_number`.
*/
- /* Save the hash context before using it, to preserve the hash state with
- * only the inner padding in it. We need this, because inner padding depends
- * on the key (secret in the RFC's terminology). */
- status = psa_hash_clone( &tls12_prf->hmac.hash_ctx, &backup );
+ status = psa_key_derivation_start_hmac( &hmac,
+ hash_alg,
+ tls12_prf->secret,
+ tls12_prf->secret_length );
if( status != PSA_SUCCESS )
goto cleanup;
@@ -3822,57 +4016,58 @@
/* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads
* the variable seed and in this instance means it in the context of the
* P_hash function, where seed = label + seed.) */
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->label, tls12_prf->label_length );
+ status = psa_mac_update( &hmac,
+ tls12_prf->label,
+ tls12_prf->label_length );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->seed, tls12_prf->seed_length );
+ status = psa_mac_update( &hmac,
+ tls12_prf->seed,
+ tls12_prf->seed_length );
if( status != PSA_SUCCESS )
goto cleanup;
}
else
{
/* A(i) = HMAC_hash(secret, A(i-1)) */
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->Ai, hash_length );
+ status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
if( status != PSA_SUCCESS )
goto cleanup;
}
- status = psa_hmac_finish_internal( &tls12_prf->hmac,
- tls12_prf->Ai, hash_length );
- if( status != PSA_SUCCESS )
- goto cleanup;
- status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx );
+ status = psa_mac_sign_finish( &hmac,
+ tls12_prf->Ai, hash_length,
+ &hmac_output_length );
+ if( hmac_output_length != hash_length )
+ status = PSA_ERROR_CORRUPTION_DETECTED;
if( status != PSA_SUCCESS )
goto cleanup;
/* Calculate HMAC_hash(secret, A(i) + label + seed). */
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->Ai, hash_length );
+ status = psa_key_derivation_start_hmac( &hmac,
+ hash_alg,
+ tls12_prf->secret,
+ tls12_prf->secret_length );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->label, tls12_prf->label_length );
+ status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hash_update( &tls12_prf->hmac.hash_ctx,
- tls12_prf->seed, tls12_prf->seed_length );
+ status = psa_mac_update( &hmac, tls12_prf->label, tls12_prf->label_length );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hmac_finish_internal( &tls12_prf->hmac,
- tls12_prf->output_block, hash_length );
+ status = psa_mac_update( &hmac, tls12_prf->seed, tls12_prf->seed_length );
if( status != PSA_SUCCESS )
goto cleanup;
- status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx );
+ status = psa_mac_sign_finish( &hmac,
+ tls12_prf->output_block, hash_length,
+ &hmac_output_length );
if( status != PSA_SUCCESS )
goto cleanup;
cleanup:
-
- cleanup_status = psa_hash_abort( &backup );
+ cleanup_status = psa_mac_abort( &hmac );
if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
status = cleanup_status;
@@ -3890,6 +4085,17 @@
psa_status_t status;
uint8_t offset, length;
+ switch( tls12_prf->state )
+ {
+ case PSA_TLS12_PRF_STATE_LABEL_SET:
+ tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
+ break;
+ case PSA_TLS12_PRF_STATE_OUTPUT:
+ break;
+ default:
+ return( PSA_ERROR_BAD_STATE );
+ }
+
while( output_length != 0 )
{
/* Check if we have fully processed the current block. */
@@ -3969,8 +4175,8 @@
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
- kdf_alg, output,
- output_length );
+ kdf_alg, output,
+ output_length );
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF ||
@@ -4198,33 +4404,37 @@
case PSA_KEY_DERIVATION_INPUT_SALT:
if( hkdf->state != HKDF_STATE_INIT )
return( PSA_ERROR_BAD_STATE );
- status = psa_hmac_setup_internal( &hkdf->hmac,
- data, data_length,
- hash_alg );
- if( status != PSA_SUCCESS )
- return( status );
- hkdf->state = HKDF_STATE_STARTED;
- return( PSA_SUCCESS );
+ else
+ {
+ status = psa_key_derivation_start_hmac( &hkdf->hmac,
+ hash_alg,
+ data, data_length );
+ if( status != PSA_SUCCESS )
+ return( status );
+ hkdf->state = HKDF_STATE_STARTED;
+ return( PSA_SUCCESS );
+ }
case PSA_KEY_DERIVATION_INPUT_SECRET:
/* If no salt was provided, use an empty salt. */
if( hkdf->state == HKDF_STATE_INIT )
{
- status = psa_hmac_setup_internal( &hkdf->hmac,
- NULL, 0,
- hash_alg );
+ status = psa_key_derivation_start_hmac( &hkdf->hmac,
+ hash_alg,
+ NULL, 0 );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
}
if( hkdf->state != HKDF_STATE_STARTED )
return( PSA_ERROR_BAD_STATE );
- status = psa_hash_update( &hkdf->hmac.hash_ctx,
- data, data_length );
+ status = psa_mac_update( &hkdf->hmac,
+ data, data_length );
if( status != PSA_SUCCESS )
return( status );
- status = psa_hmac_finish_internal( &hkdf->hmac,
- hkdf->prk,
- sizeof( hkdf->prk ) );
+ status = psa_mac_sign_finish( &hkdf->hmac,
+ hkdf->prk,
+ sizeof( hkdf->prk ),
+ &data_length );
if( status != PSA_SUCCESS )
return( status );
hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
@@ -4277,17 +4487,21 @@
}
static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf,
- psa_algorithm_t hash_alg,
const uint8_t *data,
size_t data_length )
{
- psa_status_t status;
if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET )
return( PSA_ERROR_BAD_STATE );
- status = psa_hmac_setup_internal( &prf->hmac, data, data_length, hash_alg );
- if( status != PSA_SUCCESS )
- return( status );
+ if( data_length != 0 )
+ {
+ prf->secret = mbedtls_calloc( 1, data_length );
+ if( prf->secret == NULL )
+ return( PSA_ERROR_INSUFFICIENT_MEMORY );
+
+ memcpy( prf->secret, data, data_length );
+ prf->secret_length = data_length;
+ }
prf->state = PSA_TLS12_PRF_STATE_KEY_SET;
@@ -4317,7 +4531,6 @@
}
static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
- psa_algorithm_t hash_alg,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
@@ -4327,7 +4540,7 @@
case PSA_KEY_DERIVATION_INPUT_SEED:
return( psa_tls12_prf_set_seed( prf, data, data_length ) );
case PSA_KEY_DERIVATION_INPUT_SECRET:
- return( psa_tls12_prf_set_key( prf, hash_alg, data, data_length ) );
+ return( psa_tls12_prf_set_key( prf, data, data_length ) );
case PSA_KEY_DERIVATION_INPUT_LABEL:
return( psa_tls12_prf_set_label( prf, data, data_length ) );
default:
@@ -4340,7 +4553,6 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
static psa_status_t psa_tls12_prf_psk_to_ms_set_key(
psa_tls12_prf_key_derivation_t *prf,
- psa_algorithm_t hash_alg,
const uint8_t *data,
size_t data_length )
{
@@ -4367,7 +4579,7 @@
memcpy( cur, data, data_length );
cur += data_length;
- status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms );
+ status = psa_tls12_prf_set_key( prf, pms, cur - pms );
mbedtls_platform_zeroize( pms, sizeof( pms ) );
return( status );
@@ -4375,18 +4587,17 @@
static psa_status_t psa_tls12_prf_psk_to_ms_input(
psa_tls12_prf_key_derivation_t *prf,
- psa_algorithm_t hash_alg,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
{
- return( psa_tls12_prf_psk_to_ms_set_key( prf, hash_alg,
+ return( psa_tls12_prf_psk_to_ms_set_key( prf,
data, data_length ) );
}
- return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) );
+ return( psa_tls12_prf_input( prf, step, data, data_length ) );
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
@@ -4451,7 +4662,6 @@
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
{
status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
- PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length );
}
else
@@ -4460,7 +4670,6 @@
if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf,
- PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length );
}
else
@@ -4974,7 +5183,8 @@
}
else
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
if ( type == PSA_KEY_TYPE_RSA_KEY_PAIR )
{
return( mbedtls_psa_rsa_generate_key( attributes,
@@ -4983,7 +5193,8 @@
key_buffer_length ) );
}
else
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR)
if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 4992a6e..2213ad0 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -163,9 +163,7 @@
(void)key_buffer_size;
- /* Proceed with initializing an mbed TLS cipher context if no driver is
- * available for the given algorithm & key. */
- mbedtls_cipher_init( &operation->cipher );
+ mbedtls_cipher_init( &operation->ctx.cipher );
operation->alg = alg;
key_bits = attributes->core.bits;
@@ -174,7 +172,7 @@
if( cipher_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
- ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
+ ret = mbedtls_cipher_setup( &operation->ctx.cipher, cipher_info );
if( ret != 0 )
goto exit;
@@ -185,14 +183,14 @@
uint8_t keys[24];
memcpy( keys, key_buffer, 16 );
memcpy( keys + 16, key_buffer, 8 );
- ret = mbedtls_cipher_setkey( &operation->cipher,
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher,
keys,
192, cipher_operation );
}
else
#endif
{
- ret = mbedtls_cipher_setkey( &operation->cipher, key_buffer,
+ ret = mbedtls_cipher_setkey( &operation->ctx.cipher, key_buffer,
(int) key_bits, cipher_operation );
}
if( ret != 0 )
@@ -203,11 +201,11 @@
switch( alg )
{
case PSA_ALG_CBC_NO_PADDING:
- ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_NONE );
break;
case PSA_ALG_CBC_PKCS7:
- ret = mbedtls_cipher_set_padding_mode( &operation->cipher,
+ ret = mbedtls_cipher_set_padding_mode( &operation->ctx.cipher,
MBEDTLS_PADDING_PKCS7 );
break;
default:
@@ -256,7 +254,7 @@
return( PSA_ERROR_INVALID_ARGUMENT );
return( mbedtls_to_psa_error(
- mbedtls_cipher_set_iv( &operation->cipher,
+ mbedtls_cipher_set_iv( &operation->ctx.cipher,
iv, iv_length ) ) );
}
@@ -365,7 +363,7 @@
* the last partial block, if any. You get the data that will be
* output in this call. */
expected_output_size =
- ( operation->cipher.unprocessed_len + input_length )
+ ( operation->ctx.cipher.unprocessed_len + input_length )
/ operation->block_length * operation->block_length;
}
else
@@ -381,7 +379,7 @@
/* mbedtls_cipher_update has an API inconsistency: it will only
* process a single block at a time in ECB mode. Abstract away that
* inconsistency here to match the PSA API behaviour. */
- status = psa_cipher_update_ecb( &operation->cipher,
+ status = psa_cipher_update_ecb( &operation->ctx.cipher,
input,
input_length,
output,
@@ -391,8 +389,11 @@
else
{
status = mbedtls_to_psa_error(
- mbedtls_cipher_update( &operation->cipher, input,
+ mbedtls_cipher_update( &operation->ctx.cipher, input,
input_length, output, output_length ) );
+
+ if( *output_length > output_size )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
}
return( status );
@@ -406,7 +407,7 @@
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
- if( operation->cipher.unprocessed_len != 0 )
+ if( operation->ctx.cipher.unprocessed_len != 0 )
{
if( operation->alg == PSA_ALG_ECB_NO_PADDING ||
operation->alg == PSA_ALG_CBC_NO_PADDING )
@@ -417,7 +418,7 @@
}
status = mbedtls_to_psa_error(
- mbedtls_cipher_finish( &operation->cipher,
+ mbedtls_cipher_finish( &operation->ctx.cipher,
temp_output_buffer,
output_length ) );
if( status != PSA_SUCCESS )
@@ -444,10 +445,112 @@
if( ! PSA_ALG_IS_CIPHER( operation->alg ) )
return( PSA_ERROR_BAD_STATE );
- mbedtls_cipher_free( &operation->cipher );
+ mbedtls_cipher_free( &operation->ctx.cipher );
return( PSA_SUCCESS );
}
+
+static psa_status_t cipher_encrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
+ size_t olength, accumulated_length;
+
+ status = cipher_encrypt_setup( &operation, attributes,
+ key_buffer, key_buffer_size, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ accumulated_length = 0;
+ if( operation.iv_length > 0 )
+ {
+ status = cipher_set_iv( &operation, output, operation.iv_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ accumulated_length = operation.iv_length;
+ }
+
+ status = cipher_update( &operation, input, input_length,
+ output + operation.iv_length,
+ output_size - operation.iv_length,
+ &olength );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ accumulated_length += olength;
+
+ status = cipher_finish( &operation, output + accumulated_length,
+ output_size - accumulated_length, &olength );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ *output_length = accumulated_length + olength;
+
+exit:
+ if( status == PSA_SUCCESS )
+ status = cipher_abort( &operation );
+ else
+ cipher_abort( &operation );
+ return( status );
+}
+
+static psa_status_t cipher_decrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_psa_cipher_operation_t operation = MBEDTLS_PSA_CIPHER_OPERATION_INIT;
+ size_t olength, accumulated_length;
+
+ status = cipher_decrypt_setup( &operation, attributes,
+ key_buffer, key_buffer_size, alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( operation.iv_length > 0 )
+ {
+ status = cipher_set_iv( &operation, input, operation.iv_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+
+ status = cipher_update( &operation, input + operation.iv_length,
+ input_length - operation.iv_length,
+ output, output_size, &olength );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ accumulated_length = olength;
+
+ status = cipher_finish( &operation, output + accumulated_length,
+ output_size - accumulated_length, &olength );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ *output_length = accumulated_length + olength;
+
+exit:
+ if ( status == PSA_SUCCESS )
+ status = cipher_abort( &operation );
+ else
+ cipher_abort( &operation );
+ return( status );
+}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER || PSA_CRYPTO_DRIVER_TEST */
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
@@ -501,6 +604,36 @@
{
return( cipher_abort( operation ) );
}
+
+psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
+}
+
+psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
+}
#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
/*
@@ -556,6 +689,38 @@
{
return( cipher_abort( operation ) );
}
+
+psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ return( cipher_encrypt( attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
+}
+
+psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ return( cipher_decrypt( attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
+}
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index 3e1a7a0..5971e8d 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -199,6 +199,111 @@
*/
psa_status_t mbedtls_psa_cipher_abort( mbedtls_psa_cipher_operation_t *operation );
+/** Encrypt a message using a symmetric cipher.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_encrypt entry point. This function behaves as a
+ * cipher_encrypt entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the message to encrypt.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[in,out] output Buffer where the output is to be written.
+ * The core has generated and written the IV
+ * at the beginning of this buffer before
+ * this function is called. The size of the IV
+ * is PSA_CIPHER_IV_LENGTH( key_type, alg ) where
+ * \c key_type is the type of the key identified
+ * by \p key and \p alg is the cipher algorithm
+ * to compute.
+ * \param[in] output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes that make up
+ * the returned output. Initialized to zero
+ * by the core.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p iv is not acceptable for the chosen algorithm,
+ * or the chosen algorithm does not use an IV.
+ * The total input size passed to this operation is not valid for
+ * this particular algorithm. For example, the algorithm is a based
+ * on block cipher and requires a whole number of blocks, but the
+ * total input size is not a multiple of the block size.
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * This is a decryption operation for an algorithm that includes
+ * padding, and the ciphertext does not contain valid padding.
+ */
+psa_status_t mbedtls_psa_cipher_encrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+/** Decrypt a message using a symmetric cipher.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * cipher_decrypt entry point. This function behaves as a
+ * cipher_decrypt entry point as defined in the PSA driver
+ * interface specification for transparent drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the iv and the ciphertext.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * \param[in] output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes that make up
+ * the returned output. Initialized to zero
+ * by the core.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p iv is not acceptable for the chosen algorithm,
+ * or the chosen algorithm does not use an IV.
+ * The total input size passed to this operation is not valid for
+ * this particular algorithm. For example, the algorithm is a based
+ * on block cipher and requires a whole number of blocks, but the
+ * total input size is not a multiple of the block size.
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * This is a decryption operation for an algorithm that includes
+ * padding, and the ciphertext does not contain valid padding.
+ */
+psa_status_t mbedtls_psa_cipher_decrypt( const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
/*
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
*/
@@ -231,6 +336,28 @@
psa_status_t mbedtls_transparent_test_driver_cipher_abort(
mbedtls_psa_cipher_operation_t *operation );
+
+psa_status_t mbedtls_transparent_test_driver_cipher_encrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
+
+psa_status_t mbedtls_transparent_test_driver_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_CIPHER_H */
diff --git a/library/psa_crypto_client.c b/library/psa_crypto_client.c
index e84cf30..629feb7 100644
--- a/library/psa_crypto_client.c
+++ b/library/psa_crypto_client.c
@@ -19,7 +19,6 @@
*/
#include "common.h"
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 90f9d18..4420ec2 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -30,6 +30,26 @@
#include "psa/crypto.h"
#include "psa/crypto_se_driver.h"
+/** Constant-time buffer comparison
+ *
+ * \param[in] a Left-hand buffer for comparison.
+ * \param[in] b Right-hand buffer for comparison.
+ * \param n Amount of bytes to compare.
+ *
+ * \return 0 if the buffer contents are equal, non-zero otherwise
+ */
+static inline int mbedtls_psa_safer_memcmp(
+ const uint8_t *a, const uint8_t *b, size_t n )
+{
+ size_t i;
+ unsigned char diff = 0;
+
+ for( i = 0; i < n; i++ )
+ diff |= a[i] ^ b[i];
+
+ return( diff );
+}
+
/** The data structure representing a key slot, containing key material
* and metadata for one key.
*/
@@ -358,6 +378,86 @@
size_t key_buffer_size,
size_t *key_buffer_length );
+/** Sign a message with a private key. For hash-and-sign algorithms,
+ * this includes the hashing step.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * sign_message entry point. This function behaves as a sign_message
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \note This function will call the driver for psa_sign_hash
+ * and go through driver dispatch again.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of the key.
+ * \param[in] input The input message to sign.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of the key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
+ */
+psa_status_t psa_sign_message_builtin(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *input, size_t input_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length );
+
+/** Verify the signature of a message with a public key, using
+ * a hash-and-sign verification algorithm.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * verify_message entry point. This function behaves as a verify_message
+ * entry point as defined in the PSA driver interface specification for
+ * transparent drivers.
+ *
+ * \note This function will call the driver for psa_verify_hash
+ * and go through driver dispatch again.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key context.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of the key.
+ * \param[in] input The message whose signature is to be verified.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t psa_verify_message_builtin(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg, const uint8_t *input, size_t input_length,
+ const uint8_t *signature, size_t signature_length );
+
/** Sign an already-calculated hash with a private key.
*
* \note The signature of this function is that of a PSA driver
@@ -368,7 +468,6 @@
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
- * format.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg A signature algorithm that is compatible with
* the type of the key.
@@ -392,7 +491,7 @@
* \retval #PSA_ERROR_CORRUPTION_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
*/
-psa_status_t psa_sign_hash_internal(
+psa_status_t psa_sign_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
@@ -409,7 +508,6 @@
* \param[in] attributes The attributes of the key to use for the
* operation.
* \param[in] key_buffer The buffer containing the key context.
- * format.
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
* \param[in] alg A signature algorithm that is compatible with
* the type of the key.
@@ -428,7 +526,7 @@
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
*/
-psa_status_t psa_verify_hash_internal(
+psa_status_t psa_verify_hash_builtin(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index 11160d8..f7240ce 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -24,9 +24,12 @@
#include "psa_crypto_core.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_hash.h"
+#include "psa_crypto_mac.h"
#include "mbedtls/platform.h"
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Include test driver definition when running tests */
@@ -64,6 +67,152 @@
#endif
/* Start delegation functions */
+psa_status_t psa_driver_wrapper_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_sign_message(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ status = mbedtls_test_opaque_signature_sign_message(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ break;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ break;
+ }
+
+ return( psa_sign_message_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_size,
+ signature_length ) );
+}
+
+psa_status_t psa_driver_wrapper_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_signature_verify_message(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ break;
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_signature_verify_message(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length ) );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ break;
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void)status;
+ break;
+ }
+
+ return( psa_verify_message_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ signature,
+ signature_length ) );
+}
+
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -101,7 +250,7 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_sign_hash( attributes,
+ status = mbedtls_test_transparent_signature_sign_hash( attributes,
key_buffer,
key_buffer_size,
alg,
@@ -116,29 +265,29 @@
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
- return( psa_sign_hash_internal( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length ) );
+ return( psa_sign_hash_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_signature_sign_hash( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_size,
- signature_length ) );
+ return( mbedtls_test_opaque_signature_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -185,41 +334,42 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_signature_verify_hash( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length );
+ status = mbedtls_test_transparent_signature_verify_hash(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
- return( psa_verify_hash_internal( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length ) );
+ return( psa_verify_hash_builtin( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length ) );
/* Add cases for opaque driver here */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_signature_verify_hash( attributes,
- key_buffer,
- key_buffer_size,
- alg,
- hash,
- hash_length,
- signature,
- signature_length ) );
+ return( mbedtls_test_opaque_signature_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -267,37 +417,9 @@
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
-#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
- *key_buffer_size = test_size_function( key_type, key_bits );
- return( PSA_SUCCESS );
-#else /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
- if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
- {
- int public_key_overhead =
- ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 ) ?
- PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
- *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
- + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
- + public_key_overhead;
- }
- else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
- {
- *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
- + TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
- }
- else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
- !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
- {
- *key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
- + TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
- * ( ( key_bits + 7 ) / 8 );
- }
- else
- {
- return( PSA_ERROR_NOT_SUPPORTED );
- }
- return( PSA_SUCCESS );
-#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
+ *key_buffer_size = mbedtls_test_size_function( key_type, key_bits );
+ return( ( *key_buffer_size != 0 ) ?
+ PSA_SUCCESS : PSA_ERROR_NOT_SUPPORTED );
#endif /* PSA_CRYPTO_DRIVER_TEST */
default:
@@ -345,7 +467,7 @@
{
/* Cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_generate_key(
+ status = mbedtls_test_transparent_generate_key(
attributes, key_buffer, key_buffer_size,
key_buffer_length );
/* Declared with fallback == true */
@@ -364,7 +486,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- status = test_opaque_generate_key(
+ status = mbedtls_test_opaque_generate_key(
attributes, key_buffer, key_buffer_size, key_buffer_length );
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -428,10 +550,11 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_import_key( attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
+ status = mbedtls_test_transparent_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -496,12 +619,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_export_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return( mbedtls_test_opaque_export_key( attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -547,12 +670,13 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length );
+ status = mbedtls_test_transparent_export_public_key(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -570,12 +694,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_export_public_key( attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length ) );
+ return( mbedtls_test_opaque_export_public_key( attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
default:
@@ -594,7 +718,7 @@
{
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_get_builtin_key(
+ return( mbedtls_test_opaque_get_builtin_key(
slot_number,
attributes,
key_buffer, key_buffer_size, key_buffer_length ) );
@@ -612,7 +736,9 @@
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
- psa_key_slot_t *slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -620,66 +746,81 @@
size_t output_size,
size_t *output_length )
{
-#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_cipher_encrypt( &attributes,
- slot->key.data,
- slot->key.bytes,
- alg,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = mbedtls_test_transparent_cipher_encrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
- /* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
- /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_cipher_encrypt( &attributes,
- slot->key.data,
- slot->key.bytes,
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_encrypt( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
+#else
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_cipher_encrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)input;
+ (void)input_length;
+ (void)output;
+ (void)output_size;
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void) slot;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_decrypt(
- psa_key_slot_t *slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -687,62 +828,75 @@
size_t output_size,
size_t *output_length )
{
-#if defined(PSA_CRYPTO_DRIVER_PRESENT) && defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
- psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
- psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
- psa_key_attributes_t attributes = {
- .core = slot->attr
- };
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
switch( location )
{
case PSA_KEY_LOCATION_LOCAL_STORAGE:
/* Key is stored in the slot in export representation, so
* cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_cipher_decrypt( &attributes,
- slot->key.data,
- slot->key.bytes,
- alg,
- input,
- input_length,
- output,
- output_size,
- output_length );
+ status = mbedtls_test_transparent_cipher_decrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length );
/* Declared with fallback == true */
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
- /* Fell through, meaning no accelerator supports this operation */
- return( PSA_ERROR_NOT_SUPPORTED );
- /* Add cases for opaque driver here */
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- return( test_opaque_cipher_decrypt( &attributes,
- slot->key.data,
- slot->key.bytes,
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
+#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
+ return( mbedtls_psa_cipher_decrypt( attributes,
+ key_buffer,
+ key_buffer_size,
alg,
input,
input_length,
output,
output_size,
output_length ) );
+#else
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif /* MBEDTLS_PSA_BUILTIN_CIPHER */
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ return( mbedtls_test_opaque_cipher_decrypt( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ input,
+ input_length,
+ output,
+ output_size,
+ output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+
default:
/* Key is declared with a lifetime not known to us */
- return( status );
+ (void)status;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)alg;
+ (void)input;
+ (void)input_length;
+ (void)output;
+ (void)output_size;
+ (void)output_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
}
-#else /* PSA_CRYPTO_DRIVER_PRESENT */
- (void) slot;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-#endif /* PSA_CRYPTO_DRIVER_PRESENT */
}
psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
@@ -762,7 +916,7 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_cipher_encrypt_setup(
+ status = mbedtls_test_transparent_cipher_encrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer,
@@ -795,7 +949,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- status = test_opaque_cipher_encrypt_setup(
+ status = mbedtls_test_opaque_cipher_encrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
@@ -834,7 +988,7 @@
* cycle through all known transparent accelerators */
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_cipher_decrypt_setup(
+ status = mbedtls_test_transparent_cipher_decrypt_setup(
&operation->ctx.transparent_test_driver_ctx,
attributes,
key_buffer,
@@ -866,7 +1020,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TEST_DRIVER_LOCATION:
- status = test_opaque_cipher_decrypt_setup(
+ status = mbedtls_test_opaque_cipher_decrypt_setup(
&operation->ctx.opaque_test_driver_ctx,
attributes,
key_buffer, key_buffer_size,
@@ -905,12 +1059,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( test_transparent_cipher_set_iv(
+ return( mbedtls_test_transparent_cipher_set_iv(
&operation->ctx.transparent_test_driver_ctx,
iv, iv_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( test_opaque_cipher_set_iv(
+ return( mbedtls_test_opaque_cipher_set_iv(
&operation->ctx.opaque_test_driver_ctx,
iv, iv_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -946,13 +1100,13 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( test_transparent_cipher_update(
+ return( mbedtls_test_transparent_cipher_update(
&operation->ctx.transparent_test_driver_ctx,
input, input_length,
output, output_size, output_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( test_opaque_cipher_update(
+ return( mbedtls_test_opaque_cipher_update(
&operation->ctx.opaque_test_driver_ctx,
input, input_length,
output, output_size, output_length ) );
@@ -988,12 +1142,12 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( test_transparent_cipher_finish(
+ return( mbedtls_test_transparent_cipher_finish(
&operation->ctx.transparent_test_driver_ctx,
output, output_size, output_length ) );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- return( test_opaque_cipher_finish(
+ return( mbedtls_test_opaque_cipher_finish(
&operation->ctx.opaque_test_driver_ctx,
output, output_size, output_length ) );
#endif /* PSA_CRYPTO_DRIVER_TEST */
@@ -1022,7 +1176,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- status = test_transparent_cipher_abort(
+ status = mbedtls_test_transparent_cipher_abort(
&operation->ctx.transparent_test_driver_ctx );
mbedtls_platform_zeroize(
&operation->ctx.transparent_test_driver_ctx,
@@ -1030,7 +1184,7 @@
return( status );
case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
- status = test_opaque_cipher_abort(
+ status = mbedtls_test_opaque_cipher_abort(
&operation->ctx.opaque_test_driver_ctx );
mbedtls_platform_zeroize(
&operation->ctx.opaque_test_driver_ctx,
@@ -1059,7 +1213,7 @@
/* Try accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_transparent_test_driver_hash_compute(
+ status = mbedtls_test_transparent_hash_compute(
alg, input, input_length, hash, hash_size, hash_length );
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
@@ -1091,7 +1245,7 @@
/* Try setup on accelerators first */
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = mbedtls_transparent_test_driver_hash_setup(
+ status = mbedtls_test_transparent_hash_setup(
&operation->ctx.test_driver_ctx, alg );
if( status == PSA_SUCCESS )
operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
@@ -1131,7 +1285,7 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
target_operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
- return( mbedtls_transparent_test_driver_hash_clone(
+ return( mbedtls_test_transparent_hash_clone(
&source_operation->ctx.test_driver_ctx,
&target_operation->ctx.test_driver_ctx ) );
#endif
@@ -1155,7 +1309,7 @@
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_transparent_test_driver_hash_update(
+ return( mbedtls_test_transparent_hash_update(
&operation->ctx.test_driver_ctx,
input, input_length ) );
#endif
@@ -1181,7 +1335,7 @@
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_transparent_test_driver_hash_finish(
+ return( mbedtls_test_transparent_hash_finish(
&operation->ctx.test_driver_ctx,
hash, hash_size, hash_length ) );
#endif
@@ -1204,7 +1358,7 @@
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
- return( mbedtls_transparent_test_driver_hash_abort(
+ return( mbedtls_test_transparent_hash_abort(
&operation->ctx.test_driver_ctx ) );
#endif
default:
@@ -1233,7 +1387,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_aead_encrypt(
+ status = mbedtls_test_transparent_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
@@ -1285,7 +1439,7 @@
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
#if defined(PSA_CRYPTO_DRIVER_TEST)
- status = test_transparent_aead_decrypt(
+ status = mbedtls_test_transparent_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
nonce, nonce_length,
@@ -1315,4 +1469,345 @@
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
-/* End of automatically generated file. */
+
+
+/*
+ * MAC functions
+ */
+psa_status_t psa_driver_wrapper_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length );
+ /* Declared with fallback == true */
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ status = mbedtls_test_opaque_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length );
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) mac;
+ (void) mac_size;
+ (void) mac_length;
+ (void) status;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_sign_setup(
+ psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_mac_sign_setup(
+ &operation->ctx.transparent_test_driver_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+ /* Declared with fallback == true */
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ status = mbedtls_test_opaque_mac_sign_setup(
+ &operation->ctx.opaque_test_driver_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void) status;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_verify_setup(
+ psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_location_t location =
+ PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
+
+ switch( location )
+ {
+ case PSA_KEY_LOCATION_LOCAL_STORAGE:
+ /* Key is stored in the slot in export representation, so
+ * cycle through all known transparent accelerators */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ status = mbedtls_test_transparent_mac_verify_setup(
+ &operation->ctx.transparent_test_driver_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+ /* Declared with fallback == true */
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ /* Fell through, meaning no accelerator supports this operation */
+ status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID;
+
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ /* Add cases for opaque driver here */
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TEST_DRIVER_LOCATION:
+ status = mbedtls_test_opaque_mac_verify_setup(
+ &operation->ctx.opaque_test_driver_ctx,
+ attributes,
+ key_buffer, key_buffer_size,
+ alg );
+
+ if( status == PSA_SUCCESS )
+ operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID;
+
+ return( status );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ /* Key is declared with a lifetime not known to us */
+ (void) status;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_update(
+ psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx,
+ input, input_length ) );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_mac_update(
+ &operation->ctx.transparent_test_driver_ctx,
+ input, input_length ) );
+
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( mbedtls_test_opaque_mac_update(
+ &operation->ctx.opaque_test_driver_ctx,
+ input, input_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) input;
+ (void) input_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_sign_finish(
+ psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx,
+ mac, mac_size, mac_length ) );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_mac_sign_finish(
+ &operation->ctx.transparent_test_driver_ctx,
+ mac, mac_size, mac_length ) );
+
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( mbedtls_test_opaque_mac_sign_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_size, mac_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+ (void) mac_size;
+ (void) mac_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_verify_finish(
+ psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx,
+ mac, mac_length ) );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_mac_verify_finish(
+ &operation->ctx.transparent_test_driver_ctx,
+ mac, mac_length ) );
+
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( mbedtls_test_opaque_mac_verify_finish(
+ &operation->ctx.opaque_test_driver_ctx,
+ mac, mac_length ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ (void) mac;
+ (void) mac_length;
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+psa_status_t psa_driver_wrapper_mac_abort(
+ psa_mac_operation_t *operation )
+{
+ switch( operation->id )
+ {
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+ case PSA_CRYPTO_MBED_TLS_DRIVER_ID:
+ return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) );
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+
+#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID:
+ return( mbedtls_test_transparent_mac_abort(
+ &operation->ctx.transparent_test_driver_ctx ) );
+ case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID:
+ return( mbedtls_test_opaque_mac_abort(
+ &operation->ctx.opaque_test_driver_ctx ) );
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+ default:
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ }
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index e82d093..38a6ee8 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -28,6 +28,27 @@
/*
* Signature functions
*/
+psa_status_t psa_driver_wrapper_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length );
+
+psa_status_t psa_driver_wrapper_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length );
+
psa_status_t psa_driver_wrapper_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
@@ -77,7 +98,9 @@
* Cipher functions
*/
psa_status_t psa_driver_wrapper_cipher_encrypt(
- psa_key_slot_t *slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -86,7 +109,9 @@
size_t *output_length );
psa_status_t psa_driver_wrapper_cipher_decrypt(
- psa_key_slot_t *slot,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
@@ -183,6 +208,53 @@
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
+/*
+ * MAC functions
+ */
+psa_status_t psa_driver_wrapper_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t psa_driver_wrapper_mac_sign_setup(
+ psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_mac_verify_setup(
+ psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t psa_driver_wrapper_mac_update(
+ psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t psa_driver_wrapper_mac_sign_finish(
+ psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t psa_driver_wrapper_mac_verify_finish(
+ psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+psa_status_t psa_driver_wrapper_mac_abort(
+ psa_mac_operation_t *operation );
+
#endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */
/* End of automatically generated file. */
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
new file mode 100644
index 0000000..135fa35
--- /dev/null
+++ b/library/psa_crypto_mac.c
@@ -0,0 +1,801 @@
+/*
+ * PSA MAC layer on top of Mbed TLS software crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include <psa/crypto.h>
+#include "psa_crypto_core.h"
+#include "psa_crypto_mac.h"
+#include <mbedtls/md.h>
+
+#include <mbedtls/error.h>
+#include <string.h>
+
+/* Use builtin defines specific to this compilation unit, since the test driver
+ * relies on the software driver. */
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) )
+#define BUILTIN_ALG_CMAC 1
+#endif
+#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \
+ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) )
+#define BUILTIN_ALG_HMAC 1
+#endif
+
+#if defined(BUILTIN_ALG_HMAC)
+static size_t psa_get_hash_block_size( psa_algorithm_t alg )
+{
+ switch( alg )
+ {
+ case PSA_ALG_MD2:
+ return( 16 );
+ case PSA_ALG_MD4:
+ return( 64 );
+ case PSA_ALG_MD5:
+ return( 64 );
+ case PSA_ALG_RIPEMD160:
+ return( 64 );
+ case PSA_ALG_SHA_1:
+ return( 64 );
+ case PSA_ALG_SHA_224:
+ return( 64 );
+ case PSA_ALG_SHA_256:
+ return( 64 );
+ case PSA_ALG_SHA_384:
+ return( 128 );
+ case PSA_ALG_SHA_512:
+ return( 128 );
+ default:
+ return( 0 );
+ }
+}
+
+static psa_status_t psa_hmac_abort_internal(
+ mbedtls_psa_hmac_operation_t *hmac )
+{
+ mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
+ return( psa_hash_abort( &hmac->hash_ctx ) );
+}
+
+static psa_status_t psa_hmac_setup_internal(
+ mbedtls_psa_hmac_operation_t *hmac,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t hash_alg )
+{
+ uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ size_t i;
+ size_t hash_size = PSA_HASH_LENGTH( hash_alg );
+ size_t block_size = psa_get_hash_block_size( hash_alg );
+ psa_status_t status;
+
+ hmac->alg = hash_alg;
+
+ /* Sanity checks on block_size, to guarantee that there won't be a buffer
+ * overflow below. This should never trigger if the hash algorithm
+ * is implemented correctly. */
+ /* The size checks against the ipad and opad buffers cannot be written
+ * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )`
+ * because that triggers -Wlogical-op on GCC 7.3. */
+ if( block_size > sizeof( ipad ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( block_size > sizeof( hmac->opad ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+ if( block_size < hash_size )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ if( key_length > block_size )
+ {
+ status = psa_hash_compute( hash_alg, key, key_length,
+ ipad, sizeof( ipad ), &key_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+ }
+ /* A 0-length key is not commonly used in HMAC when used as a MAC,
+ * but it is permitted. It is common when HMAC is used in HKDF, for
+ * example. Don't call `memcpy` in the 0-length because `key` could be
+ * an invalid pointer which would make the behavior undefined. */
+ else if( key_length != 0 )
+ memcpy( ipad, key, key_length );
+
+ /* ipad contains the key followed by garbage. Xor and fill with 0x36
+ * to create the ipad value. */
+ for( i = 0; i < key_length; i++ )
+ ipad[i] ^= 0x36;
+ memset( ipad + key_length, 0x36, block_size - key_length );
+
+ /* Copy the key material from ipad to opad, flipping the requisite bits,
+ * and filling the rest of opad with the requisite constant. */
+ for( i = 0; i < key_length; i++ )
+ hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
+ memset( hmac->opad + key_length, 0x5C, block_size - key_length );
+
+ status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ status = psa_hash_update( &hmac->hash_ctx, ipad, block_size );
+
+cleanup:
+ mbedtls_platform_zeroize( ipad, sizeof( ipad ) );
+
+ return( status );
+}
+
+static psa_status_t psa_hmac_update_internal(
+ mbedtls_psa_hmac_operation_t *hmac,
+ const uint8_t *data,
+ size_t data_length )
+{
+ return( psa_hash_update( &hmac->hash_ctx, data, data_length ) );
+}
+
+static psa_status_t psa_hmac_finish_internal(
+ mbedtls_psa_hmac_operation_t *hmac,
+ uint8_t *mac,
+ size_t mac_size )
+{
+ uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
+ psa_algorithm_t hash_alg = hmac->alg;
+ size_t hash_size = 0;
+ size_t block_size = psa_get_hash_block_size( hash_alg );
+ psa_status_t status;
+
+ status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
+ if( status != PSA_SUCCESS )
+ return( status );
+ /* From here on, tmp needs to be wiped. */
+
+ status = psa_hash_setup( &hmac->hash_ctx, hash_alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ memcpy( mac, tmp, mac_size );
+
+exit:
+ mbedtls_platform_zeroize( tmp, hash_size );
+ return( status );
+}
+#endif /* BUILTIN_ALG_HMAC */
+
+#if defined(BUILTIN_ALG_CMAC)
+static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+ /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept
+ * to do CMAC with pure DES, so return NOT_SUPPORTED here. */
+ if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES &&
+ ( psa_get_key_bits( attributes ) == 64 ||
+ psa_get_key_bits( attributes ) == 128 ) )
+ return( PSA_ERROR_NOT_SUPPORTED );
+#endif
+
+ const mbedtls_cipher_info_t * cipher_info =
+ mbedtls_cipher_info_from_psa(
+ PSA_ALG_CMAC,
+ psa_get_key_type( attributes ),
+ psa_get_key_bits( attributes ),
+ NULL );
+
+ if( cipher_info == NULL )
+ return( PSA_ERROR_NOT_SUPPORTED );
+
+ ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info );
+ if( ret != 0 )
+ goto exit;
+
+ ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac,
+ key_buffer,
+ psa_get_key_bits( attributes ) );
+exit:
+ return( mbedtls_to_psa_error( ret ) );
+}
+#endif /* BUILTIN_ALG_CMAC */
+
+/* Implement the PSA driver MAC interface on top of mbed TLS if either the
+ * software driver or the test driver requires it. */
+#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC)
+
+/* Initialize this driver's MAC operation structure. Once this function has been
+ * called, mbedtls_psa_mac_abort can run and will do the right thing. */
+static psa_status_t mac_init(
+ mbedtls_psa_mac_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ operation->alg = alg;
+
+#if defined(BUILTIN_ALG_CMAC)
+ if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
+ {
+ mbedtls_cipher_init( &operation->ctx.cmac );
+ status = PSA_SUCCESS;
+ }
+ else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ /* We'll set up the hash operation later in psa_hmac_setup_internal. */
+ operation->ctx.hmac.alg = 0;
+ status = PSA_SUCCESS;
+ }
+ else
+#endif /* BUILTIN_ALG_HMAC */
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ if( status != PSA_SUCCESS )
+ memset( operation, 0, sizeof( *operation ) );
+ return( status );
+}
+
+static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation )
+{
+ if( operation->alg == 0 )
+ {
+ /* The object has (apparently) been initialized but it is not
+ * in use. It's ok to call abort on such an object, and there's
+ * nothing to do. */
+ return( PSA_SUCCESS );
+ }
+ else
+#if defined(BUILTIN_ALG_CMAC)
+ if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
+ {
+ mbedtls_cipher_free( &operation->ctx.cmac );
+ }
+ else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ psa_hmac_abort_internal( &operation->ctx.hmac );
+ }
+ else
+#endif /* BUILTIN_ALG_HMAC */
+ {
+ /* Sanity check (shouldn't happen: operation->alg should
+ * always have been initialized to a valid value). */
+ goto bad_state;
+ }
+
+ operation->alg = 0;
+
+ return( PSA_SUCCESS );
+
+bad_state:
+ /* If abort is called on an uninitialized object, we can't trust
+ * anything. Wipe the object in case it contains confidential data.
+ * This may result in a memory leak if a pointer gets overwritten,
+ * but it's too late to do anything about this. */
+ memset( operation, 0, sizeof( *operation ) );
+ return( PSA_ERROR_BAD_STATE );
+}
+
+static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ /* A context must be freshly initialized before it can be set up. */
+ if( operation->alg != 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ status = mac_init( operation, alg );
+ if( status != PSA_SUCCESS )
+ return( status );
+
+#if defined(BUILTIN_ALG_CMAC)
+ if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC )
+ {
+ /* Key buffer size for CMAC is dictated by the key bits set on the
+ * attributes, and previously validated by the core on key import. */
+ (void) key_buffer_size;
+ status = cmac_setup( operation, attributes, key_buffer );
+ }
+ else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( alg ) )
+ {
+ status = psa_hmac_setup_internal( &operation->ctx.hmac,
+ key_buffer,
+ key_buffer_size,
+ PSA_ALG_HMAC_GET_HASH( alg ) );
+ }
+ else
+#endif /* BUILTIN_ALG_HMAC */
+ {
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ status = PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ if( status != PSA_SUCCESS )
+ mac_abort( operation );
+
+ return( status );
+}
+
+static psa_status_t mac_update(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ if( operation->alg == 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+#if defined(BUILTIN_ALG_CMAC)
+ if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
+ {
+ return( mbedtls_to_psa_error(
+ mbedtls_cipher_cmac_update( &operation->ctx.cmac,
+ input, input_length ) ) );
+ }
+ else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ return( psa_hmac_update_internal( &operation->ctx.hmac,
+ input, input_length ) );
+ }
+ else
+#endif /* BUILTIN_ALG_HMAC */
+ {
+ /* This shouldn't happen if `operation` was initialized by
+ * a setup function. */
+ (void) input;
+ (void) input_length;
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size )
+{
+#if defined(BUILTIN_ALG_CMAC)
+ if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC )
+ {
+ uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE];
+ int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp );
+ if( ret == 0 )
+ memcpy( mac, tmp, mac_size );
+ mbedtls_platform_zeroize( tmp, sizeof( tmp ) );
+ return( mbedtls_to_psa_error( ret ) );
+ }
+ else
+#endif /* BUILTIN_ALG_CMAC */
+#if defined(BUILTIN_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( operation->alg ) )
+ {
+ return( psa_hmac_finish_internal( &operation->ctx.hmac,
+ mac, mac_size ) );
+ }
+ else
+#endif /* BUILTIN_ALG_HMAC */
+ {
+ /* This shouldn't happen if `operation` was initialized by
+ * a setup function. */
+ (void) operation;
+ (void) mac;
+ (void) mac_size;
+ return( PSA_ERROR_BAD_STATE );
+ }
+}
+
+static psa_status_t mac_sign_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if( operation->alg == 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ status = mac_finish_internal( operation, mac, mac_size );
+
+ if( status == PSA_SUCCESS )
+ *mac_length = mac_size;
+
+ return( status );
+}
+
+static psa_status_t mac_verify_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ uint8_t actual_mac[PSA_MAC_MAX_SIZE];
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ if( operation->alg == 0 )
+ return( PSA_ERROR_BAD_STATE );
+
+ /* Consistency check: requested MAC length fits our local buffer */
+ if( mac_length > sizeof( actual_mac ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
+ status = mac_finish_internal( operation, actual_mac, mac_length );
+ if( status != PSA_SUCCESS )
+ goto cleanup;
+
+ if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 )
+ status = PSA_ERROR_INVALID_SIGNATURE;
+
+cleanup:
+ mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) );
+
+ return( status );
+}
+
+static psa_status_t mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_psa_mac_operation_t operation = MBEDTLS_PSA_MAC_OPERATION_INIT;
+
+ status = mac_setup( &operation,
+ attributes, key_buffer, key_buffer_size,
+ alg );
+ if( status != PSA_SUCCESS )
+ goto exit;
+
+ if( input_length > 0 )
+ {
+ status = mac_update( &operation, input, input_length );
+ if( status != PSA_SUCCESS )
+ goto exit;
+ }
+
+ status = mac_finish_internal( &operation, mac, mac_size );
+ if( status == PSA_SUCCESS )
+ *mac_length = mac_size;
+
+exit:
+ mac_abort( &operation );
+
+ return( status );
+}
+
+#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */
+
+#if defined(MBEDTLS_PSA_BUILTIN_MAC)
+psa_status_t mbedtls_psa_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length ) );
+}
+
+psa_status_t mbedtls_psa_mac_sign_setup(
+ mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ return( mac_setup( operation, attributes,
+ key_buffer, key_buffer_size, alg ) );
+}
+
+psa_status_t mbedtls_psa_mac_verify_setup(
+ mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ return( mac_setup( operation, attributes,
+ key_buffer, key_buffer_size, alg ) );
+}
+
+psa_status_t mbedtls_psa_mac_update(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ return( mac_update( operation, input, input_length ) );
+}
+
+psa_status_t mbedtls_psa_mac_sign_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
+}
+
+psa_status_t mbedtls_psa_mac_verify_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ return( mac_verify_finish( operation, mac, mac_length ) );
+}
+
+psa_status_t mbedtls_psa_mac_abort(
+ mbedtls_psa_mac_operation_t *operation )
+{
+ return( mac_abort( operation ) );
+}
+#endif /* MBEDTLS_PSA_BUILTIN_MAC */
+
+ /*
+ * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
+ */
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+static int is_mac_accelerated( psa_algorithm_t alg )
+{
+#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+ if( PSA_ALG_IS_HMAC( alg ) )
+ return( 1 );
+#endif
+
+ switch( PSA_ALG_FULL_LENGTH_MAC( alg ) )
+ {
+#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
+ case PSA_ALG_CMAC:
+ return( 1 );
+#endif
+ default:
+ return( 0 );
+ }
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ if( is_mac_accelerated( alg ) )
+ return( mac_compute( attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length ) );
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ if( is_mac_accelerated( alg ) )
+ return( mac_setup( operation, attributes,
+ key_buffer, key_buffer_size, alg ) );
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ if( is_mac_accelerated( alg ) )
+ return( mac_setup( operation, attributes,
+ key_buffer, key_buffer_size, alg ) );
+ else
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_update(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ if( is_mac_accelerated( operation->alg ) )
+ return( mac_update( operation, input, input_length ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ if( is_mac_accelerated( operation->alg ) )
+ return( mac_sign_finish( operation, mac, mac_size, mac_length ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ if( is_mac_accelerated( operation->alg ) )
+ return( mac_verify_finish( operation, mac, mac_length ) );
+ else
+ return( PSA_ERROR_BAD_STATE );
+}
+
+psa_status_t mbedtls_transparent_test_driver_mac_abort(
+ mbedtls_transparent_test_driver_mac_operation_t *operation )
+{
+ return( mac_abort( operation ) );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) mac;
+ (void) mac_size;
+ (void) mac_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) alg;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_update(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ (void) input;
+ (void) input_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ (void) mac;
+ (void) mac_size;
+ (void) mac_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ (void) mac;
+ (void) mac_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_opaque_test_driver_mac_abort(
+ mbedtls_opaque_test_driver_mac_operation_t *operation )
+{
+ /* Opaque driver testing is not implemented yet through this mechanism. */
+ (void) operation;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h
new file mode 100644
index 0000000..9b81e73
--- /dev/null
+++ b/library/psa_crypto_mac.h
@@ -0,0 +1,372 @@
+/*
+ * PSA MAC layer on top of Mbed TLS software crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_MAC_H
+#define PSA_CRYPTO_MAC_H
+
+#include <psa/crypto.h>
+
+/** Calculate the MAC (message authentication code) of a message using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver mac_compute
+ * entry point. This function behaves as a mac_compute entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key to use for
+ * computing the MAC. This buffer contains the key
+ * in export representation as defined by
+ * psa_export_key() (i.e. the raw key bytes).
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ * \param[in] input Buffer containing the input message.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Size of the \p mac buffer in bytes.
+ * \param[out] mac_length On success, the number of bytes
+ * that make up the MAC value.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p mac_size is too small
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+/** Set up a multipart MAC calculation operation using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver mac_sign_setup
+ * entry point. This function behaves as a mac_sign_setup entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized and not yet in use.
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key to use for
+ * computing the MAC. This buffer contains the key
+ * in export representation as defined by
+ * psa_export_key() (i.e. the raw key bytes).
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive).
+ */
+psa_status_t mbedtls_psa_mac_sign_setup(
+ mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg);
+
+/** Set up a multipart MAC verification operation using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver mac_verify_setup
+ * entry point. This function behaves as a mac_verify_setup entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized and not yet in use.
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the key to use for
+ * computing the MAC. This buffer contains the key
+ * in export representation as defined by
+ * psa_export_key() (i.e. the raw key bytes).
+ * \param key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive).
+ */
+psa_status_t mbedtls_psa_mac_verify_setup(
+ mbedtls_psa_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg);
+
+/** Add a message fragment to a multipart MAC operation using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver mac_update
+ * entry point. This function behaves as a mac_update entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * The PSA core calls mbedtls_psa_mac_sign_setup() or
+ * mbedtls_psa_mac_verify_setup() before calling this function.
+ *
+ * If this function returns an error status, the PSA core aborts the
+ * operation by calling mbedtls_psa_mac_abort().
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] input Buffer containing the message fragment to add to
+ * the MAC calculation.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_mac_update(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+/** Finish the calculation of the MAC of a message using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver mac_sign_finish
+ * entry point. This function behaves as a mac_sign_finish entry point as
+ * defined in the PSA driver interface specification for transparent
+ * drivers.
+ *
+ * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function.
+ * This function calculates the MAC of the message formed by concatenating
+ * the inputs passed to preceding calls to mbedtls_psa_mac_update().
+ *
+ * Whether this function returns successfully or not, the PSA core subsequently
+ * aborts the operation by calling mbedtls_psa_mac_abort().
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Output size requested for the MAC algorithm. The PSA
+ * core guarantees this is a valid MAC length for the
+ * algorithm and key combination passed to
+ * mbedtls_psa_mac_sign_setup(). It also guarantees the
+ * \p mac buffer is large enough to contain the
+ * requested output size.
+ * \param[out] mac_length On success, the number of bytes output to buffer
+ * \p mac, which will be equal to the requested length
+ * \p mac_size.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be an active mac sign
+ * operation).
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p mac buffer is too small. A sufficient buffer size
+ * can be determined by calling PSA_MAC_LENGTH().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_mac_sign_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+/** Finish the calculation of the MAC of a message and compare it with
+ * an expected value using Mbed TLS.
+ *
+ * \note The signature of this function is that of a PSA driver
+ * mac_verify_finish entry point. This function behaves as a
+ * mac_verify_finish entry point as defined in the PSA driver interface
+ * specification for transparent drivers.
+ *
+ * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this
+ * function. This function calculates the MAC of the message formed by
+ * concatenating the inputs passed to preceding calls to
+ * mbedtls_psa_mac_update(). It then compares the calculated MAC with the
+ * expected MAC passed as a parameter to this function.
+ *
+ * Whether this function returns successfully or not, the PSA core subsequently
+ * aborts the operation by calling mbedtls_psa_mac_abort().
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] mac Buffer containing the expected MAC value.
+ * \param mac_length Length in bytes of the expected MAC value. The PSA
+ * core guarantees that this length is a valid MAC
+ * length for the algorithm and key combination passed
+ * to mbedtls_psa_mac_verify_setup().
+ *
+ * \retval #PSA_SUCCESS
+ * The expected MAC is identical to the actual MAC of the message.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The MAC of the message was calculated successfully, but it
+ * differs from the expected MAC.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be an active mac verify
+ * operation).
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_mac_verify_finish(
+ mbedtls_psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+/** Abort a MAC operation using Mbed TLS.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again.
+ *
+ * The PSA core may call this function any time after the operation object has
+ * been initialized by one of the methods described in
+ * #mbedtls_psa_mac_operation_t.
+ *
+ * In particular, calling mbedtls_psa_mac_abort() after the operation has been
+ * terminated by a call to mbedtls_psa_mac_abort(),
+ * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and
+ * has no effect.
+ *
+ * \param[in,out] operation Initialized MAC operation.
+ *
+ * \retval #PSA_SUCCESS
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_mac_abort(
+ mbedtls_psa_mac_operation_t *operation );
+
+/*
+ * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
+ */
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+
+psa_status_t mbedtls_transparent_test_driver_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_transparent_test_driver_mac_sign_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_transparent_test_driver_mac_verify_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_transparent_test_driver_mac_update(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_transparent_test_driver_mac_sign_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_transparent_test_driver_mac_verify_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+psa_status_t mbedtls_transparent_test_driver_mac_abort(
+ mbedtls_transparent_test_driver_mac_operation_t *operation );
+
+psa_status_t mbedtls_opaque_test_driver_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_opaque_test_driver_mac_sign_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_opaque_test_driver_mac_verify_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_opaque_test_driver_mac_update(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_opaque_test_driver_mac_sign_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_opaque_test_driver_mac_verify_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+psa_status_t mbedtls_opaque_test_driver_mac_abort(
+ mbedtls_opaque_test_driver_mac_operation_t *operation );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+
+#endif /* PSA_CRYPTO_MAC_H */
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 1ab1e94..80b9985 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -274,7 +274,8 @@
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
static psa_status_t psa_rsa_read_exponent( const uint8_t *domain_parameters,
size_t domain_parameters_size,
int *exponent )
@@ -332,7 +333,8 @@
return( status );
}
-#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
/****************************************************************/
/* Sign/verify hashes */
@@ -358,27 +360,14 @@
return( PSA_ERROR_INVALID_ARGUMENT );
#endif
-#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
- /* For PKCS#1 v1.5 signature, if using a hash, the hash length
- * must be correct. */
- if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
- alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+ /* For signatures using a hash, the hash length must be correct. */
+ if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
{
if( md_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED );
if( mbedtls_md_get_size( md_info ) != hash_length )
return( PSA_ERROR_INVALID_ARGUMENT );
}
-#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(BUILTIN_ALG_RSA_PSS)
- /* PSS requires a hash internally. */
- if( PSA_ALG_IS_RSA_PSS( alg ) )
- {
- if( md_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-#endif /* BUILTIN_ALG_RSA_PSS */
return( PSA_SUCCESS );
}
@@ -510,7 +499,7 @@
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PUBLIC,
- MBEDTLS_MD_NONE,
+ md_alg,
(unsigned int) hash_length,
hash,
signature );
@@ -565,7 +554,8 @@
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
-#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) && \
+ defined(MBEDTLS_GENPRIME)
psa_status_t mbedtls_psa_rsa_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
@@ -573,7 +563,8 @@
return( rsa_generate_key( attributes, key_buffer, key_buffer_size,
key_buffer_length ) );
}
-#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR)
+ * defined(MBEDTLS_GENPRIME) */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h
deleted file mode 100644
index 87889af..0000000
--- a/library/psa_crypto_service_integration.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef PSA_CRYPTO_SERVICE_INTEGRATION_H
-#define PSA_CRYPTO_SERVICE_INTEGRATION_H
-
-/*
- * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM
- * (Secure Partition Manager) integration which separates the code into two
- * parts: NSPE (Non-Secure Processing Environment) and SPE (Secure Processing
- * Environment). When building for the SPE, an additional header file should be
- * included.
- */
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-/*
- * PSA_CRYPTO_SECURE means that the file which included this file is being
- * compiled for SPE. The files crypto_structs.h and crypto_types.h have
- * different implementations for NSPE and SPE and are compiled according to this
- * flag.
- */
-#define PSA_CRYPTO_SECURE 1
-#include "crypto_spe.h"
-#endif // MBEDTLS_PSA_CRYPTO_SPM
-
-#endif // PSA_CRYPTO_SERVICE_INTEGRATION_H
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 0b1a3c1..76d7a07 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -22,7 +22,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_core.h"
@@ -392,6 +391,10 @@
if( status == PSA_ERROR_DOES_NOT_EXIST )
status = PSA_ERROR_INVALID_HANDLE;
}
+ else
+ /* Add implicit usage flags. */
+ psa_extend_key_usage_flags( &(*p_slot)->attr.policy.usage );
+
return( status );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
return( PSA_ERROR_INVALID_HANDLE );
@@ -466,7 +469,10 @@
{
/* Persistent keys require storage support */
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
- return( PSA_SUCCESS );
+ if( PSA_KEY_LIFETIME_IS_READ_ONLY( lifetime ) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+ else
+ return( PSA_SUCCESS );
#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
return( PSA_ERROR_NOT_SUPPORTED );
#endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */
@@ -556,16 +562,17 @@
++stats->empty_slots;
continue;
}
- if( slot->attr.lifetime == PSA_KEY_LIFETIME_VOLATILE )
+ if( PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) )
++stats->volatile_slots;
- else if( slot->attr.lifetime == PSA_KEY_LIFETIME_PERSISTENT )
+ else
{
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->persistent_slots;
if( id > stats->max_open_internal_key_id )
stats->max_open_internal_key_id = id;
}
- else
+ if( PSA_KEY_LIFETIME_GET_LOCATION( slot->attr.lifetime ) !=
+ PSA_KEY_LOCATION_LOCAL_STORAGE )
{
psa_key_id_t id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( slot->attr.id );
++stats->external_slots;
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index 773d3aa..2ebfc26 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -29,7 +29,6 @@
#include <stdlib.h>
#include <string.h>
-#include "psa_crypto_service_integration.h"
#include "psa/crypto.h"
#include "psa_crypto_storage.h"
#include "mbedtls/platform_util.h"
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 7e9d4da..32188cf 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -78,14 +78,12 @@
continue;
#endif
- if( session->ciphersuite != entry->session.ciphersuite ||
- session->compression != entry->session.compression ||
- session->id_len != entry->session.id_len )
- continue;
-
- if( memcmp( session->id, entry->session.id,
+ if( session->id_len != entry->session.id_len ||
+ memcmp( session->id, entry->session.id,
entry->session.id_len ) != 0 )
+ {
continue;
+ }
ret = mbedtls_ssl_session_copy( session, &entry->session );
if( ret != 0 )
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 6985fe5..3826ad2 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -34,6 +34,11 @@
#include <string.h>
+#undef HAVE_SHA384
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
+#define HAVE_SHA384
+#endif
+
/*
* Ordered from most preferred to least preferred in terms of security.
*
@@ -411,7 +416,7 @@
0 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -426,7 +431,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#if defined(MBEDTLS_CCM_C)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -460,13 +465,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -477,13 +482,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -552,7 +557,7 @@
0 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -567,7 +572,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
@@ -579,13 +584,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -596,13 +601,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -641,13 +646,13 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
+#if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
+#endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_GCM_C)
@@ -751,13 +756,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -776,13 +781,13 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if defined(MBEDTLS_AES_C)
-#if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_GCM_C)
+#if defined(HAVE_SHA384) && defined(MBEDTLS_GCM_C)
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C && MBEDTLS_GCM_C */
+#endif /* HAVE_SHA384 && MBEDTLS_GCM_C */
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_GCM_C)
@@ -887,13 +892,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA1_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA1_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -960,7 +965,7 @@
0 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -975,7 +980,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
@@ -987,13 +992,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -1004,13 +1009,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1079,7 +1084,7 @@
0 },
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -1094,7 +1099,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_GCM_C */
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_CAMELLIA_C)
@@ -1106,13 +1111,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -1123,13 +1128,13 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1177,13 +1182,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1195,13 +1200,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
@@ -1251,13 +1256,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -1269,13 +1274,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1313,13 +1318,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1331,13 +1336,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
@@ -1387,13 +1392,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -1405,13 +1410,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1450,13 +1455,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
@@ -1484,13 +1489,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1528,13 +1533,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -1546,13 +1551,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#if defined(MBEDTLS_SHA1_C)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
@@ -1580,13 +1585,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_CIPHER_MODE_CBC */
#if defined(MBEDTLS_GCM_C)
@@ -1598,13 +1603,13 @@
0 },
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
-#endif /* MBEDTLS_SHA512_C */
+#endif /* HAVE_SHA384 */
#endif /* MBEDTLS_GCM_C */
#endif /* MBEDTLS_CAMELLIA_C */
@@ -1688,7 +1693,7 @@
MBEDTLS_CIPHERSUITE_WEAK },
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
@@ -1714,7 +1719,7 @@
MBEDTLS_CIPHERSUITE_WEAK },
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
@@ -1740,7 +1745,7 @@
MBEDTLS_CIPHERSUITE_WEAK },
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
@@ -1766,7 +1771,7 @@
MBEDTLS_CIPHERSUITE_WEAK },
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(HAVE_SHA384)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_1,
@@ -1805,7 +1810,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -1813,7 +1818,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -1842,7 +1847,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1850,7 +1855,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1879,7 +1884,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384,MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1887,7 +1892,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1916,7 +1921,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -1924,7 +1929,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -1953,7 +1958,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -1961,7 +1966,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -1990,7 +1995,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
@@ -2011,7 +2016,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -2019,7 +2024,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -2048,7 +2053,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -2056,7 +2061,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -2085,7 +2090,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -2093,7 +2098,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -2122,7 +2127,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if (defined(MBEDTLS_GCM_C) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_GCM_C) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -2130,7 +2135,7 @@
MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3,
0 },
#endif
-#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(MBEDTLS_SHA512_C))
+#if (defined(MBEDTLS_CIPHER_MODE_CBC) && defined(HAVE_SHA384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 01e3f11..f49178c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1525,7 +1525,7 @@
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1572,7 +1572,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "CID extension unexpected" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1628,7 +1628,7 @@
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1654,7 +1654,7 @@
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1679,7 +1679,7 @@
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1785,7 +1785,7 @@
mbedtls_ssl_send_alert_message(
ssl,
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 54a7be0..1352b49 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1241,6 +1241,9 @@
MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
}
+ /* The context needs to finish() before it starts() again */
+ MD_CHK( mbedtls_md_finish( ctx, aux_out ) );
+
/* Now compute HASH(okey + inner_hash) */
MD_CHK( mbedtls_md_starts( ctx ) );
MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 581b3f7..aca871e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2765,6 +2765,55 @@
}
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+static void ssl_handle_id_based_session_resumption( mbedtls_ssl_context *ssl )
+{
+ int ret;
+ mbedtls_ssl_session session_tmp;
+ mbedtls_ssl_session * const session = ssl->session_negotiate;
+
+ /* Resume is 0 by default, see ssl_handshake_init().
+ * It may be already set to 1 by ssl_parse_session_ticket_ext(). */
+ if( ssl->handshake->resume == 1 )
+ return;
+ if( session->id_len == 0 )
+ return;
+ if( ssl->conf->f_get_cache == NULL )
+ return;
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( ssl->renego_status != MBEDTLS_SSL_INITIAL_HANDSHAKE )
+ return;
+#endif
+
+ mbedtls_ssl_session_init( &session_tmp );
+
+ session_tmp.id_len = session->id_len;
+ memcpy( session_tmp.id, session->id, session->id_len );
+
+ ret = ssl->conf->f_get_cache( ssl->conf->p_cache,
+ &session_tmp );
+ if( ret != 0 )
+ goto exit;
+
+ if( session->ciphersuite != session_tmp.ciphersuite ||
+ session->compression != session_tmp.compression )
+ {
+ /* Mismatch between cached and negotiated session */
+ goto exit;
+ }
+
+ /* Move semantics */
+ mbedtls_ssl_session_free( session );
+ *session = session_tmp;
+ memset( &session_tmp, 0, sizeof( session_tmp ) );
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
+ ssl->handshake->resume = 1;
+
+exit:
+
+ mbedtls_ssl_session_free( &session_tmp );
+}
+
static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
{
#if defined(MBEDTLS_HAVE_TIME)
@@ -2835,22 +2884,7 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, random bytes", buf + 6, 32 );
- /*
- * Resume is 0 by default, see ssl_handshake_init().
- * It may be already set to 1 by ssl_parse_session_ticket_ext().
- * If not, try looking up session ID in our cache.
- */
- if( ssl->handshake->resume == 0 &&
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl->renego_status == MBEDTLS_SSL_INITIAL_HANDSHAKE &&
-#endif
- ssl->session_negotiate->id_len != 0 &&
- ssl->conf->f_get_cache != NULL &&
- ssl->conf->f_get_cache( ssl->conf->p_cache, ssl->session_negotiate ) == 0 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "session successfully restored from cache" ) );
- ssl->handshake->resume = 1;
- }
+ ssl_handle_id_based_session_resumption( ssl );
if( ssl->handshake->resume == 0 )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e367fbd..976a87c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -721,7 +721,7 @@
}
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static int tls_prf_sha384( const unsigned char *secret, size_t slen,
const char *label,
const unsigned char *random, size_t rlen,
@@ -730,7 +730,7 @@
return( tls_prf_generic( MBEDTLS_MD_SHA384, secret, slen,
label, random, rlen, dstbuf, dlen ) );
}
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
static void ssl_update_checksum_start( mbedtls_ssl_context *, const unsigned char *, size_t );
@@ -757,7 +757,7 @@
static void ssl_calc_finished_tls_sha256( mbedtls_ssl_context *,unsigned char *, int );
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *, const unsigned char *, size_t );
static void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *, unsigned char*, size_t * );
static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *, unsigned char *, int );
@@ -804,7 +804,7 @@
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
if( tls_prf == tls_prf_sha384 )
{
return( MBEDTLS_SSL_TLS_PRF_SHA384 );
@@ -845,11 +845,11 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
break;
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#if defined(MBEDTLS_SHA256_C)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
@@ -1450,7 +1450,8 @@
int minor_ver,
mbedtls_md_type_t hash )
{
-#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || !defined(MBEDTLS_SHA512_C)
+#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) || \
+ !( defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384) )
(void) hash;
#endif
@@ -1473,7 +1474,7 @@
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
hash == MBEDTLS_MD_SHA384 )
{
@@ -1865,7 +1866,7 @@
}
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen )
@@ -1912,7 +1913,7 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return;
}
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -2936,7 +2937,7 @@
else
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
else
@@ -2969,7 +2970,7 @@
mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 );
#endif
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &ssl->handshake->fin_sha384_psa );
psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
@@ -2996,7 +2997,7 @@
mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len );
#endif
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len );
#else
@@ -3029,7 +3030,7 @@
}
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
@@ -3263,9 +3264,7 @@
}
#endif /* MBEDTLS_SHA256_C */
-#if defined(MBEDTLS_SHA512_C)
-
-typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*);
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
static void ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from )
@@ -3325,13 +3324,19 @@
MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *)
sha512.state, sizeof( sha512.state ) );
#endif
- /*
- * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long.
- * However, to avoid stringop-overflow warning in gcc, we have to cast
- * mbedtls_sha512_finish_ret().
+ /* mbedtls_sha512_finish_ret's output parameter is declared as a
+ * 64-byte buffer, but sice we're using SHA-384, we know that the
+ * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
+ * about it.
*/
- finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret;
- finish( &sha512, padbuf );
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wstringop-overflow"
+#endif
+ mbedtls_sha512_finish_ret( &sha512, padbuf );
+#if defined(__GNUC__) && __GNUC__ >= 11
+#pragma GCC diagnostic pop
+#endif
mbedtls_sha512_free( &sha512 );
#endif
@@ -3345,7 +3350,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc finished" ) );
}
-#endif /* MBEDTLS_SHA512_C */
+#endif /* MBEDTLS_SHA512_C && !MBEDTLS_SHA512_NO_SHA384 */
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl )
@@ -3605,7 +3610,7 @@
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad finished message" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_FINISHED );
}
@@ -3659,7 +3664,7 @@
mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 );
#endif
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 );
@@ -5990,7 +5995,7 @@
mbedtls_sha256_free( &handshake->fin_sha256 );
#endif
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort( &handshake->fin_sha384_psa );
#else
@@ -6432,7 +6437,7 @@
unsigned char *dstbuf, size_t dlen );
static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
{
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
@@ -6847,6 +6852,8 @@
static int ssl_preset_default_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
+#endif
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
MBEDTLS_MD_SHA384,
#endif
#if defined(MBEDTLS_SHA256_C)
@@ -7206,9 +7213,11 @@
case MBEDTLS_SSL_HASH_SHA256:
return( MBEDTLS_MD_SHA256 );
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_SSL_HASH_SHA384:
return( MBEDTLS_MD_SHA384 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_SSL_HASH_SHA512:
return( MBEDTLS_MD_SHA512 );
#endif
@@ -7238,9 +7247,11 @@
case MBEDTLS_MD_SHA256:
return( MBEDTLS_SSL_HASH_SHA256 );
#endif
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_MD_SHA384:
return( MBEDTLS_SSL_HASH_SHA384 );
+#endif
+#if defined(MBEDTLS_SHA512_C)
case MBEDTLS_MD_SHA512:
return( MBEDTLS_SSL_HASH_SHA512 );
#endif
@@ -7400,7 +7411,7 @@
break;
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 */
-#if defined(MBEDTLS_SHA512_C)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 8086cc0..acdd545 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -91,9 +91,8 @@
*/
#define X509_MAX_VERIFY_CHAIN_SIZE ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
-/*
- * Default profile
- */
+/* Default profile. Do not remove items unless there are serious security
+ * concerns. */
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
{
#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 498b8b0..8f4a4f5 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -233,7 +233,7 @@
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
unsigned int key_usage )
{
- unsigned char buf[5], ku[2];
+ unsigned char buf[5] = {0}, ku[2] = {0};
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
@@ -272,7 +272,7 @@
int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
unsigned char ns_cert_type )
{
- unsigned char buf[4];
+ unsigned char buf[4] = {0};
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index c7c8032..afda950 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -91,7 +91,7 @@
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage )
{
- unsigned char buf[4];
+ unsigned char buf[4] = {0};
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -113,7 +113,7 @@
int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
unsigned char ns_cert_type )
{
- unsigned char buf[4];
+ unsigned char buf[4] = {0};
unsigned char *c;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
index fa17918..084fc24 100644
--- a/programs/fuzz/Makefile
+++ b/programs/fuzz/Makefile
@@ -20,8 +20,6 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
-# python2 for POSIX since FreeBSD has only python2 as default.
-PYTHON ?= python2
# Zlib shared library extensions:
ifdef ZLIB
diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c
index dcbe87f..bebb97c 100644
--- a/programs/psa/psa_constant_names_generated.c
+++ b/programs/psa/psa_constant_names_generated.c
@@ -394,6 +394,13 @@
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23);
usage ^= PSA_KEY_USAGE_SIGN_HASH;
}
+ if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26);
+ usage ^= PSA_KEY_USAGE_SIGN_MESSAGE;
+ }
if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
@@ -401,6 +408,13 @@
append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25);
usage ^= PSA_KEY_USAGE_VERIFY_HASH;
}
+ if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28);
+ usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
if (usage != 0) {
if (required_size != 0) {
append(&buffer, buffer_size, &required_size, " | ", 3);
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index d9e3607..f5d8680 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -163,7 +163,7 @@
int ssl_check_record( mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len )
{
- int ret;
+ int my_ret = 0, ret_cr1, ret_cr2;
unsigned char *tmp_buf;
/* Record checking may modify the input buffer,
@@ -173,22 +173,21 @@
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
memcpy( tmp_buf, buf, len );
- ret = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
+ ret_cr1 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+ if( ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE )
{
- int ret_repeated;
-
/* Test-only: Make sure that mbedtls_ssl_check_record()
* doesn't alter state. */
memcpy( tmp_buf, buf, len ); /* Restore buffer */
- ret_repeated = mbedtls_ssl_check_record( ssl, tmp_buf, len );
- if( ret != ret_repeated )
+ ret_cr2 = mbedtls_ssl_check_record( ssl, tmp_buf, len );
+ if( ret_cr2 != ret_cr1 )
{
mbedtls_printf( "mbedtls_ssl_check_record() returned inconsistent results.\n" );
- return( -1 );
+ my_ret = -1;
+ goto cleanup;
}
- switch( ret )
+ switch( ret_cr1 )
{
case 0:
break;
@@ -209,16 +208,18 @@
break;
default:
- mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret );
- return( -1 );
+ mbedtls_printf( "mbedtls_ssl_check_record() failed fatally with -%#04x.\n", (unsigned int) -ret_cr1 );
+ my_ret = -1;
+ goto cleanup;
}
/* Regardless of the outcome, forward the record to the stack. */
}
+cleanup:
mbedtls_free( tmp_buf );
- return( 0 );
+ return( my_ret );
}
#endif /* MBEDTLS_SSL_RECORD_CHECKING */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 0b1bfd7..11fe9bf 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -683,26 +683,21 @@
}
/*
- * Avoid dropping or delaying a packet that was already dropped twice: this
- * only results in uninteresting timeouts. We can't rely on type to identify
- * packets, since during renegotiation they're all encrypted. So, rely on
- * size mod 2048 (which is usually just size).
- */
-static unsigned char dropped[2048] = { 0 };
-#define DROP_MAX 2
-
-/* We only drop packets at the level of entire datagrams, not at the level
+ * Avoid dropping or delaying a packet that was already dropped or delayed
+ * ("held") twice: this only results in uninteresting timeouts. We can't rely
+ * on type to identify packets, since during renegotiation they're all
+ * encrypted. So, rely on size mod 2048 (which is usually just size).
+ *
+ * We only hold packets at the level of entire datagrams, not at the level
* of records. In particular, if the peer changes the way it packs multiple
* records into a single datagram, we don't necessarily count the number of
- * times a record has been dropped correctly. However, the only known reason
+ * times a record has been held correctly. However, the only known reason
* why a peer would change datagram packing is disabling the latter on
- * retransmission, in which case we'd drop involved records at most
- * DROP_MAX + 1 times. */
-void update_dropped( const packet *p )
-{
- size_t id = p->len % sizeof( dropped );
- ++dropped[id];
-}
+ * retransmission, in which case we'd hold involved records at most
+ * HOLD_MAX + 1 times.
+ */
+static unsigned char held[2048] = { 0 };
+#define HOLD_MAX 2
int handle_message( const char *way,
mbedtls_net_context *dst,
@@ -729,7 +724,7 @@
cur.dst = dst;
print_packet( &cur, NULL );
- id = cur.len % sizeof( dropped );
+ id = cur.len % sizeof( held );
if( strcmp( way, "S <- C" ) == 0 )
{
@@ -771,10 +766,10 @@
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
cur.len != (size_t) opt.protect_len &&
- dropped[id] < DROP_MAX &&
+ held[id] < HOLD_MAX &&
rand() % opt.drop == 0 ) )
{
- update_dropped( &cur );
+ ++held[id];
}
else if( ( opt.delay_ccs == 1 &&
strcmp( cur.type, "ChangeCipherSpec" ) == 0 ) ||
@@ -784,9 +779,10 @@
! ( opt.protect_hvr &&
strcmp( cur.type, "HelloVerifyRequest" ) == 0 ) &&
cur.len != (size_t) opt.protect_len &&
- dropped[id] < DROP_MAX &&
+ held[id] < HOLD_MAX &&
rand() % opt.delay == 0 ) )
{
+ ++held[id];
delay_packet( &cur );
}
else
@@ -897,7 +893,7 @@
* 3. Forward packets forever (kill the process to terminate it)
*/
clear_pending();
- memset( dropped, 0, sizeof( dropped ) );
+ memset( held, 0, sizeof( held ) );
nb_fds = client_fd.fd;
if( nb_fds < server_fd.fd )
@@ -1005,8 +1001,8 @@
for( delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++ )
{
- mbedtls_free( opt.delay_cli + delay_idx );
- mbedtls_free( opt.delay_srv + delay_idx );
+ mbedtls_free( opt.delay_cli[delay_idx] );
+ mbedtls_free( opt.delay_srv[delay_idx] );
}
mbedtls_net_free( &client_fd );
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 500acea..7214adb 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -19,7 +19,7 @@
# limitations under the License.
import re
-from typing import Iterable, Optional, Tuple
+from typing import Dict, Iterable, Optional, Pattern, Tuple
from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA
@@ -33,7 +33,7 @@
`name` is a string 'PSA_KEY_TYPE_xxx' which is the name of a PSA key
type macro. For key types that take arguments, the arguments can
be passed either through the optional argument `params` or by
- passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, param2)'
+ passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, ...)'
in `name` as a string.
"""
@@ -48,7 +48,7 @@
m = re.match(r'(\w+)\s*\((.*)\)\Z', self.name)
assert m is not None
self.name = m.group(1)
- params = ','.split(m.group(2))
+ params = m.group(2).split(',')
self.params = (None if params is None else
[param.strip() for param in params])
"""The parameters of the key type, if there are any.
@@ -136,3 +136,18 @@
return des3[:length]
return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) +
[self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]])
+
+ KEY_TYPE_FOR_SIGNATURE = {
+ 'PSA_KEY_USAGE_SIGN_HASH': re.compile('.*KEY_PAIR'),
+ 'PSA_KEY_USAGE_VERIFY_HASH': re.compile('.*KEY.*')
+ } #type: Dict[str, Pattern]
+ """Use a regexp to determine key types for which signature is possible
+ when using the actual usage flag.
+ """
+ def is_valid_for_signature(self, usage: str) -> bool:
+ """Determine if the key type is compatible with the specified
+ signitute type.
+
+ """
+ # This is just temporaly solution for the implicit usage flags.
+ return re.match(self.KEY_TYPE_FOR_SIGNATURE[usage], self.name) is not None
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
index a2192ba..f8d6155 100644
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@@ -18,7 +18,55 @@
import itertools
import re
-from typing import Dict, Iterable, Iterator, List, Set
+from typing import Dict, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union
+
+
+class ReadFileLineException(Exception):
+ def __init__(self, filename: str, line_number: Union[int, str]) -> None:
+ message = 'in {} at {}'.format(filename, line_number)
+ super(ReadFileLineException, self).__init__(message)
+ self.filename = filename
+ self.line_number = line_number
+
+
+class read_file_lines:
+ # Dear Pylint, conventionally, a context manager class name is lowercase.
+ # pylint: disable=invalid-name,too-few-public-methods
+ """Context manager to read a text file line by line.
+
+ ```
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ process(line)
+ ```
+ is equivalent to
+ ```
+ with open(filename, 'r') as input_file:
+ for line in input_file:
+ process(line)
+ ```
+ except that if process(line) raises an exception, then the read_file_lines
+ snippet annotates the exception with the file name and line number.
+ """
+ def __init__(self, filename: str, binary: bool = False) -> None:
+ self.filename = filename
+ self.line_number = 'entry' #type: Union[int, str]
+ self.generator = None #type: Optional[Iterable[Tuple[int, str]]]
+ self.binary = binary
+ def __enter__(self) -> 'read_file_lines':
+ self.generator = enumerate(open(self.filename,
+ 'rb' if self.binary else 'r'))
+ return self
+ def __iter__(self) -> Iterator[str]:
+ assert self.generator is not None
+ for line_number, content in self.generator:
+ self.line_number = line_number
+ yield content
+ self.line_number = 'exit'
+ def __exit__(self, exc_type, exc_value, exc_traceback) -> None:
+ if exc_type is not None:
+ raise ReadFileLineException(self.filename, self.line_number) \
+ from exc_value
class PSAMacroEnumerator:
@@ -33,11 +81,15 @@
`self.arguments_for` for arguments that are not of a kind that is
enumerated here.
"""
+ #pylint: disable=too-many-instance-attributes
def __init__(self) -> None:
"""Set up an empty set of known constructor macros.
"""
self.statuses = set() #type: Set[str]
+ self.lifetimes = set() #type: Set[str]
+ self.locations = set() #type: Set[str]
+ self.persistence_levels = set() #type: Set[str]
self.algorithms = set() #type: Set[str]
self.ecc_curves = set() #type: Set[str]
self.dh_groups = set() #type: Set[str]
@@ -48,6 +100,7 @@
self.ka_algorithms = set() #type: Set[str]
self.kdf_algorithms = set() #type: Set[str]
self.aead_algorithms = set() #type: Set[str]
+ self.sign_algorithms = set() #type: Set[str]
# macro name -> list of argument names
self.argspecs = {} #type: Dict[str, List[str]]
# argument name -> list of values
@@ -57,6 +110,20 @@
'tag_length': [],
'min_tag_length': [],
} #type: Dict[str, List[str]]
+ # Whether to include intermediate macros in enumerations. Intermediate
+ # macros serve as category headers and are not valid values of their
+ # type. See `is_internal_name`.
+ # Always false in this class, may be set to true in derived classes.
+ self.include_intermediate = False
+
+ def is_internal_name(self, name: str) -> bool:
+ """Whether this is an internal macro. Internal macros will be skipped."""
+ if not self.include_intermediate:
+ if name.endswith('_BASE') or name.endswith('_NONE'):
+ return True
+ if '_CATEGORY_' in name:
+ return True
+ return name.endswith('_FLAG') or name.endswith('_MASK')
def gather_arguments(self) -> None:
"""Populate the list of values for macro arguments.
@@ -68,12 +135,20 @@
self.arguments_for['ka_alg'] = sorted(self.ka_algorithms)
self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
+ self.arguments_for['sign_alg'] = sorted(self.sign_algorithms)
self.arguments_for['curve'] = sorted(self.ecc_curves)
self.arguments_for['group'] = sorted(self.dh_groups)
+ self.arguments_for['persistence'] = sorted(self.persistence_levels)
+ self.arguments_for['location'] = sorted(self.locations)
+ self.arguments_for['lifetime'] = sorted(self.lifetimes)
@staticmethod
def _format_arguments(name: str, arguments: Iterable[str]) -> str:
- """Format a macro call with arguments.."""
+ """Format a macro call with arguments.
+
+ The resulting format is consistent with
+ `InputsForTest.normalize_argument`.
+ """
return name + '(' + ', '.join(arguments) + ')'
_argument_split_re = re.compile(r' *, *')
@@ -111,6 +186,15 @@
except BaseException as e:
raise Exception('distribute_arguments({})'.format(name)) from e
+ def distribute_arguments_without_duplicates(
+ self, seen: Set[str], name: str
+ ) -> Iterator[str]:
+ """Same as `distribute_arguments`, but don't repeat seen results."""
+ for result in self.distribute_arguments(name):
+ if result not in seen:
+ seen.add(result)
+ yield result
+
def generate_expressions(self, names: Iterable[str]) -> Iterator[str]:
"""Generate expressions covering values constructed from the given names.
@@ -123,7 +207,11 @@
* ``macros.generate_expressions(macros.key_types)`` generates all
key types.
"""
- return itertools.chain(*map(self.distribute_arguments, names))
+ seen = set() #type: Set[str]
+ return itertools.chain(*(
+ self.distribute_arguments_without_duplicates(seen, name)
+ for name in names
+ ))
class PSAMacroCollector(PSAMacroEnumerator):
@@ -144,15 +232,6 @@
self.key_types_from_group = {} #type: Dict[str, str]
self.algorithms_from_hash = {} #type: Dict[str, str]
- def is_internal_name(self, name: str) -> bool:
- """Whether this is an internal macro. Internal macros will be skipped."""
- if not self.include_intermediate:
- if name.endswith('_BASE') or name.endswith('_NONE'):
- return True
- if '_CATEGORY_' in name:
- return True
- return name.endswith('_FLAG') or name.endswith('_MASK')
-
def record_algorithm_subtype(self, name: str, expansion: str) -> None:
"""Record the subtype of an algorithm constructor.
@@ -251,3 +330,183 @@
m = re.search(self._continued_line_re, line)
line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
self.read_line(line)
+
+
+class InputsForTest(PSAMacroEnumerator):
+ # pylint: disable=too-many-instance-attributes
+ """Accumulate information about macros to test.
+enumerate
+ This includes macro names as well as information about their arguments
+ when applicable.
+ """
+
+ def __init__(self) -> None:
+ super().__init__()
+ self.all_declared = set() #type: Set[str]
+ # Identifier prefixes
+ self.table_by_prefix = {
+ 'ERROR': self.statuses,
+ 'ALG': self.algorithms,
+ 'ECC_CURVE': self.ecc_curves,
+ 'DH_GROUP': self.dh_groups,
+ 'KEY_LIFETIME': self.lifetimes,
+ 'KEY_LOCATION': self.locations,
+ 'KEY_PERSISTENCE': self.persistence_levels,
+ 'KEY_TYPE': self.key_types,
+ 'KEY_USAGE': self.key_usage_flags,
+ } #type: Dict[str, Set[str]]
+ # Test functions
+ self.table_by_test_function = {
+ # Any function ending in _algorithm also gets added to
+ # self.algorithms.
+ 'key_type': [self.key_types],
+ 'block_cipher_key_type': [self.key_types],
+ 'stream_cipher_key_type': [self.key_types],
+ 'ecc_key_family': [self.ecc_curves],
+ 'ecc_key_types': [self.ecc_curves],
+ 'dh_key_family': [self.dh_groups],
+ 'dh_key_types': [self.dh_groups],
+ 'hash_algorithm': [self.hash_algorithms],
+ 'mac_algorithm': [self.mac_algorithms],
+ 'cipher_algorithm': [],
+ 'hmac_algorithm': [self.mac_algorithms, self.sign_algorithms],
+ 'aead_algorithm': [self.aead_algorithms],
+ 'key_derivation_algorithm': [self.kdf_algorithms],
+ 'key_agreement_algorithm': [self.ka_algorithms],
+ 'asymmetric_signature_algorithm': [self.sign_algorithms],
+ 'asymmetric_signature_wildcard': [self.algorithms],
+ 'asymmetric_encryption_algorithm': [],
+ 'other_algorithm': [],
+ 'lifetime': [self.lifetimes],
+ } #type: Dict[str, List[Set[str]]]
+ self.arguments_for['mac_length'] += ['1', '63']
+ self.arguments_for['min_mac_length'] += ['1', '63']
+ self.arguments_for['tag_length'] += ['1', '63']
+ self.arguments_for['min_tag_length'] += ['1', '63']
+
+ def add_numerical_values(self) -> None:
+ """Add numerical values that are not supported to the known identifiers."""
+ # Sets of names per type
+ self.algorithms.add('0xffffffff')
+ self.ecc_curves.add('0xff')
+ self.dh_groups.add('0xff')
+ self.key_types.add('0xffff')
+ self.key_usage_flags.add('0x80000000')
+
+ # Hard-coded values for unknown algorithms
+ #
+ # These have to have values that are correct for their respective
+ # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
+ # not likely to be assigned in the near future.
+ self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH
+ self.mac_algorithms.add('0x03007fff')
+ self.ka_algorithms.add('0x09fc0000')
+ self.kdf_algorithms.add('0x080000ff')
+ # For AEAD algorithms, the only variability is over the tag length,
+ # and this only applies to known algorithms, so don't test an
+ # unknown algorithm.
+
+ def get_names(self, type_word: str) -> Set[str]:
+ """Return the set of known names of values of the given type."""
+ return {
+ 'status': self.statuses,
+ 'algorithm': self.algorithms,
+ 'ecc_curve': self.ecc_curves,
+ 'dh_group': self.dh_groups,
+ 'key_type': self.key_types,
+ 'key_usage': self.key_usage_flags,
+ }[type_word]
+
+ # Regex for interesting header lines.
+ # Groups: 1=macro name, 2=type, 3=argument list (optional).
+ _header_line_re = \
+ re.compile(r'#define +' +
+ r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
+ r'(?:\(([^\n()]*)\))?')
+ # Regex of macro names to exclude.
+ _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
+ # Additional excluded macros.
+ _excluded_names = set([
+ # Macros that provide an alternative way to build the same
+ # algorithm as another macro.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG',
+ 'PSA_ALG_FULL_LENGTH_MAC',
+ # Auxiliary macro whose name doesn't fit the usual patterns for
+ # auxiliary macros.
+ 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE',
+ ])
+ def parse_header_line(self, line: str) -> None:
+ """Parse a C header line, looking for "#define PSA_xxx"."""
+ m = re.match(self._header_line_re, line)
+ if not m:
+ return
+ name = m.group(1)
+ self.all_declared.add(name)
+ if re.search(self._excluded_name_re, name) or \
+ name in self._excluded_names or \
+ self.is_internal_name(name):
+ return
+ dest = self.table_by_prefix.get(m.group(2))
+ if dest is None:
+ return
+ dest.add(name)
+ if m.group(3):
+ self.argspecs[name] = self._argument_split(m.group(3))
+
+ _nonascii_re = re.compile(rb'[^\x00-\x7f]+') #type: Pattern
+ def parse_header(self, filename: str) -> None:
+ """Parse a C header file, looking for "#define PSA_xxx"."""
+ with read_file_lines(filename, binary=True) as lines:
+ for line in lines:
+ line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
+ self.parse_header_line(line)
+
+ _macro_identifier_re = re.compile(r'[A-Z]\w+')
+ def generate_undeclared_names(self, expr: str) -> Iterable[str]:
+ for name in re.findall(self._macro_identifier_re, expr):
+ if name not in self.all_declared:
+ yield name
+
+ def accept_test_case_line(self, function: str, argument: str) -> bool:
+ #pylint: disable=unused-argument
+ undeclared = list(self.generate_undeclared_names(argument))
+ if undeclared:
+ raise Exception('Undeclared names in test case', undeclared)
+ return True
+
+ @staticmethod
+ def normalize_argument(argument: str) -> str:
+ """Normalize whitespace in the given C expression.
+
+ The result uses the same whitespace as
+ ` PSAMacroEnumerator.distribute_arguments`.
+ """
+ return re.sub(r',', r', ', re.sub(r' +', r'', argument))
+
+ def add_test_case_line(self, function: str, argument: str) -> None:
+ """Parse a test case data line, looking for algorithm metadata tests."""
+ sets = []
+ if function.endswith('_algorithm'):
+ sets.append(self.algorithms)
+ if function == 'key_agreement_algorithm' and \
+ argument.startswith('PSA_ALG_KEY_AGREEMENT('):
+ # We only want *raw* key agreement algorithms as such, so
+ # exclude ones that are already chained with a KDF.
+ # Keep the expression as one to test as an algorithm.
+ function = 'other_algorithm'
+ sets += self.table_by_test_function[function]
+ if self.accept_test_case_line(function, argument):
+ for s in sets:
+ s.add(self.normalize_argument(argument))
+
+ # Regex matching a *.data line containing a test function call and
+ # its arguments. The actual definition is partly positional, but this
+ # regex is good enough in practice.
+ _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
+ def parse_test_cases(self, filename: str) -> None:
+ """Parse a test case file (*.data), looking for algorithm metadata tests."""
+ with read_file_lines(filename) as lines:
+ for line in lines:
+ m = re.match(self._test_case_line_re, line)
+ if m:
+ self.add_test_case_line(m.group(1), m.group(2))
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
index 3a74007..45f0380 100644
--- a/scripts/mbedtls_dev/psa_storage.py
+++ b/scripts/mbedtls_dev/psa_storage.py
@@ -164,6 +164,10 @@
"""
return self.bytes().hex()
+ def location_value(self) -> int:
+ """The numerical value of the location encoded in the key's lifetime."""
+ return self.lifetime.value() >> 8
+
class TestKey(unittest.TestCase):
# pylint: disable=line-too-long
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 049b130..75ef44e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -159,6 +159,8 @@
add_test_suite(psa_crypto_se_driver_hal_mocks)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.misc)
+add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.current)
+add_test_suite(psa_crypto_storage_format psa_crypto_storage_format.v0)
add_test_suite(psa_its)
add_test_suite(random)
add_test_suite(rsa)
diff --git a/tests/Makefile b/tests/Makefile
index d250d71..59ed45a 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -54,8 +54,7 @@
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
-# python2 for POSIX since FreeBSD has only python2 as default.
-PYTHON ?= python2
+PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi)
endif
# Zlib shared library extensions:
diff --git a/tests/compat.sh b/tests/compat.sh
index 6e0a8f9..29aa686 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -905,10 +905,23 @@
fi
M_SERVER_ARGS="server_port=$PORT server_addr=0.0.0.0 force_version=$MODE arc4=1"
- O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE -dhparam data_files/dhparams.pem"
+ O_SERVER_ARGS="-accept $PORT -cipher NULL,ALL -$MODE"
G_SERVER_ARGS="-p $PORT --http $G_MODE"
G_SERVER_PRIO="NORMAL:${G_PRIO_CCM}+ARCFOUR-128:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+SHA256:+SHA384:+RSA-PSK:-VERS-TLS-ALL:$G_PRIO_MODE"
+ # The default prime for `openssl s_server` depends on the version:
+ # * OpenSSL <= 1.0.2a: 512-bit
+ # * OpenSSL 1.0.2b to 1.1.1b: 1024-bit
+ # * OpenSSL >= 1.1.1c: 2048-bit
+ # Mbed TLS wants >=1024, so force that for older versions. Don't force
+ # it for newer versions, which reject a 1024-bit prime. Indifferently
+ # force it or not for intermediate versions.
+ case $($OPENSSL_CMD version) in
+ "OpenSSL 1.0"*)
+ O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem"
+ ;;
+ esac
+
# with OpenSSL 1.0.1h, -www, -WWW and -HTTP break DTLS handshakes
if is_dtls "$MODE"; then
O_SERVER_ARGS="$O_SERVER_ARGS"
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
new file mode 100644
index 0000000..f80fd86
--- /dev/null
+++ b/tests/include/spe/crypto_spe.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+/**
+ * \file crypto_spe.h
+ *
+ * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
+ * enabled, this header is included by all .c files in Mbed Crypto that
+ * use PSA Crypto function names. This avoids duplication of symbols
+ * between TF-M and Mbed Crypto.
+ *
+ * \note This file should be included before including any PSA Crypto headers
+ * from Mbed Crypto.
+ */
+
+#ifndef CRYPTO_SPE_H
+#define CRYPTO_SPE_H
+
+#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
+
+#define psa_crypto_init \
+ PSA_FUNCTION_NAME(psa_crypto_init)
+#define psa_key_derivation_get_capacity \
+ PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
+#define psa_key_derivation_set_capacity \
+ PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
+#define psa_key_derivation_input_bytes \
+ PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
+#define psa_key_derivation_output_bytes \
+ PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
+#define psa_key_derivation_input_key \
+ PSA_FUNCTION_NAME(psa_key_derivation_input_key)
+#define psa_key_derivation_output_key \
+ PSA_FUNCTION_NAME(psa_key_derivation_output_key)
+#define psa_key_derivation_setup \
+ PSA_FUNCTION_NAME(psa_key_derivation_setup)
+#define psa_key_derivation_abort \
+ PSA_FUNCTION_NAME(psa_key_derivation_abort)
+#define psa_key_derivation_key_agreement \
+ PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
+#define psa_raw_key_agreement \
+ PSA_FUNCTION_NAME(psa_raw_key_agreement)
+#define psa_generate_random \
+ PSA_FUNCTION_NAME(psa_generate_random)
+#define psa_aead_encrypt \
+ PSA_FUNCTION_NAME(psa_aead_encrypt)
+#define psa_aead_decrypt \
+ PSA_FUNCTION_NAME(psa_aead_decrypt)
+#define psa_open_key \
+ PSA_FUNCTION_NAME(psa_open_key)
+#define psa_close_key \
+ PSA_FUNCTION_NAME(psa_close_key)
+#define psa_import_key \
+ PSA_FUNCTION_NAME(psa_import_key)
+#define psa_destroy_key \
+ PSA_FUNCTION_NAME(psa_destroy_key)
+#define psa_get_key_attributes \
+ PSA_FUNCTION_NAME(psa_get_key_attributes)
+#define psa_reset_key_attributes \
+ PSA_FUNCTION_NAME(psa_reset_key_attributes)
+#define psa_export_key \
+ PSA_FUNCTION_NAME(psa_export_key)
+#define psa_export_public_key \
+ PSA_FUNCTION_NAME(psa_export_public_key)
+#define psa_purge_key \
+ PSA_FUNCTION_NAME(psa_purge_key)
+#define psa_copy_key \
+ PSA_FUNCTION_NAME(psa_copy_key)
+#define psa_cipher_operation_init \
+ PSA_FUNCTION_NAME(psa_cipher_operation_init)
+#define psa_cipher_generate_iv \
+ PSA_FUNCTION_NAME(psa_cipher_generate_iv)
+#define psa_cipher_set_iv \
+ PSA_FUNCTION_NAME(psa_cipher_set_iv)
+#define psa_cipher_encrypt_setup \
+ PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
+#define psa_cipher_decrypt_setup \
+ PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
+#define psa_cipher_update \
+ PSA_FUNCTION_NAME(psa_cipher_update)
+#define psa_cipher_finish \
+ PSA_FUNCTION_NAME(psa_cipher_finish)
+#define psa_cipher_abort \
+ PSA_FUNCTION_NAME(psa_cipher_abort)
+#define psa_hash_operation_init \
+ PSA_FUNCTION_NAME(psa_hash_operation_init)
+#define psa_hash_setup \
+ PSA_FUNCTION_NAME(psa_hash_setup)
+#define psa_hash_update \
+ PSA_FUNCTION_NAME(psa_hash_update)
+#define psa_hash_finish \
+ PSA_FUNCTION_NAME(psa_hash_finish)
+#define psa_hash_verify \
+ PSA_FUNCTION_NAME(psa_hash_verify)
+#define psa_hash_abort \
+ PSA_FUNCTION_NAME(psa_hash_abort)
+#define psa_hash_clone \
+ PSA_FUNCTION_NAME(psa_hash_clone)
+#define psa_hash_compute \
+ PSA_FUNCTION_NAME(psa_hash_compute)
+#define psa_hash_compare \
+ PSA_FUNCTION_NAME(psa_hash_compare)
+#define psa_mac_operation_init \
+ PSA_FUNCTION_NAME(psa_mac_operation_init)
+#define psa_mac_sign_setup \
+ PSA_FUNCTION_NAME(psa_mac_sign_setup)
+#define psa_mac_verify_setup \
+ PSA_FUNCTION_NAME(psa_mac_verify_setup)
+#define psa_mac_update \
+ PSA_FUNCTION_NAME(psa_mac_update)
+#define psa_mac_sign_finish \
+ PSA_FUNCTION_NAME(psa_mac_sign_finish)
+#define psa_mac_verify_finish \
+ PSA_FUNCTION_NAME(psa_mac_verify_finish)
+#define psa_mac_abort \
+ PSA_FUNCTION_NAME(psa_mac_abort)
+#define psa_sign_hash \
+ PSA_FUNCTION_NAME(psa_sign_hash)
+#define psa_verify_hash \
+ PSA_FUNCTION_NAME(psa_verify_hash)
+#define psa_asymmetric_encrypt \
+ PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
+#define psa_asymmetric_decrypt \
+ PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
+#define psa_generate_key \
+ PSA_FUNCTION_NAME(psa_generate_key)
+
+#endif /* CRYPTO_SPE_H */
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 1be8910..2207cb3 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -37,18 +37,19 @@
unsigned long hits;
/* Status returned by the last AEAD driver function call. */
psa_status_t driver_status;
-} test_driver_aead_hooks_t;
+} mbedtls_test_driver_aead_hooks_t;
-#define TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
-static inline test_driver_aead_hooks_t test_driver_aead_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
+static inline mbedtls_test_driver_aead_hooks_t
+ mbedtls_test_driver_aead_hooks_init( void )
{
- const test_driver_aead_hooks_t v = TEST_DRIVER_AEAD_INIT;
+ const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
return( v );
}
-extern test_driver_aead_hooks_t test_driver_aead_hooks;
+extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
-psa_status_t test_transparent_aead_encrypt(
+psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -57,7 +58,7 @@
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
-psa_status_t test_transparent_aead_decrypt(
+psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 6d6a6af..4fe5596 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -41,101 +41,102 @@
psa_status_t forced_status;
/* Count the amount of times one of the cipher driver functions is called. */
unsigned long hits;
-} test_driver_cipher_hooks_t;
+} mbedtls_test_driver_cipher_hooks_t;
-#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_cipher_hooks_t
+ mbedtls_test_driver_cipher_hooks_init( void )
{
- const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT;
+ const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
return( v );
}
-extern test_driver_cipher_hooks_t test_driver_cipher_hooks;
+extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
-psa_status_t test_transparent_cipher_encrypt(
+psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_decrypt(
+psa_status_t mbedtls_test_transparent_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_encrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_transparent_cipher_decrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_transparent_cipher_abort(
+psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation );
-psa_status_t test_transparent_cipher_set_iv(
+psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
-psa_status_t test_transparent_cipher_update(
+psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_finish(
+psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
/*
* opaque versions
*/
-psa_status_t test_opaque_cipher_encrypt(
+psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_decrypt(
+psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_encrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_opaque_cipher_decrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_opaque_cipher_abort(
+psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation);
-psa_status_t test_opaque_cipher_set_iv(
+psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
-psa_status_t test_opaque_cipher_update(
+psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_finish(
+psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
new file mode 100644
index 0000000..ebe83de
--- /dev/null
+++ b/tests/include/test/drivers/hash.h
@@ -0,0 +1,80 @@
+/*
+ * Test driver for hash driver entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
+#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+typedef struct {
+ /* If not PSA_SUCCESS, return this error code instead of processing the
+ * function call. */
+ psa_status_t forced_status;
+ /* Count the amount of times hash driver entry points are called. */
+ unsigned long hits;
+ /* Status returned by the last hash driver entry point call. */
+ psa_status_t driver_status;
+} mbedtls_test_driver_hash_hooks_t;
+
+#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
+static inline mbedtls_test_driver_hash_hooks_t
+ mbedtls_test_driver_hash_hooks_init( void )
+{
+ const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
+ return( v );
+}
+
+extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
+
+psa_status_t mbedtls_test_transparent_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size, size_t *hash_length );
+
+psa_status_t mbedtls_test_transparent_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_transparent_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation );
+
+psa_status_t mbedtls_test_transparent_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_test_transparent_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length );
+
+psa_status_t mbedtls_test_transparent_hash_abort(
+ mbedtls_psa_hash_operation_t *operation );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 100fc18..45814fd 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -42,41 +42,44 @@
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
-} test_driver_key_management_hooks_t;
+} mbedtls_test_driver_key_management_hooks_t;
-#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks_init( void )
{
- const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT;
+ const mbedtls_test_driver_key_management_hooks_t
+ v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
return( v );
}
-extern test_driver_key_management_hooks_t test_driver_key_management_hooks;
+extern mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks;
-psa_status_t test_transparent_generate_key(
+psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_opaque_generate_key(
+psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_opaque_export_key(
+psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_transparent_export_public_key(
+psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_opaque_export_public_key(
+psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_transparent_import_key(
+psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -85,7 +88,7 @@
size_t *key_buffer_length,
size_t *bits);
-psa_status_t test_opaque_get_builtin_key(
+psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
new file mode 100644
index 0000000..7733dd3
--- /dev/null
+++ b/tests/include/test/drivers/mac.h
@@ -0,0 +1,141 @@
+/*
+ * Test driver for MAC driver entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
+#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+typedef struct {
+ /* If not PSA_SUCCESS, return this error code instead of processing the
+ * function call. */
+ psa_status_t forced_status;
+ /* Count the amount of times MAC driver functions are called. */
+ unsigned long hits;
+ /* Status returned by the last MAC driver function call. */
+ psa_status_t driver_status;
+} mbedtls_test_driver_mac_hooks_t;
+
+#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 }
+static inline mbedtls_test_driver_mac_hooks_t
+ mbedtls_test_driver_mac_hooks_init( void )
+{
+ const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT;
+ return( v );
+}
+
+extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks;
+
+psa_status_t mbedtls_test_transparent_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_test_transparent_mac_sign_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_transparent_mac_verify_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_transparent_mac_update(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_test_transparent_mac_sign_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_test_transparent_mac_verify_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+psa_status_t mbedtls_test_transparent_mac_abort(
+ mbedtls_transparent_test_driver_mac_operation_t *operation );
+
+psa_status_t mbedtls_test_opaque_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_test_opaque_mac_sign_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_opaque_mac_verify_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_opaque_mac_update(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_test_opaque_mac_sign_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length );
+
+psa_status_t mbedtls_test_opaque_mac_verify_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length );
+
+psa_status_t mbedtls_test_opaque_mac_abort(
+ mbedtls_opaque_test_driver_mac_operation_t *operation );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index e785151..5e64edc 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -38,40 +38,86 @@
psa_status_t forced_status;
/* Count the amount of times one of the signature driver functions is called. */
unsigned long hits;
-} test_driver_signature_hooks_t;
+} mbedtls_test_driver_signature_hooks_t;
-#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_hooks_init( void )
{
- const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT;
+ const mbedtls_test_driver_signature_hooks_t
+ v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
return( v );
}
-extern test_driver_signature_hooks_t test_driver_signature_sign_hooks;
-extern test_driver_signature_hooks_t test_driver_signature_verify_hooks;
+extern mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_sign_hooks;
+extern mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_verify_hooks;
-psa_status_t test_transparent_signature_sign_hash(
+psa_status_t mbedtls_test_transparent_signature_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length );
+
+psa_status_t mbedtls_test_opaque_signature_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length );
+
+psa_status_t mbedtls_test_transparent_signature_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length );
+
+psa_status_t mbedtls_test_opaque_signature_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length );
+
+psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t test_opaque_signature_sign_hash(
+psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t test_transparent_signature_verify_hash(
+psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
-psa_status_t test_opaque_signature_verify_hash(
+psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
index 4bfe986..b2665bd 100644
--- a/tests/include/test/drivers/size.h
+++ b/tests/include/test/drivers/size.h
@@ -29,67 +29,9 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
-typedef struct {
- unsigned int context;
-} test_driver_key_context_t;
-
-/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
- *
- * This macro returns the base size for the key context. It is the size of the
- * driver specific information stored in each key context.
- */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
-
-/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE
- *
- * Number of bytes included in every key context for a key pair.
- *
- * This pair size is for an ECC 256-bit private/public key pair.
- * Based on this value, the size of the private key can be derived by
- * subtracting the public key size below from this one.
- */
-
-#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65
-
-/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
- *
- * Number of bytes included in every key context for a public key.
- *
- * For ECC public keys, it needs 257 bits so 33 bytes.
- */
-#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33
-
-/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
- *
- * Every key context for a symmetric key includes this many times the key size.
- */
-#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0
-
-/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY
- *
- * If this is true for a key pair, the key context includes space for the public key.
- * If this is false, no additional space is added for the public key.
- *
- * For this instance, store the public key with the private one.
- */
-#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1
-
-/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
- *
- * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver
- * provides a size_function entry point, otherwise, it does not.
- *
- * Some opaque drivers have the need to support a custom size for the storage
- * of key and context information. The size_function provides the ability to
- * provide that customization.
- */
-//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
-
-#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
-size_t test_size_function(
+size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
const size_t key_bits );
-#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 84d0caa..5b60932 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -23,9 +23,11 @@
#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
#include "test/drivers/aead.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/key_management.h"
#include "test/drivers/cipher.h"
+#include "test/drivers/hash.h"
+#include "test/drivers/mac.h"
+#include "test/drivers/key_management.h"
+#include "test/drivers/signature.h"
#include "test/drivers/size.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 9bfe085..dfc09cd 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -54,6 +54,10 @@
#include <stddef.h>
#include <stdint.h>
+#if defined(MBEDTLS_BIGNUM_C)
+#include "mbedtls/bignum.h"
+#endif
+
typedef enum
{
MBEDTLS_TEST_RESULT_SUCCESS = 0,
@@ -294,4 +298,25 @@
const char *file, int line);
#endif
+#if defined(MBEDTLS_BIGNUM_C)
+/** Read an MPI from a string.
+ *
+ * Like mbedtls_mpi_read_string(), but size the resulting bignum based
+ * on the number of digits in the string. In particular, construct a
+ * bignum with 0 limbs for an empty string, and a bignum with leading 0
+ * limbs if the string has sufficiently many leading 0 digits.
+ *
+ * This is important so that the "0 (null)" and "0 (1 limb)" and
+ * "leading zeros" test cases do what they claim.
+ *
+ * \param[out] X The MPI object to populate. It must be initialized.
+ * \param radix The radix (2 to 16).
+ * \param[in] s The null-terminated string to read from.
+ *
+ * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
+ */
+/* Since the library has exactly the desired behavior, this is trivial. */
+int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s );
+#endif /* MBEDTLS_BIGNUM_C */
+
#endif /* TEST_HELPERS_H */
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 450bc2c..b7b6e8f 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -282,38 +282,6 @@
#define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) );
-/** Allocate memory dynamically and fail the test case if this fails.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free( pointer )` in the test's cleanup code.
- *
- * If \p length is zero, the resulting \p pointer will be \c NULL.
- * This is usually what we want in tests since API functions are
- * supposed to accept null pointers when a buffer size is zero.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param length Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- */
-#define ASSERT_ALLOC( pointer, length ) \
- do \
- { \
- TEST_ASSERT( ( pointer ) == NULL ); \
- if( ( length ) != 0 ) \
- { \
- ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \
- ( length ) ); \
- TEST_ASSERT( ( pointer ) != NULL ); \
- } \
- } \
- while( 0 )
-
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 9881eae..8a8c37e 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -186,6 +186,14 @@
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
+/** Return extended key usage policies.
+ *
+ * Do a key policy permission extension on key usage policies always involves
+ * permissions of other usage policies
+ * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE).
+ */
+psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
+
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
index 5e7e4e6..6428280 100644
--- a/tests/include/test/random.h
+++ b/tests/include/test/random.h
@@ -36,8 +36,11 @@
typedef struct
{
- unsigned char *buf;
+ unsigned char *buf; /* Pointer to a buffer of length bytes. */
size_t length;
+ /* If fallback_f_rng is NULL, fail after delivering length bytes. */
+ int ( *fallback_f_rng )( void*, unsigned char *, size_t );
+ void *fallback_p_rng;
} mbedtls_test_rnd_buf_info;
/**
@@ -67,24 +70,25 @@
size_t len );
/**
- * This function only returns zeros
+ * This function only returns zeros.
*
- * rng_state shall be NULL.
+ * \p rng_state shall be \c NULL.
*/
int mbedtls_test_rnd_zero_rand( void *rng_state,
unsigned char *output,
size_t len );
/**
- * This function returns random based on a buffer it receives.
+ * This function returns random data based on a buffer it receives.
*
- * rng_state shall be a pointer to a rnd_buf_info structure.
+ * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
*
* The number of bytes released from the buffer on each call to
- * the random function is specified by per_call. (Can be between
- * 1 and 4)
+ * the random function is specified by \p len.
*
- * After the buffer is empty it will return rand();
+ * After the buffer is empty, this function will call the fallback RNG in the
+ * #mbedtls_test_rnd_buf_info structure if there is one, and
+ * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
*/
int mbedtls_test_rnd_buffer_rand( void *rng_state,
unsigned char *output,
@@ -96,7 +100,7 @@
* Pseudo random is based on the XTEA encryption algorithm to
* generate pseudorandom.
*
- * rng_state shall be a pointer to a rnd_pseudo_info structure.
+ * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
*/
int mbedtls_test_rnd_pseudo_rand( void *rng_state,
unsigned char *output,
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a85c7ce..388bdf8 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -798,6 +798,32 @@
make test
}
+# check_renamed_symbols HEADER LIB
+# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
+# name is LIB.
+check_renamed_symbols () {
+ ! nm "$2" | sed 's/.* //' |
+ grep -x -F "$(sed -n 's/^ *# *define *\([A-Z_a-z][0-9A-Z_a-z]*\)..*/\1/p' "$1")"
+}
+
+component_build_psa_crypto_spm () {
+ msg "build: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER + PSA_CRYPTO_SPM, make, gcc"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM
+ # We can only compile, not link, since our test and sample programs
+ # aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
+ # is active.
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
+
+ # Check that if a symbol is renamed by crypto_spe.h, the non-renamed
+ # version is not present.
+ echo "Checking for renamed symbols in the library"
+ if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+}
+
component_test_psa_crypto_client () {
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT, make"
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
@@ -848,6 +874,15 @@
support_test_zlib_make "$@"
}
+component_test_psa_crypto_rsa_no_genprime() {
+ msg "build: default config minus MBEDTLS_GENPRIME"
+ scripts/config.py unset MBEDTLS_GENPRIME
+ make
+
+ msg "test: default config minus MBEDTLS_GENPRIME"
+ make test
+}
+
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
@@ -1496,6 +1531,8 @@
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC"
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
@@ -2293,6 +2330,8 @@
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC"
+ loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC"
loc_cflags="${loc_cflags} -I../tests/include -O2"
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 23b3148..5e35be8 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -44,56 +44,56 @@
UPDATE='y'
fi
+# check SCRIPT FILENAME[...]
+# check SCRIPT DIRECTORY
+# Run SCRIPT and check that it does not modify any of the specified files.
+# In the first form, there can be any number of FILENAMEs, which must be
+# regular files.
+# In the second form, there must be a single DIRECTORY, standing for the
+# list of files in the directory. Running SCRIPT must not modify any file
+# in the directory and must not add or remove files either.
+# If $UPDATE is empty, abort with an error status if a file is modified.
check()
{
SCRIPT=$1
- TO_CHECK=$2
- PATTERN=""
- FILES=""
+ shift
- if [ -d $TO_CHECK ]; then
- for FILE in $TO_CHECK/*; do
- FILES="$FILE $FILES"
- done
- else
- FILES=$TO_CHECK
+ directory=
+ if [ -d "$1" ]; then
+ directory="$1"
+ set -- "$1"/*
fi
- for FILE in $FILES; do
- cp $FILE $FILE.bak
+ for FILE in "$@"; do
+ cp "$FILE" "$FILE.bak"
done
- $SCRIPT
+ "$SCRIPT"
# Compare the script output to the old files and remove backups
- for FILE in $FILES; do
- if ! diff $FILE $FILE.bak >/dev/null 2>&1; then
+ for FILE in "$@"; do
+ if ! diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
echo "'$FILE' was either modified or deleted by '$SCRIPT'"
if [ -z "$UPDATE" ]; then
exit 1
fi
fi
if [ -z "$UPDATE" ]; then
- mv $FILE.bak $FILE
+ mv "$FILE.bak" "$FILE"
else
- rm $FILE.bak
- fi
-
- if [ -d $TO_CHECK ]; then
- # Create a grep regular expression that we can check against the
- # directory contents to test whether new files have been created
- if [ -z $PATTERN ]; then
- PATTERN="$(basename $FILE)"
- else
- PATTERN="$PATTERN\|$(basename $FILE)"
- fi
+ rm "$FILE.bak"
fi
done
- if [ -d $TO_CHECK ]; then
+ if [ -n "$directory" ]; then
+ old_list="$*"
+ set -- "$directory"/*
+ new_list="$*"
# Check if there are any new files
- if ls -1 $TO_CHECK | grep -v "$PATTERN" >/dev/null 2>&1; then
- echo "Files were created by '$SCRIPT'"
+ if [ "$old_list" != "$new_list" ]; then
+ echo "Files were deleted or created by '$SCRIPT'"
+ echo "Before: $old_list"
+ echo "After: $new_list"
if [ -z "$UPDATE" ]; then
exit 1
fi
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 669c75d..441b1c2 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -58,6 +58,14 @@
"""
return [finish_family_dependency(dep, bits) for dep in dependencies]
+SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
+ 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
+ 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
+ 'PSA_ALG_ANY_HASH', # only in policies
+ 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
+ 'PSA_ALG_KEY_AGREEMENT', # chaining
+ 'PSA_ALG_TRUNCATED_MAC', # modifier
+])
def automatic_dependencies(*expressions: str) -> List[str]:
"""Infer dependencies of a test case by looking for PSA_xxx symbols.
@@ -68,6 +76,7 @@
used = set()
for expr in expressions:
used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+ used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
return sorted(psa_want_symbol(name) for name in used)
# A temporary hack: at the time of writing, not all dependency symbols
@@ -94,24 +103,27 @@
@staticmethod
def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroCollector
+ constructors: macro_collector.PSAMacroEnumerator
) -> None:
- # Mbed TLS doesn't support DSA. Don't attempt to generate any related
- # test case.
+ # Mbed TLS doesn't support finite-field DH yet and will not support
+ # finite-field DSA. Don't attempt to generate any related test case.
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR')
+ constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
- constructors.algorithms_from_hash.pop('PSA_ALG_DSA', None)
- constructors.algorithms_from_hash.pop('PSA_ALG_DETERMINISTIC_DSA', None)
- def read_psa_interface(self) -> macro_collector.PSAMacroCollector:
+ def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
"""Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.PSAMacroCollector()
+ constructors = macro_collector.InputsForTest()
header_file_names = ['include/psa/crypto_values.h',
'include/psa/crypto_extra.h']
+ test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
for header_file_name in header_file_names:
- with open(header_file_name, 'rb') as header_file:
- constructors.read_file(header_file)
+ constructors.parse_header(header_file_name)
+ for test_cases in test_suites:
+ constructors.parse_test_cases(test_cases)
self.remove_unwanted_macros(constructors)
+ constructors.gather_arguments()
return constructors
@@ -193,14 +205,18 @@
)
# To be added: derive
+ ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
+ 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
+
def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
"""Generate test cases that exercise the creation of keys of unsupported types."""
for key_type in sorted(self.constructors.key_types):
+ if key_type in self.ECC_KEY_TYPES:
+ continue
kt = crypto_knowledge.KeyType(key_type)
yield from self.test_cases_for_key_type_not_supported(kt)
for curve_family in sorted(self.constructors.ecc_curves):
- for constr in ('PSA_KEY_TYPE_ECC_KEY_PAIR',
- 'PSA_KEY_TYPE_ECC_PUBLIC_KEY'):
+ for constr in self.ECC_KEY_TYPES:
kt = crypto_knowledge.KeyType(constr, [curve_family])
yield from self.test_cases_for_key_type_not_supported(
kt, param_descr='type')
@@ -211,9 +227,50 @@
class StorageKey(psa_storage.Key):
"""Representation of a key for storage format testing."""
- def __init__(self, *, description: str, **kwargs) -> None:
+ IMPLICIT_USAGE_FLAGS = {
+ 'PSA_KEY_USAGE_SIGN_HASH': 'PSA_KEY_USAGE_SIGN_MESSAGE',
+ 'PSA_KEY_USAGE_VERIFY_HASH': 'PSA_KEY_USAGE_VERIFY_MESSAGE'
+ } #type: Dict[str, str]
+ """Mapping of usage flags to the flags that they imply."""
+
+ def __init__(
+ self,
+ usage: str,
+ without_implicit_usage: Optional[bool] = False,
+ **kwargs
+ ) -> None:
+ """Prepare to generate a key.
+
+ * `usage` : The usage flags used for the key.
+ * `without_implicit_usage`: Flag to defide to apply the usage extension
+ """
+ super().__init__(usage=usage, **kwargs)
+
+ if not without_implicit_usage:
+ for flag, implicit in self.IMPLICIT_USAGE_FLAGS.items():
+ if self.usage.value() & psa_storage.Expr(flag).value() and \
+ self.usage.value() & psa_storage.Expr(implicit).value() == 0:
+ self.usage = psa_storage.Expr(self.usage.string + ' | ' + implicit)
+
+class StorageTestData(StorageKey):
+ """Representation of test case data for storage format testing."""
+
+ def __init__(
+ self,
+ description: str,
+ expected_usage: Optional[str] = None,
+ **kwargs
+ ) -> None:
+ """Prepare to generate test data
+
+ * `description` : used for the the test case names
+ * `expected_usage`: the usage flags generated as the expected usage flags
+ in the test cases. CAn differ from the usage flags
+ stored in the keys because of the usage flags extension.
+ """
super().__init__(**kwargs)
self.description = description #type: str
+ self.expected_usage = expected_usage if expected_usage else self.usage.string #type: str
class StorageFormat:
"""Storage format stability test cases."""
@@ -228,11 +285,11 @@
generate backward compatibility test cases which inject a key
representation and check that it can be read and used.
"""
- self.constructors = info.constructors
- self.version = version
- self.forward = forward
+ self.constructors = info.constructors #type: macro_collector.PSAMacroEnumerator
+ self.version = version #type: int
+ self.forward = forward #type: bool
- def make_test_case(self, key: StorageKey) -> test_case.TestCase:
+ def make_test_case(self, key: StorageTestData) -> test_case.TestCase:
"""Construct a storage format test case for the given key.
If ``forward`` is true, generate a forward compatibility test case:
@@ -246,7 +303,7 @@
tc.set_description('PSA storage {}: {}'.format(verb, key.description))
dependencies = automatic_dependencies(
key.lifetime.string, key.type.string,
- key.usage.string, key.alg.string, key.alg2.string,
+ key.expected_usage, key.alg.string, key.alg2.string,
)
dependencies = finish_family_dependencies(dependencies, key.bits)
tc.set_dependencies(dependencies)
@@ -254,55 +311,112 @@
if self.forward:
extra_arguments = []
else:
+ flags = []
# Some test keys have the RAW_DATA type and attributes that don't
# necessarily make sense. We do this to validate numerical
# encodings of the attributes.
# Raw data keys have no useful exercise anyway so there is no
# loss of test coverage.
- exercise = key.type.string != 'PSA_KEY_TYPE_RAW_DATA'
- extra_arguments = ['1' if exercise else '0']
+ if key.type.string != 'PSA_KEY_TYPE_RAW_DATA':
+ flags.append('TEST_FLAG_EXERCISE')
+ if 'READ_ONLY' in key.lifetime.string:
+ flags.append('TEST_FLAG_READ_ONLY')
+ extra_arguments = [' | '.join(flags) if flags else '0']
tc.set_arguments([key.lifetime.string,
key.type.string, str(key.bits),
- key.usage.string, key.alg.string, key.alg2.string,
+ key.expected_usage, key.alg.string, key.alg2.string,
'"' + key.material.hex() + '"',
'"' + key.hex() + '"',
*extra_arguments])
return tc
- def key_for_usage_flags(
+ def key_for_lifetime(
+ self,
+ lifetime: str,
+ ) -> StorageTestData:
+ """Construct a test key for the given lifetime."""
+ short = lifetime
+ short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION',
+ r'', short)
+ short = re.sub(r'PSA_KEY_[A-Z]+_', r'', short)
+ description = 'lifetime: ' + short
+ key = StorageTestData(version=self.version,
+ id=1, lifetime=lifetime,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ usage='PSA_KEY_USAGE_EXPORT', alg=0, alg2=0,
+ material=b'L',
+ description=description)
+ return key
+
+ def all_keys_for_lifetimes(self) -> Iterator[StorageTestData]:
+ """Generate test keys covering lifetimes."""
+ lifetimes = sorted(self.constructors.lifetimes)
+ expressions = self.constructors.generate_expressions(lifetimes)
+ for lifetime in expressions:
+ # Don't attempt to create or load a volatile key in storage
+ if 'VOLATILE' in lifetime:
+ continue
+ # Don't attempt to create a read-only key in storage,
+ # but do attempt to load one.
+ if 'READ_ONLY' in lifetime and self.forward:
+ continue
+ yield self.key_for_lifetime(lifetime)
+
+ def keys_for_usage_flags(
self,
usage_flags: List[str],
- short: Optional[str] = None
- ) -> StorageKey:
+ short: Optional[str] = None,
+ test_implicit_usage: Optional[bool] = False
+ ) -> Iterator[StorageTestData]:
"""Construct a test key for the given key usage."""
usage = ' | '.join(usage_flags) if usage_flags else '0'
if short is None:
short = re.sub(r'\bPSA_KEY_USAGE_', r'', usage)
- description = 'usage: ' + short
- key = StorageKey(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=usage, alg=0, alg2=0,
- material=b'K',
- description=description)
- return key
+ extra_desc = ' with implication' if test_implicit_usage else ''
+ description = 'usage' + extra_desc + ': ' + short
+ key1 = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ expected_usage=usage,
+ usage=usage, alg=0, alg2=0,
+ material=b'K',
+ description=description)
+ yield key1
- def all_keys_for_usage_flags(self) -> Iterator[StorageKey]:
+ if test_implicit_usage:
+ description = 'usage without implication' + ': ' + short
+ key2 = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ without_implicit_usage=True,
+ usage=usage, alg=0, alg2=0,
+ material=b'K',
+ description=description)
+ yield key2
+
+ def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
"""Generate test keys covering usage flags."""
known_flags = sorted(self.constructors.key_usage_flags)
- yield self.key_for_usage_flags(['0'])
+ yield from self.keys_for_usage_flags(['0'], **kwargs)
for usage_flag in known_flags:
- yield self.key_for_usage_flags([usage_flag])
+ yield from self.keys_for_usage_flags([usage_flag], **kwargs)
for flag1, flag2 in zip(known_flags,
known_flags[1:] + [known_flags[0]]):
- yield self.key_for_usage_flags([flag1, flag2])
- yield self.key_for_usage_flags(known_flags, short='all known')
+ yield from self.keys_for_usage_flags([flag1, flag2], **kwargs)
+
+ def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
+ known_flags = sorted(self.constructors.key_usage_flags)
+ yield from self.keys_for_usage_flags(known_flags, short='all known')
+
+ def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
+ yield from self.generate_keys_for_usage_flags()
+ yield from self.generate_key_for_all_usage_flags()
def keys_for_type(
self,
key_type: str,
params: Optional[Iterable[str]] = None
- ) -> Iterator[StorageKey]:
+ ) -> Iterator[StorageTestData]:
"""Generate test keys for the given key type.
For key types that depend on a parameter (e.g. elliptic curve family),
@@ -319,65 +433,190 @@
r'',
kt.expression)
description = 'type: {} {}-bit'.format(short_expression, bits)
- key = StorageKey(version=self.version,
- id=1, lifetime=0x00000001,
- type=kt.expression, bits=bits,
- usage=usage_flags, alg=alg, alg2=alg2,
- material=key_material,
- description=description)
+ key = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type=kt.expression, bits=bits,
+ usage=usage_flags, alg=alg, alg2=alg2,
+ material=key_material,
+ description=description)
yield key
- def all_keys_for_types(self) -> Iterator[StorageKey]:
+ def all_keys_for_types(self) -> Iterator[StorageTestData]:
"""Generate test keys covering key types and their representations."""
- for key_type in sorted(self.constructors.key_types):
+ key_types = sorted(self.constructors.key_types)
+ for key_type in self.constructors.generate_expressions(key_types):
yield from self.keys_for_type(key_type)
- for key_type in sorted(self.constructors.key_types_from_curve):
- for curve in sorted(self.constructors.ecc_curves):
- yield from self.keys_for_type(key_type, [curve])
- ## Diffie-Hellman (FFDH) is not supported yet, either in
- ## crypto_knowledge.py or in Mbed TLS.
- # for key_type in sorted(self.constructors.key_types_from_group):
- # for group in sorted(self.constructors.dh_groups):
- # yield from self.keys_for_type(key_type, [group])
- def keys_for_algorithm(self, alg: str) -> Iterator[StorageKey]:
+ def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
"""Generate test keys for the specified algorithm."""
# For now, we don't have information on the compatibility of key
# types and algorithms. So we just test the encoding of algorithms,
# and not that operations can be performed with them.
- descr = alg
+ descr = re.sub(r'PSA_ALG_', r'', alg)
+ descr = re.sub(r',', r', ', re.sub(r' +', r'', descr))
usage = 'PSA_KEY_USAGE_EXPORT'
- key1 = StorageKey(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=usage, alg=alg, alg2=0,
- material=b'K',
- description='alg: ' + descr)
+ key1 = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ usage=usage, alg=alg, alg2=0,
+ material=b'K',
+ description='alg: ' + descr)
yield key1
- key2 = StorageKey(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=usage, alg=0, alg2=alg,
- material=b'L',
- description='alg2: ' + descr)
+ key2 = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type='PSA_KEY_TYPE_RAW_DATA', bits=8,
+ usage=usage, alg=0, alg2=alg,
+ material=b'L',
+ description='alg2: ' + descr)
yield key2
- def all_keys_for_algorithms(self) -> Iterator[StorageKey]:
+ def all_keys_for_algorithms(self) -> Iterator[StorageTestData]:
"""Generate test keys covering algorithm encodings."""
- for alg in sorted(self.constructors.algorithms):
+ algorithms = sorted(self.constructors.algorithms)
+ for alg in self.constructors.generate_expressions(algorithms):
yield from self.keys_for_algorithm(alg)
- # To do: algorithm constructors with parameters
+
+ def generate_all_keys(self) -> Iterator[StorageTestData]:
+ """Generate all keys for the test cases."""
+ yield from self.all_keys_for_lifetimes()
+ yield from self.all_keys_for_usage_flags()
+ yield from self.all_keys_for_types()
+ yield from self.all_keys_for_algorithms()
def all_test_cases(self) -> Iterator[test_case.TestCase]:
"""Generate all storage format test cases."""
- for key in self.all_keys_for_usage_flags():
+ # First build a list of all keys, then construct all the corresponding
+ # test cases. This allows all required information to be obtained in
+ # one go, which is a significant performance gain as the information
+ # includes numerical values obtained by compiling a C program.
+ all_keys = list(self.generate_all_keys())
+ for key in all_keys:
+ if key.location_value() != 0:
+ # Skip keys with a non-default location, because they
+ # require a driver and we currently have no mechanism to
+ # determine whether a driver is available.
+ continue
yield self.make_test_case(key)
- for key in self.all_keys_for_types():
- yield self.make_test_case(key)
- for key in self.all_keys_for_algorithms():
- yield self.make_test_case(key)
- # To do: vary id, lifetime
+class StorageFormatForward(StorageFormat):
+ """Storage format stability test cases for forward compatibility."""
+
+ def __init__(self, info: Information, version: int) -> None:
+ super().__init__(info, version, True)
+
+class StorageFormatV0(StorageFormat):
+ """Storage format stability test cases for version 0 compatibility."""
+
+ def __init__(self, info: Information) -> None:
+ super().__init__(info, 0, False)
+
+ def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
+ """Generate test keys covering usage flags."""
+ yield from self.generate_keys_for_usage_flags(test_implicit_usage=True)
+ yield from self.generate_key_for_all_usage_flags()
+
+ def keys_for_implicit_usage(
+ self,
+ implyer_usage: str,
+ alg: str,
+ key_type: crypto_knowledge.KeyType
+ ) -> StorageTestData:
+ # pylint: disable=too-many-locals
+ """Generate test keys for the specified implicit usage flag,
+ algorithm and key type combination.
+ """
+ bits = key_type.sizes_to_test()[0]
+ implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage]
+ usage_flags = 'PSA_KEY_USAGE_EXPORT'
+ material_usage_flags = usage_flags + ' | ' + implyer_usage
+ expected_usage_flags = material_usage_flags + ' | ' + implicit_usage
+ alg2 = 0
+ key_material = key_type.key_material(bits)
+ usage_expression = re.sub(r'PSA_KEY_USAGE_', r'', implyer_usage)
+ alg_expression = re.sub(r'PSA_ALG_', r'', alg)
+ alg_expression = re.sub(r',', r', ', re.sub(r' +', r'', alg_expression))
+ key_type_expression = re.sub(r'\bPSA_(?:KEY_TYPE|ECC_FAMILY)_',
+ r'',
+ key_type.expression)
+ description = 'implied by {}: {} {} {}-bit'.format(
+ usage_expression, alg_expression, key_type_expression, bits)
+ key = StorageTestData(version=self.version,
+ id=1, lifetime=0x00000001,
+ type=key_type.expression, bits=bits,
+ usage=material_usage_flags,
+ expected_usage=expected_usage_flags,
+ without_implicit_usage=True,
+ alg=alg, alg2=alg2,
+ material=key_material,
+ description=description)
+ return key
+
+ def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
+ # pylint: disable=too-many-locals
+ """Match possible key types for sign algorithms."""
+ # To create a valid combinaton both the algorithms and key types
+ # must be filtered. Pair them with keywords created from its names.
+ incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
+ incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
+ keyword_translation = {
+ 'ECDSA': 'ECC',
+ 'ED[0-9]*.*' : 'EDWARDS'
+ }
+ exclusive_keywords = {
+ 'EDWARDS': 'ECC'
+ }
+ key_types = set(self.constructors.generate_expressions(self.constructors.key_types))
+ algorithms = set(self.constructors.generate_expressions(self.constructors.sign_algorithms))
+ alg_with_keys = {} #type: Dict[str, List[str]]
+ translation_table = str.maketrans('(', '_', ')')
+ for alg in algorithms:
+ # Generate keywords from the name of the algorithm
+ alg_keywords = set(alg.partition('(')[0].split(sep='_')[2:])
+ # Translate keywords for better matching with the key types
+ for keyword in alg_keywords.copy():
+ for pattern, replace in keyword_translation.items():
+ if re.match(pattern, keyword):
+ alg_keywords.remove(keyword)
+ alg_keywords.add(replace)
+ # Filter out incompatible algortihms
+ if not alg_keywords.isdisjoint(incompatible_alg_keyword):
+ continue
+
+ for key_type in key_types:
+ # Generate keywords from the of the key type
+ key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
+
+ # Remove ambigious keywords
+ for keyword1, keyword2 in exclusive_keywords.items():
+ if keyword1 in key_type_keywords:
+ key_type_keywords.remove(keyword2)
+
+ if key_type_keywords.isdisjoint(incompatible_key_type_keywords) and\
+ not key_type_keywords.isdisjoint(alg_keywords):
+ if alg in alg_with_keys:
+ alg_with_keys[alg].append(key_type)
+ else:
+ alg_with_keys[alg] = [key_type]
+ return alg_with_keys
+
+ def all_keys_for_implicit_usage(self) -> Iterator[StorageTestData]:
+ """Generate test keys for usage flag extensions."""
+ # Generate a key type and algorithm pair for each extendable usage
+ # flag to generate a valid key for exercising. The key is generated
+ # without usage extension to check the extension compatiblity.
+ alg_with_keys = self.gather_key_types_for_sign_alg()
+
+ for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
+ for alg in sorted(alg_with_keys):
+ for key_type in sorted(alg_with_keys[alg]):
+ # The key types must be filtered to fit the specific usage flag.
+ kt = crypto_knowledge.KeyType(key_type)
+ if kt.is_valid_for_signature(usage):
+ yield self.keys_for_implicit_usage(usage, alg, kt)
+
+ def generate_all_keys(self) -> Iterator[StorageTestData]:
+ yield from super().generate_all_keys()
+ yield from self.all_keys_for_implicit_usage()
class TestGenerator:
"""Generate test data."""
@@ -409,9 +648,9 @@
'test_suite_psa_crypto_not_supported.generated':
lambda info: NotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_storage_format.current':
- lambda info: StorageFormat(info, 0, True).all_test_cases(),
+ lambda info: StorageFormatForward(info, 0).all_test_cases(),
'test_suite_psa_crypto_storage_format.v0':
- lambda info: StorageFormat(info, 0, False).all_test_cases(),
+ lambda info: StorageFormatV0(info).all_test_cases(),
} #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]]
def generate_target(self, name: str) -> None:
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index a8617a0..8ed9571 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -22,7 +22,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-1\.3\.h' )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h | egrep -v 'compat-1\.3\.h' )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index cf4175a..57263a3 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -36,8 +36,6 @@
},
'config-no-entropy.h' => {
},
- 'config-psa-crypto.h' => {
- },
'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index b3fdb8d..07c8ab2 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -28,231 +28,30 @@
import re
import subprocess
import sys
+from typing import Iterable, List, Optional, Tuple
import scripts_path # pylint: disable=unused-import
from mbedtls_dev import c_build_helper
-from mbedtls_dev import macro_collector
+from mbedtls_dev.macro_collector import InputsForTest, PSAMacroEnumerator
+from mbedtls_dev import typing_util
-class ReadFileLineException(Exception):
- def __init__(self, filename, line_number):
- message = 'in {} at {}'.format(filename, line_number)
- super(ReadFileLineException, self).__init__(message)
- self.filename = filename
- self.line_number = line_number
-
-class read_file_lines:
- # Dear Pylint, conventionally, a context manager class name is lowercase.
- # pylint: disable=invalid-name,too-few-public-methods
- """Context manager to read a text file line by line.
-
- ```
- with read_file_lines(filename) as lines:
- for line in lines:
- process(line)
- ```
- is equivalent to
- ```
- with open(filename, 'r') as input_file:
- for line in input_file:
- process(line)
- ```
- except that if process(line) raises an exception, then the read_file_lines
- snippet annotates the exception with the file name and line number.
- """
- def __init__(self, filename, binary=False):
- self.filename = filename
- self.line_number = 'entry'
- self.generator = None
- self.binary = binary
- def __enter__(self):
- self.generator = enumerate(open(self.filename,
- 'rb' if self.binary else 'r'))
- return self
- def __iter__(self):
- for line_number, content in self.generator:
- self.line_number = line_number
- yield content
- self.line_number = 'exit'
- def __exit__(self, exc_type, exc_value, exc_traceback):
- if exc_type is not None:
- raise ReadFileLineException(self.filename, self.line_number) \
- from exc_value
-
-class InputsForTest(macro_collector.PSAMacroEnumerator):
- # pylint: disable=too-many-instance-attributes
- """Accumulate information about macros to test.
-
- This includes macro names as well as information about their arguments
- when applicable.
- """
-
- def __init__(self):
- super().__init__()
- self.all_declared = set()
- # Sets of names per type
- self.statuses.add('PSA_SUCCESS')
- self.algorithms.add('0xffffffff')
- self.ecc_curves.add('0xff')
- self.dh_groups.add('0xff')
- self.key_types.add('0xffff')
- self.key_usage_flags.add('0x80000000')
-
- # Hard-coded values for unknown algorithms
- #
- # These have to have values that are correct for their respective
- # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
- # not likely to be assigned in the near future.
- self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH
- self.mac_algorithms.add('0x03007fff')
- self.ka_algorithms.add('0x09fc0000')
- self.kdf_algorithms.add('0x080000ff')
- # For AEAD algorithms, the only variability is over the tag length,
- # and this only applies to known algorithms, so don't test an
- # unknown algorithm.
-
- # Identifier prefixes
- self.table_by_prefix = {
- 'ERROR': self.statuses,
- 'ALG': self.algorithms,
- 'ECC_CURVE': self.ecc_curves,
- 'DH_GROUP': self.dh_groups,
- 'KEY_TYPE': self.key_types,
- 'KEY_USAGE': self.key_usage_flags,
- }
- # Test functions
- self.table_by_test_function = {
- # Any function ending in _algorithm also gets added to
- # self.algorithms.
- 'key_type': [self.key_types],
- 'block_cipher_key_type': [self.key_types],
- 'stream_cipher_key_type': [self.key_types],
- 'ecc_key_family': [self.ecc_curves],
- 'ecc_key_types': [self.ecc_curves],
- 'dh_key_family': [self.dh_groups],
- 'dh_key_types': [self.dh_groups],
- 'hash_algorithm': [self.hash_algorithms],
- 'mac_algorithm': [self.mac_algorithms],
- 'cipher_algorithm': [],
- 'hmac_algorithm': [self.mac_algorithms],
- 'aead_algorithm': [self.aead_algorithms],
- 'key_derivation_algorithm': [self.kdf_algorithms],
- 'key_agreement_algorithm': [self.ka_algorithms],
- 'asymmetric_signature_algorithm': [],
- 'asymmetric_signature_wildcard': [self.algorithms],
- 'asymmetric_encryption_algorithm': [],
- 'other_algorithm': [],
- }
- self.arguments_for['mac_length'] += ['1', '63']
- self.arguments_for['min_mac_length'] += ['1', '63']
- self.arguments_for['tag_length'] += ['1', '63']
- self.arguments_for['min_tag_length'] += ['1', '63']
-
- def get_names(self, type_word):
- """Return the set of known names of values of the given type."""
- return {
- 'status': self.statuses,
- 'algorithm': self.algorithms,
- 'ecc_curve': self.ecc_curves,
- 'dh_group': self.dh_groups,
- 'key_type': self.key_types,
- 'key_usage': self.key_usage_flags,
- }[type_word]
-
- # Regex for interesting header lines.
- # Groups: 1=macro name, 2=type, 3=argument list (optional).
- _header_line_re = \
- re.compile(r'#define +' +
- r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
- r'(?:\(([^\n()]*)\))?')
- # Regex of macro names to exclude.
- _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
- # Additional excluded macros.
- _excluded_names = set([
- # Macros that provide an alternative way to build the same
- # algorithm as another macro.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG',
- 'PSA_ALG_FULL_LENGTH_MAC',
- # Auxiliary macro whose name doesn't fit the usual patterns for
- # auxiliary macros.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE',
- ])
- def parse_header_line(self, line):
- """Parse a C header line, looking for "#define PSA_xxx"."""
- m = re.match(self._header_line_re, line)
- if not m:
- return
- name = m.group(1)
- self.all_declared.add(name)
- if re.search(self._excluded_name_re, name) or \
- name in self._excluded_names:
- return
- dest = self.table_by_prefix.get(m.group(2))
- if dest is None:
- return
- dest.add(name)
- if m.group(3):
- self.argspecs[name] = self._argument_split(m.group(3))
-
- _nonascii_re = re.compile(rb'[^\x00-\x7f]+')
- def parse_header(self, filename):
- """Parse a C header file, looking for "#define PSA_xxx"."""
- with read_file_lines(filename, binary=True) as lines:
- for line in lines:
- line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
- self.parse_header_line(line)
-
- _macro_identifier_re = re.compile(r'[A-Z]\w+')
- def generate_undeclared_names(self, expr):
- for name in re.findall(self._macro_identifier_re, expr):
- if name not in self.all_declared:
- yield name
-
- def accept_test_case_line(self, function, argument):
- #pylint: disable=unused-argument
- undeclared = list(self.generate_undeclared_names(argument))
- if undeclared:
- raise Exception('Undeclared names in test case', undeclared)
- return True
-
- def add_test_case_line(self, function, argument):
- """Parse a test case data line, looking for algorithm metadata tests."""
- sets = []
- if function.endswith('_algorithm'):
- sets.append(self.algorithms)
- if function == 'key_agreement_algorithm' and \
- argument.startswith('PSA_ALG_KEY_AGREEMENT('):
- # We only want *raw* key agreement algorithms as such, so
- # exclude ones that are already chained with a KDF.
- # Keep the expression as one to test as an algorithm.
- function = 'other_algorithm'
- sets += self.table_by_test_function[function]
- if self.accept_test_case_line(function, argument):
- for s in sets:
- s.add(argument)
-
- # Regex matching a *.data line containing a test function call and
- # its arguments. The actual definition is partly positional, but this
- # regex is good enough in practice.
- _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
- def parse_test_cases(self, filename):
- """Parse a test case file (*.data), looking for algorithm metadata tests."""
- with read_file_lines(filename) as lines:
- for line in lines:
- m = re.match(self._test_case_line_re, line)
- if m:
- self.add_test_case_line(m.group(1), m.group(2))
-
-def gather_inputs(headers, test_suites, inputs_class=InputsForTest):
+def gather_inputs(headers: Iterable[str],
+ test_suites: Iterable[str],
+ inputs_class=InputsForTest) -> PSAMacroEnumerator:
"""Read the list of inputs to test psa_constant_names with."""
inputs = inputs_class()
for header in headers:
inputs.parse_header(header)
for test_cases in test_suites:
inputs.parse_test_cases(test_cases)
+ inputs.add_numerical_values()
inputs.gather_arguments()
return inputs
-def run_c(type_word, expressions, include_path=None, keep_c=False):
+def run_c(type_word: str,
+ expressions: Iterable[str],
+ include_path: Optional[str] = None,
+ keep_c: bool = False) -> List[str]:
"""Generate and run a program to print out numerical values of C expressions."""
if type_word == 'status':
cast_to = 'long'
@@ -271,14 +70,17 @@
)
NORMALIZE_STRIP_RE = re.compile(r'\s+')
-def normalize(expr):
+def normalize(expr: str) -> str:
"""Normalize the C expression so as not to care about trivial differences.
Currently "trivial differences" means whitespace.
"""
return re.sub(NORMALIZE_STRIP_RE, '', expr)
-def collect_values(inputs, type_word, include_path=None, keep_c=False):
+def collect_values(inputs: InputsForTest,
+ type_word: str,
+ include_path: Optional[str] = None,
+ keep_c: bool = False) -> Tuple[List[str], List[str]]:
"""Generate expressions using known macro names and calculate their values.
Return a list of pairs of (expr, value) where expr is an expression and
@@ -296,12 +98,12 @@
Error = namedtuple('Error',
['type', 'expression', 'value', 'output'])
- def __init__(self, options):
+ def __init__(self, options) -> None:
self.options = options
self.count = 0
- self.errors = []
+ self.errors = [] #type: List[Tests.Error]
- def run_one(self, inputs, type_word):
+ def run_one(self, inputs: InputsForTest, type_word: str) -> None:
"""Test psa_constant_names for the specified type.
Run the program on the names for this type.
@@ -311,9 +113,10 @@
expressions, values = collect_values(inputs, type_word,
include_path=self.options.include,
keep_c=self.options.keep_c)
- output = subprocess.check_output([self.options.program, type_word] +
- values)
- outputs = output.decode('ascii').strip().split('\n')
+ output_bytes = subprocess.check_output([self.options.program,
+ type_word] + values)
+ output = output_bytes.decode('ascii')
+ outputs = output.strip().split('\n')
self.count += len(expressions)
for expr, value, output in zip(expressions, values, outputs):
if self.options.show:
@@ -324,13 +127,13 @@
value=value,
output=output))
- def run_all(self, inputs):
+ def run_all(self, inputs: InputsForTest) -> None:
"""Run psa_constant_names on all the gathered inputs."""
for type_word in ['status', 'algorithm', 'ecc_curve', 'dh_group',
'key_type', 'key_usage']:
self.run_one(inputs, type_word)
- def report(self, out):
+ def report(self, out: typing_util.Writable) -> None:
"""Describe each case where the output is not as expected.
Write the errors to ``out``.
@@ -365,7 +168,7 @@
help='Program to test')
parser.add_argument('--show',
action='store_true',
- help='Keep the intermediate C file')
+ help='Show tested values on stdout')
parser.add_argument('--no-show',
action='store_false', dest='show',
help='Don\'t show tested values (default)')
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
new file mode 100644
index 0000000..f95aa6b
--- /dev/null
+++ b/tests/src/drivers/hash.c
@@ -0,0 +1,161 @@
+/*
+ * Test driver for hash entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa_crypto_hash.h"
+
+#include "test/drivers/hash.h"
+
+mbedtls_test_driver_hash_hooks_t
+ mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
+
+psa_status_t mbedtls_test_transparent_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size, size_t *hash_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_compute(
+ alg, input, input_length,
+ hash, hash_size, hash_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_setup( operation, alg );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_clone( source_operation,
+ target_operation );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_update(
+ operation, input, input_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_finish(
+ operation, hash, hash_size, hash_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_abort(
+ mbedtls_transparent_test_driver_hash_operation_t *operation )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_abort( operation );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
index c877525..25396c9 100644
--- a/tests/src/drivers/test_driver_aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -28,9 +28,10 @@
#include "test/drivers/aead.h"
-test_driver_aead_hooks_t test_driver_aead_hooks = TEST_DRIVER_AEAD_INIT;
+mbedtls_test_driver_aead_hooks_t
+ mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
-psa_status_t test_transparent_aead_encrypt(
+psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -39,16 +40,16 @@
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
{
- test_driver_aead_hooks.hits++;
+ mbedtls_test_driver_aead_hooks.hits++;
- if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
{
- test_driver_aead_hooks.driver_status =
- test_driver_aead_hooks.forced_status;
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
}
else
{
- test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
@@ -58,10 +59,10 @@
ciphertext, ciphertext_size, ciphertext_length );
}
- return( test_driver_aead_hooks.driver_status );
+ return( mbedtls_test_driver_aead_hooks.driver_status );
}
-psa_status_t test_transparent_aead_decrypt(
+psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -70,16 +71,16 @@
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
{
- test_driver_aead_hooks.hits++;
+ mbedtls_test_driver_aead_hooks.hits++;
- if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
{
- test_driver_aead_hooks.driver_status =
- test_driver_aead_hooks.forced_status;
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
}
else
{
- test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
@@ -89,7 +90,7 @@
plaintext, plaintext_size, plaintext_length );
}
- return( test_driver_aead_hooks.driver_status );
+ return( mbedtls_test_driver_aead_hooks.driver_status );
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
index 4dc4678..6aca193 100644
--- a/tests/src/drivers/test_driver_cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -36,182 +36,88 @@
#include <string.h>
-/* Test driver implements AES-CTR only. Its default behaviour (when its return
- * status is not overridden through the hooks) is to take care of all AES-CTR
- * operations, and return PSA_ERROR_NOT_SUPPORTED for all others.
- * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use
- * fallback even for AES-CTR. */
-test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT;
+mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
+ MBEDTLS_TEST_DRIVER_CIPHER_INIT;
-static psa_status_t test_transparent_cipher_oneshot(
- mbedtls_operation_t direction,
+psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- /* Test driver supports AES-CTR only, to verify operation calls. */
- if( alg != PSA_ALG_CTR ||
- psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
- return( PSA_ERROR_NOT_SUPPORTED );
-
- /* If test driver response code is not SUCCESS, we can return early */
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
-
- /* If test driver output is overridden, we don't need to do actual crypto */
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
- /* Run AES-CTR using the cipher module */
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
+
+ psa_generate_random( output, PSA_CIPHER_IV_LENGTH( attributes->core.type, alg ) );
+
+ return( mbedtls_transparent_test_driver_cipher_encrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
+}
+
+psa_status_t mbedtls_test_transparent_cipher_decrypt(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length )
+{
+ mbedtls_test_driver_cipher_hooks.hits++;
+
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
- const mbedtls_cipher_info_t *cipher_info =
- mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES,
- key_length * 8,
- MBEDTLS_MODE_CTR );
- mbedtls_cipher_context_t cipher;
- int ret = 0;
- uint8_t temp_output_buffer[16] = {0};
- size_t temp_output_length = 0;
+ memcpy( output,
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- if( direction == MBEDTLS_ENCRYPT )
- {
- /* Oneshot encrypt needs to prepend the IV to the output */
- if( output_size < ( input_length + 16 ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- }
- else
- {
- /* Oneshot decrypt has the IV prepended to the input */
- if( output_size < ( input_length - 16 ) )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- }
-
- if( cipher_info == NULL )
- return( PSA_ERROR_NOT_SUPPORTED );
-
- mbedtls_cipher_init( &cipher );
- ret = mbedtls_cipher_setup( &cipher, cipher_info );
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_cipher_setkey( &cipher,
- key,
- key_length * 8, direction );
- if( ret != 0 )
- goto exit;
-
- if( direction == MBEDTLS_ENCRYPT )
- {
- mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
-
- ret = mbedtls_test_rnd_pseudo_rand( &rnd_info,
- temp_output_buffer,
- 16 );
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 );
- }
- else
- ret = mbedtls_cipher_set_iv( &cipher, input, 16 );
-
- if( ret != 0 )
- goto exit;
-
- if( direction == MBEDTLS_ENCRYPT )
- {
- ret = mbedtls_cipher_update( &cipher,
- input, input_length,
- &output[16], output_length );
- if( ret == 0 )
- {
- memcpy( output, temp_output_buffer, 16 );
- *output_length += 16;
- }
- }
- else
- ret = mbedtls_cipher_update( &cipher,
- &input[16], input_length - 16,
- output, output_length );
-
- if( ret != 0 )
- goto exit;
-
- ret = mbedtls_cipher_finish( &cipher,
- temp_output_buffer,
- &temp_output_length );
-
-exit:
- if( ret != 0 )
- {
- *output_length = 0;
- memset(output, 0, output_size);
- }
-
- mbedtls_cipher_free( &cipher );
- return( mbedtls_to_psa_error( ret ) );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
+
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
+
+ return( mbedtls_transparent_test_driver_cipher_decrypt(
+ attributes, key_buffer, key_buffer_size,
+ alg, input, input_length,
+ output, output_size, output_length ) );
}
-psa_status_t test_transparent_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- return (
- test_transparent_cipher_oneshot(
- MBEDTLS_ENCRYPT,
- attributes,
- key, key_length,
- alg,
- input, input_length,
- output, output_size, output_length) );
-}
-
-psa_status_t test_transparent_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- return (
- test_transparent_cipher_oneshot(
- MBEDTLS_DECRYPT,
- attributes,
- key, key_length,
- alg,
- input, input_length,
- output, output_size, output_length) );
-}
-
-psa_status_t test_transparent_cipher_encrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
@@ -219,32 +125,32 @@
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_encrypt_setup(
operation, attributes, key, key_length, alg ) );
}
-psa_status_t test_transparent_cipher_decrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_decrypt_setup(
operation, attributes, key, key_length, alg ) );
}
-psa_status_t test_transparent_cipher_abort(
+psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
if( operation->alg == 0 )
return( PSA_SUCCESS );
@@ -257,24 +163,24 @@
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
-psa_status_t test_transparent_cipher_set_iv(
+psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_set_iv(
operation, iv, iv_length ) );
}
-psa_status_t test_transparent_cipher_update(
+psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -282,52 +188,52 @@
size_t output_size,
size_t *output_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return PSA_ERROR_BUFFER_TOO_SMALL;
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_update(
operation, input, input_length,
output, output_size, output_length ) );
}
-psa_status_t test_transparent_cipher_finish(
+psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return PSA_ERROR_BUFFER_TOO_SMALL;
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_finish(
operation, output, output_size, output_length ) );
@@ -336,7 +242,7 @@
/*
* opaque versions, to do
*/
-psa_status_t test_opaque_cipher_encrypt(
+psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -355,7 +261,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_decrypt(
+psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -374,7 +280,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_encrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -388,7 +294,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_decrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -402,14 +308,14 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_abort(
+psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation )
{
(void) operation;
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_set_iv(
+psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
@@ -420,7 +326,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_update(
+psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -437,7 +343,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_finish(
+psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index a0626fb..19e1033 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -38,18 +38,18 @@
#include <string.h>
-test_driver_key_management_hooks_t test_driver_key_management_hooks =
- TEST_DRIVER_KEY_MANAGEMENT_INIT;
+mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
-const uint8_t test_driver_aes_key[16] =
+const uint8_t mbedtls_test_driver_aes_key[16] =
{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
-const uint8_t test_driver_ecdsa_key[32] =
+const uint8_t mbedtls_test_driver_ecdsa_key[32] =
{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
-const uint8_t test_driver_ecdsa_pubkey[65] =
+const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
{ 0x04,
0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
@@ -60,22 +60,23 @@
0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
-psa_status_t test_transparent_generate_key(
+psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length )
{
- ++test_driver_key_management_hooks.hits;
+ ++mbedtls_test_driver_key_management_hooks.hits;
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
- if( test_driver_key_management_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
{
- if( test_driver_key_management_hooks.forced_output_length > key_size )
+ if( mbedtls_test_driver_key_management_hooks.forced_output_length >
+ key_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( key, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *key_length = test_driver_key_management_hooks.forced_output_length;
+ memcpy( key, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length );
+ *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
return( PSA_SUCCESS );
}
@@ -102,7 +103,7 @@
}
}
-psa_status_t test_opaque_generate_key(
+psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length )
{
@@ -113,7 +114,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_transparent_import_key(
+psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -122,10 +123,10 @@
size_t *key_buffer_length,
size_t *bits)
{
- ++test_driver_key_management_hooks.hits;
+ ++mbedtls_test_driver_key_management_hooks.hits;
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_type_t type = psa_get_key_type( attributes );
@@ -168,7 +169,7 @@
return( status );
}
-psa_status_t test_opaque_export_key(
+psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length )
@@ -199,12 +200,12 @@
PSA_KEY_USAGE_EXPORT ) == 0 )
return( PSA_ERROR_CORRUPTION_DETECTED );
- if( data_size < sizeof( test_driver_ecdsa_key ) )
+ if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_ecdsa_key,
- sizeof( test_driver_ecdsa_key ) );
- *data_length = sizeof( test_driver_ecdsa_key );
+ memcpy( data, mbedtls_test_driver_ecdsa_key,
+ sizeof( mbedtls_test_driver_ecdsa_key ) );
+ *data_length = sizeof( mbedtls_test_driver_ecdsa_key );
return( PSA_SUCCESS );
case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
@@ -220,12 +221,12 @@
PSA_KEY_USAGE_EXPORT ) == 0 )
return( PSA_ERROR_CORRUPTION_DETECTED );
- if( data_size < sizeof( test_driver_aes_key ) )
+ if( data_size < sizeof( mbedtls_test_driver_aes_key ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_aes_key,
- sizeof( test_driver_aes_key ) );
- *data_length = sizeof( test_driver_aes_key );
+ memcpy( data, mbedtls_test_driver_aes_key,
+ sizeof( mbedtls_test_driver_aes_key ) );
+ *data_length = sizeof( mbedtls_test_driver_aes_key );
return( PSA_SUCCESS );
default:
@@ -233,23 +234,24 @@
}
}
-psa_status_t test_transparent_export_public_key(
+psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
uint8_t *data, size_t data_size, size_t *data_length )
{
- ++test_driver_key_management_hooks.hits;
+ ++mbedtls_test_driver_key_management_hooks.hits;
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
- if( test_driver_key_management_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
{
- if( test_driver_key_management_hooks.forced_output_length > data_size )
+ if( mbedtls_test_driver_key_management_hooks.forced_output_length >
+ data_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *data_length = test_driver_key_management_hooks.forced_output_length;
+ memcpy( data, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length );
+ *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
return( PSA_SUCCESS );
}
@@ -288,7 +290,7 @@
return( status );
}
-psa_status_t test_opaque_export_public_key(
+psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length )
@@ -315,12 +317,12 @@
PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
return( PSA_ERROR_CORRUPTION_DETECTED );
- if( data_size < sizeof( test_driver_ecdsa_pubkey ) )
+ if( data_size < sizeof( mbedtls_test_driver_ecdsa_pubkey ) )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_ecdsa_pubkey,
- sizeof( test_driver_ecdsa_pubkey ) );
- *data_length = sizeof( test_driver_ecdsa_pubkey );
+ memcpy( data, mbedtls_test_driver_ecdsa_pubkey,
+ sizeof( mbedtls_test_driver_ecdsa_pubkey ) );
+ *data_length = sizeof( mbedtls_test_driver_ecdsa_pubkey );
return( PSA_SUCCESS );
default:
@@ -338,7 +340,7 @@
* (i.e. for an actual driver this would mean 'builtin_key_size' =
* sizeof(psa_drv_slot_number_t)).
*/
-psa_status_t test_opaque_get_builtin_key(
+psa_status_t mbedtls_test_opaque_get_builtin_key(
psa_drv_slot_number_t slot_number,
psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
new file mode 100644
index 0000000..69af107
--- /dev/null
+++ b/tests/src/drivers/test_driver_mac.c
@@ -0,0 +1,362 @@
+/*
+ * Test driver for MAC entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa_crypto_mac.h"
+
+#include "test/drivers/mac.h"
+
+mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
+ MBEDTLS_TEST_DRIVER_MAC_INIT;
+
+psa_status_t mbedtls_test_transparent_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_sign_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_sign_setup(
+ operation, attributes, key_buffer, key_buffer_size, alg );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_verify_setup(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_verify_setup(
+ operation, attributes, key_buffer, key_buffer_size, alg );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_update(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_update(
+ operation, input, input_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_sign_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_sign_finish(
+ operation, mac, mac_size, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_verify_finish(
+ mbedtls_transparent_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_verify_finish(
+ operation, mac, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_mac_abort(
+ mbedtls_transparent_test_driver_mac_operation_t *operation )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_transparent_test_driver_mac_abort( operation );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_compute(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_compute(
+ attributes, key_buffer, key_buffer_size, alg,
+ input, input_length,
+ mac, mac_size, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_sign_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_sign_setup(
+ operation, attributes, key_buffer, key_buffer_size, alg );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_verify_setup(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_verify_setup(
+ operation, attributes, key_buffer, key_buffer_size, alg );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_update(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_update(
+ operation, input, input_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_sign_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_sign_finish(
+ operation, mac, mac_size, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_verify_finish(
+ mbedtls_opaque_test_driver_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_verify_finish(
+ operation, mac, mac_length );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_opaque_mac_abort(
+ mbedtls_opaque_test_driver_mac_operation_t *operation )
+{
+ mbedtls_test_driver_mac_hooks.hits++;
+
+ if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_test_driver_mac_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_mac_hooks.driver_status =
+ mbedtls_opaque_test_driver_mac_abort( operation );
+ }
+
+ return( mbedtls_test_driver_mac_hooks.driver_status );
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
index 47c6deb..14de831 100644
--- a/tests/src/drivers/test_driver_signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -29,6 +29,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
+#include "psa_crypto_hash.h"
#include "psa_crypto_rsa.h"
#include "mbedtls/ecp.h"
@@ -41,31 +42,22 @@
#include <string.h>
-test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT;
-test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT;
+mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
+mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-psa_status_t test_transparent_signature_sign_hash(
+psa_status_t sign_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
{
- ++test_driver_signature_sign_hooks.hits;
-
- if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_signature_sign_hooks.forced_status );
-
- if( test_driver_signature_sign_hooks.forced_output != NULL )
- {
- if( test_driver_signature_sign_hooks.forced_output_length > signature_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( signature, test_driver_signature_sign_hooks.forced_output,
- test_driver_signature_sign_hooks.forced_output_length );
- *signature_length = test_driver_signature_sign_hooks.forced_output_length;
- return( PSA_SUCCESS );
- }
-
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
@@ -120,38 +112,16 @@
}
}
-psa_status_t test_opaque_signature_sign_hash(
+psa_status_t verify_hash(
const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length )
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length )
{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
-
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t test_transparent_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length )
-{
- ++test_driver_signature_verify_hooks.hits;
-
- if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_signature_verify_hooks.forced_status );
-
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
@@ -200,7 +170,192 @@
}
}
-psa_status_t test_opaque_signature_verify_hash(
+psa_status_t mbedtls_test_transparent_signature_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t hash_length;
+ uint8_t hash[PSA_HASH_MAX_SIZE];
+
+ ++mbedtls_test_driver_signature_sign_hooks.hits;
+
+ if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_sign_hooks.forced_status );
+
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
+ {
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length );
+ *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
+
+ return( PSA_SUCCESS );
+ }
+
+ status = mbedtls_transparent_test_driver_hash_compute(
+ PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
+ hash, sizeof( hash ), &hash_length );
+
+ if( status != PSA_SUCCESS )
+ return status;
+
+ return sign_hash( attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length );
+}
+
+psa_status_t mbedtls_test_opaque_signature_sign_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) signature;
+ (void) signature_size;
+ (void) signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_transparent_signature_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ size_t hash_length;
+ uint8_t hash[PSA_HASH_MAX_SIZE];
+
+ ++mbedtls_test_driver_signature_verify_hooks.hits;
+
+ if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_verify_hooks.forced_status );
+
+ status = mbedtls_transparent_test_driver_hash_compute(
+ PSA_ALG_SIGN_GET_HASH( alg ), input, input_length,
+ hash, sizeof( hash ), &hash_length );
+
+ if( status != PSA_SUCCESS )
+ return status;
+
+ return verify_hash( attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length );
+}
+
+psa_status_t mbedtls_test_opaque_signature_verify_message(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key,
+ size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) input;
+ (void) input_length;
+ (void) signature;
+ (void) signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_transparent_signature_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ ++mbedtls_test_driver_signature_sign_hooks.hits;
+
+ if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_sign_hooks.forced_status );
+
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
+ {
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length );
+ *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ return sign_hash( attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_size, signature_length );
+}
+
+psa_status_t mbedtls_test_opaque_signature_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size, size_t *signature_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_length;
+ (void) alg;
+ (void) hash;
+ (void) hash_length;
+ (void) signature;
+ (void) signature_size;
+ (void) signature_length;
+
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_transparent_signature_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length )
+{
+ ++mbedtls_test_driver_signature_verify_hooks.hits;
+
+ if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_verify_hooks.forced_status );
+
+ return verify_hash( attributes, key_buffer, key_buffer_size,
+ alg, hash, hash_length,
+ signature, signature_length );
+}
+
+psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
index 16a8692..d8bcaee 100644
--- a/tests/src/drivers/test_driver_size.c
+++ b/tests/src/drivers/test_driver_size.c
@@ -27,16 +27,75 @@
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#include "test/drivers/size.h"
+#include "psa/crypto.h"
-#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION
-size_t test_size_function(
+typedef struct {
+ unsigned int context;
+} test_driver_key_context_t;
+
+/*
+ * This macro returns the base size for the key context. It is the size of the
+ * driver specific information stored in each key context.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
+
+/*
+ * Number of bytes included in every key context for a key pair.
+ *
+ * This pair size is for an ECC 256-bit private/public key pair.
+ * Based on this value, the size of the private key can be derived by
+ * subtracting the public key size below from this one.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65
+
+/*
+ * Number of bytes included in every key context for a public key.
+ *
+ * For ECC public keys, it needs 257 bits so 33 bytes.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33
+
+/*
+ * Every key context for a symmetric key includes this many times the key size.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0
+
+/*
+ * If this is true for a key pair, the key context includes space for the public key.
+ * If this is false, no additional space is added for the public key.
+ *
+ * For this instance, store the public key with the private one.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1
+
+size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
const size_t key_bits )
{
- (void) key_type;
- (void) key_bits;
- return 0;
-}
-#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */
+ size_t key_buffer_size = 0;
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
+ {
+ int public_key_overhead =
+ ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 )
+ ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE +
+ public_key_overhead;
+ }
+ else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
+ {
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
+ }
+ else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
+ {
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR *
+ ( ( key_bits + 7 ) / 8 ) );
+ }
+
+ return( key_buffer_size );
+}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index b7c9867..bf6c1d9 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -338,3 +338,18 @@
}
}
#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_BIGNUM_C)
+int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s )
+{
+ /* mbedtls_mpi_read_string() currently retains leading zeros.
+ * It always allocates at least one limb for the value 0. */
+ if( s[0] == 0 )
+ {
+ mbedtls_mpi_free( X );
+ return( 0 );
+ }
+ else
+ return( mbedtls_mpi_read_string( X, radix, s ) );
+}
+#endif
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index f2222cb..d9d841a 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -114,4 +114,17 @@
}
#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
+psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags )
+{
+ psa_key_usage_t updated_usage = usage_flags;
+
+ if( usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+ updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
+
+ if( usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+ updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+
+ return( updated_usage );
+}
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index e7e6863..e4e55c9 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -297,46 +297,78 @@
psa_key_usage_t usage,
psa_algorithm_t alg )
{
- unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
- size_t payload_length = 16;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
- size_t signature_length = sizeof( signature );
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
-
- /* If the policy allows signing with any hash, just pick one. */
- if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+ if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) )
{
-#if defined(KNOWN_SUPPORTED_HASH_ALG)
- hash_alg = KNOWN_SUPPORTED_HASH_ALG;
- alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
-#else
- TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
-#endif
- }
+ unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
+ size_t payload_length = 16;
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
+ size_t signature_length = sizeof( signature );
+ psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
- if( usage & PSA_KEY_USAGE_SIGN_HASH )
- {
+ /* If the policy allows signing with any hash, just pick one. */
+ if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH )
+ {
+ #if defined(KNOWN_SUPPORTED_HASH_ALG)
+ hash_alg = KNOWN_SUPPORTED_HASH_ALG;
+ alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
+ #else
+ TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" );
+ #endif
+ }
+
/* Some algorithms require the payload to have the size of
* the hash encoded in the algorithm. Use this input size
* even for algorithms that allow other input sizes. */
if( hash_alg != 0 )
payload_length = PSA_HASH_LENGTH( hash_alg );
- PSA_ASSERT( psa_sign_hash( key, alg,
- payload, payload_length,
- signature, sizeof( signature ),
- &signature_length ) );
+
+ if( usage & PSA_KEY_USAGE_SIGN_HASH )
+ {
+ PSA_ASSERT( psa_sign_hash( key, alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_VERIFY_HASH )
+ {
+ psa_status_t verify_status =
+ ( usage & PSA_KEY_USAGE_SIGN_HASH ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL( psa_verify_hash( key, alg,
+ payload, payload_length,
+ signature, signature_length ),
+ verify_status );
+ }
}
- if( usage & PSA_KEY_USAGE_VERIFY_HASH )
+ if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) )
{
- psa_status_t verify_status =
- ( usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE );
- TEST_EQUAL( psa_verify_hash( key, alg,
- payload, payload_length,
- signature, signature_length ),
- verify_status );
+ unsigned char message[256] = "Hello, world...";
+ unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
+ size_t message_length = 16;
+ size_t signature_length = sizeof( signature );
+
+ if( usage & PSA_KEY_USAGE_SIGN_MESSAGE )
+ {
+ PSA_ASSERT( psa_sign_message( key, alg,
+ message, message_length,
+ signature, sizeof( signature ),
+ &signature_length ) );
+ }
+
+ if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE )
+ {
+ psa_status_t verify_status =
+ ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
+ PSA_SUCCESS :
+ PSA_ERROR_INVALID_SIGNATURE );
+ TEST_EQUAL( psa_verify_message( key, alg,
+ message, message_length,
+ signature, signature_length ),
+ verify_status );
+ }
}
return( 1 );
@@ -893,6 +925,19 @@
{
if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) )
{
+ if( PSA_ALG_IS_HASH_AND_SIGN( alg ) )
+ {
+ if( PSA_ALG_SIGN_GET_HASH( alg ) )
+ return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
+ PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
+ }
+ else if( PSA_ALG_IS_SIGN_MESSAGE( alg) )
+ return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
+ PSA_KEY_USAGE_VERIFY_MESSAGE :
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE );
+
return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ?
PSA_KEY_USAGE_VERIFY_HASH :
PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH );
diff --git a/tests/src/random.c b/tests/src/random.c
index e01bd4d..7f3f401 100644
--- a/tests/src/random.c
+++ b/tests/src/random.c
@@ -35,6 +35,8 @@
#include <test/random.h>
#include <string.h>
+#include <mbedtls/entropy.h>
+
int mbedtls_test_rnd_std_rand( void *rng_state,
unsigned char *output,
size_t len )
@@ -91,8 +93,16 @@
}
if( len - use_len > 0 )
- return( mbedtls_test_rnd_std_rand( NULL, output + use_len,
- len - use_len ) );
+ {
+ if( info->fallback_f_rng != NULL )
+ {
+ return( info->fallback_f_rng( info->fallback_p_rng,
+ output + use_len,
+ len - use_len ) );
+ }
+ else
+ return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+ }
return( 0 );
}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2fe73a9..5954004 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1197,7 +1197,7 @@
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
+O_SRV="$O_SRV -accept $SRV_PORT"
O_CLI="$O_CLI -connect localhost:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
@@ -5992,7 +5992,7 @@
-S "SSL - Verification of the message MAC failed"
server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: password mismatch, TLS" \
"$P_SRV debug_level=3 ecjpake_pw=bla" \
"$P_CLI debug_level=3 ecjpake_pw=bad \
@@ -6001,7 +6001,7 @@
-C "re-using cached ecjpake parameters" \
-s "SSL - Verification of the message MAC failed"
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -6010,7 +6010,7 @@
-c "re-using cached ecjpake parameters" \
-S "SSL - Verification of the message MAC failed"
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS, no cookie" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
@@ -6020,7 +6020,7 @@
-S "SSL - Verification of the message MAC failed"
server_needs_more_time 1
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: password mismatch, DTLS" \
"$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
"$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
@@ -6030,7 +6030,7 @@
-s "SSL - Verification of the message MAC failed"
# for tests with configs/config-thread.h
-requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
run_test "ECJPAKE: working, DTLS, nolog" \
"$P_SRV dtls=1 ecjpake_pw=bla" \
"$P_CLI dtls=1 ecjpake_pw=bla \
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index d83d751..a5fd717 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -33,7 +33,7 @@
*
* \return 0 if success else 1
*/
-int verify_int( char *str, int *value )
+int verify_int( char *str, int32_t *value )
{
size_t i;
int minus = 0;
@@ -238,7 +238,7 @@
*
* \return 0 for success else 1
*/
-static int convert_params( size_t cnt , char ** params , int * int_params_store )
+static int convert_params( size_t cnt , char ** params , int32_t * int_params_store )
{
char ** cur = params;
char ** out = params;
@@ -520,7 +520,7 @@
char buf[5000];
char *params[50];
/* Store for proccessed integer params. */
- int int_params[50];
+ int32_t int_params[50];
void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 754a167..a90277d 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -210,6 +210,8 @@
/* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as
* otherwise we wouldn't get to the size check we're interested in. */
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval );
+exit:
+ mbedtls_aes_xts_free( &ctx );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 47a4340..414278f 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -417,7 +417,7 @@
}
#if defined(MBEDTLS_BIGNUM_C)
- ret = mbedtls_mpi_read_string( &expected_mpi, 16, expected_hex );
+ ret = mbedtls_test_read_mpi( &expected_mpi, 16, expected_hex );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
if( ret == MBEDTLS_ERR_MPI_BAD_INPUT_DATA )
{
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index eb99b79..6d57442 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -37,6 +37,27 @@
Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
+Debug print mbedtls_mpi: 0 (empty representation)
+mbedtls_debug_print_mpi:16:"":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
+
+Debug print mbedtls_mpi: 0 (non-empty representation)
+mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
+
+Debug print mbedtls_mpi #2: 3 bits
+mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
+
+Debug print mbedtls_mpi: 49 bits
+mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
+
+Debug print mbedtls_mpi: 759 bits
+mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
+Debug print mbedtls_mpi: 764 bits #1
+mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
+Debug print mbedtls_mpi: 764 bits #2
+mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
+
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
@@ -44,21 +65,3 @@
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
-
-Debug print mbedtls_mpi #1
-mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
-
-Debug print mbedtls_mpi #2
-mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
-
-Debug print mbedtls_mpi #3
-mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
-
-Debug print mbedtls_mpi #4
-mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #5
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
-
-Debug print mbedtls_mpi #6
-mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 377d630..fe5549a 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -179,7 +179,7 @@
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data
index c4795b6..4e13e48 100644
--- a/tests/suites/test_suite_dhm.data
+++ b/tests/suites/test_suite_dhm.data
@@ -1,26 +1,110 @@
+Diffie-Hellman full exchange: tiny x_size
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
Diffie-Hellman parameter validation
dhm_invalid_params:
-Diffie-Hellman full exchange #1
-dhm_do_dhm:10:"23":10:"5":0
+Diffie-Hellman full exchange: 5-bit, x_size=3
+dhm_do_dhm:10:"23":3:10:"5":0
-Diffie-Hellman full exchange #2
-dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622":0
+Diffie-Hellman full exchange: 5-bit, x_size=2
+dhm_do_dhm:10:"23":2:10:"5":0
-Diffie-Hellman full exchange #3
-dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
+## Repeat this test case and a few similar ones several times. The RNG state
+## changes, so we get to exercise the code with a few different values.
+Diffie-Hellman full exchange: 5-bit #1
+dhm_do_dhm:10:"23":1:10:"5":0
-Diffie-Hellman trivial subgroup #1
-dhm_do_dhm:10:"23":10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+Diffie-Hellman full exchange: 5-bit #2
+dhm_do_dhm:10:"23":1:10:"5":0
-Diffie-Hellman trivial subgroup #2
-dhm_do_dhm:10:"23":10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+Diffie-Hellman full exchange: 5-bit #3
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #4
+dhm_do_dhm:10:"23":1:10:"5":0
+
+Diffie-Hellman full exchange: 5-bit #5
+dhm_do_dhm:10:"23":1:10:"5":0
+
+## This is x_size = P_size + 1. Arguably x_size > P_size makes no sense,
+## but it's the current undocumented behavior to treat it the same as when
+## x_size = P_size. If this behavior changes in the future, change the expected
+## return status from 0 to MBEDTLS_ERR_DHM_BAD_INPUT_DATA.
+Diffie-Hellman full exchange: 97-bit, x_size=14
+dhm_do_dhm:10:"93450983094850938450983409623":14:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #3
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #4
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit #5
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=12
+dhm_do_dhm:10:"93450983094850938450983409623":12:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=11
+dhm_do_dhm:10:"93450983094850938450983409623":11:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #1
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #2
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #3
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #4
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 97-bit, x_size=1 #5
+dhm_do_dhm:10:"93450983094850938450983409623":1:10:"9345098304850938450983409622":0
+
+Diffie-Hellman full exchange: 286-bit
+dhm_do_dhm:10:"93450983094850938450983409623982317398171298719873918739182739712938719287391879381271":36:10:"9345098309485093845098340962223981329819812792137312973297123912791271":0
Diffie-Hellman small modulus
-dhm_do_dhm:10:"3":10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED
+dhm_do_dhm:10:"3":1:10:"5":MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED+MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Diffie-Hellman zero modulus
-dhm_do_dhm:10:"0":10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+dhm_do_dhm:10:"0":1:10:"5":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=0
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"0":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=-1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"-1":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P-1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P-2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409621":0
+
+Diffie-Hellman with G=P
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409623":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P+1
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409624":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
+
+Diffie-Hellman with G=P+2
+dhm_do_dhm:10:"93450983094850938450983409623":13:10:"93450983094850938450983409625":0
+
+Diffie-Hellman: x_size < 0
+dhm_do_dhm:10:"93450983094850938450983409623":-1:10:"9345098304850938450983409622":MBEDTLS_ERR_DHM_BAD_INPUT_DATA
Diffie-Hellman MPI_MAX_SIZE modulus
dhm_make_public:MBEDTLS_MPI_MAX_SIZE:10:"5":0
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 1726b9e..96ff2ac 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -1,5 +1,68 @@
/* BEGIN_HEADER */
#include "mbedtls/dhm.h"
+
+/* Sanity checks on a Diffie-Hellman parameter: check the length-value
+ * syntax and check that the value is the expected one (taken from the
+ * DHM context by the caller). */
+static int check_dhm_param_output( const mbedtls_mpi *expected,
+ const unsigned char *buffer,
+ size_t size,
+ size_t *offset )
+{
+ size_t n;
+ mbedtls_mpi actual;
+ int ok = 0;
+ mbedtls_mpi_init( &actual );
+
+ ++mbedtls_test_info.step;
+
+ TEST_ASSERT( size >= *offset + 2 );
+ n = ( buffer[*offset] << 8 ) | buffer[*offset + 1];
+ *offset += 2;
+ /* The DHM param output from Mbed TLS has leading zeros stripped, as
+ * permitted but not required by RFC 5246 \S4.4. */
+ TEST_EQUAL( n, mbedtls_mpi_size( expected ) );
+ TEST_ASSERT( size >= *offset + n );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &actual, buffer + *offset, n ) );
+ TEST_EQUAL( 0, mbedtls_mpi_cmp_mpi( expected, &actual ) );
+ *offset += n;
+
+ ok = 1;
+exit:
+ mbedtls_mpi_free( &actual );
+ return( ok );
+}
+
+/* Sanity checks on Diffie-Hellman parameters: syntax, range, and comparison
+ * against the context. */
+static int check_dhm_params( const mbedtls_dhm_context *ctx,
+ size_t x_size,
+ const unsigned char *ske, size_t ske_len )
+{
+ size_t offset = 0;
+
+ /* Check that ctx->X and ctx->GX are within range. */
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->X, 1 ) > 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_size( &ctx->X ) <= x_size );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &ctx->GX, 1 ) > 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx->GX, &ctx->P ) < 0 );
+
+ /* Check ske: it must contain P, G and G^X, each prefixed with a
+ * 2-byte size. */
+ if( !check_dhm_param_output( &ctx->P, ske, ske_len, &offset ) )
+ goto exit;
+ if( !check_dhm_param_output( &ctx->G, ske, ske_len, &offset ) )
+ goto exit;
+ if( !check_dhm_param_output( &ctx->GX, ske, ske_len, &offset ) )
+ goto exit;
+ TEST_EQUAL( offset, ske_len );
+
+ return( 1 );
+exit:
+ return( 0 );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -115,7 +178,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void dhm_do_dhm( int radix_P, char *input_P,
+void dhm_do_dhm( int radix_P, char *input_P, int x_size,
int radix_G, char *input_G, int result )
{
mbedtls_dhm_context ctx_srv;
@@ -129,7 +192,7 @@
size_t pub_cli_len = 0;
size_t sec_srv_len;
size_t sec_cli_len;
- int x_size, i;
+ int i;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_dhm_init( &ctx_srv );
@@ -143,19 +206,21 @@
/*
* Set params
*/
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 );
- x_size = mbedtls_mpi_size( &ctx_srv.P );
- pub_cli_len = x_size;
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx_srv.G, radix_G, input_G ) == 0 );
+ pub_cli_len = mbedtls_mpi_size( &ctx_srv.P );
/*
* First key exchange
*/
+ mbedtls_test_set_step( 10 );
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == result );
if ( result != 0 )
goto exit;
+ if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ goto exit;
ske[ske_len++] = 0;
ske[ske_len++] = 0;
@@ -179,6 +244,7 @@
/* Re-do calc_secret on server a few times to test update of blinding values */
for( i = 0; i < 3; i++ )
{
+ mbedtls_test_set_step( 20 + i );
sec_srv_len = 1000;
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv,
sizeof( sec_srv ), &sec_srv_len,
@@ -195,9 +261,12 @@
*/
p = ske;
+ mbedtls_test_set_step( 30 );
TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
+ if( !check_dhm_params( &ctx_srv, x_size, ske, ske_len ) )
+ goto exit;
ske[ske_len++] = 0;
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
@@ -238,7 +307,7 @@
TEST_ASSERT( mbedtls_mpi_shift_l( &P, ( P_bytes * 8 ) - 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &P, 0, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &G, radix_G, input_G ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &G, radix_G, input_G ) == 0 );
TEST_ASSERT( mbedtls_dhm_set_group( &ctx, &P, &G ) == 0 );
TEST_ASSERT( mbedtls_dhm_make_public( &ctx, (int) mbedtls_mpi_size( &P ),
@@ -262,8 +331,8 @@
mbedtls_dhm_init( &ctx );
mbedtls_mpi_init( &P ); mbedtls_mpi_init( &G );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, 16, p ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &G, 16, g ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, 16, p ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &G, 16, g ) == 0 );
TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 );
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index 3ab96fa..69197e6 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -240,6 +240,8 @@
rnd_info_A.buf = rnd_buf_A->x;
rnd_info_A.length = rnd_buf_A->len;
+ rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_A.fallback_p_rng = NULL;
/* Fix rnd_buf_A->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
@@ -256,6 +258,8 @@
rnd_info_B.buf = rnd_buf_B->x;
rnd_info_B.length = rnd_buf_B->len;
+ rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_B.fallback_p_rng = NULL;
/* Fix rnd_buf_B->x by shifting it left if necessary */
if( grp.nbits % 8 != 0 )
@@ -274,21 +278,21 @@
mbedtls_test_rnd_buffer_rand,
&rnd_info_A ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
mbedtls_test_rnd_buffer_rand,
&rnd_info_B ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, yB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &check, 16, z_str ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 );
@@ -362,9 +366,13 @@
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
+ rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_A.fallback_p_rng = NULL;
rnd_info_A.buf = dA->x;
rnd_info_A.length = dA->len;
+ rnd_info_B.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info_B.fallback_p_rng = NULL;
rnd_info_B.buf = dB->x;
rnd_info_B.length = dB->len;
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 8157234..d47bb4e 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -289,9 +289,11 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &Q, 16, xQ_str, yQ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
+ rnd_info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ rnd_info.fallback_p_rng = NULL;
rnd_info.buf = rnd_buf->x;
rnd_info.length = rnd_buf->len;
@@ -352,9 +354,9 @@
memset( hash, 0, sizeof( hash ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, d_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &r_check, 16, r_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &s_check, 16, s_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &r_check, 16, r_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &s_check, 16, s_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
@@ -583,7 +585,7 @@
memset( sig, 0, sizeof( sig ) );
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.d, 16, d_str ) == 0 );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 106791c..79912eb 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -36,13 +36,133 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_curve_info:MBEDTLS_ECP_DP_SECP192R1:19:192:"secp192r1"
-ECP check pubkey Montgomery #1 (too big)
+ECP check pubkey Curve25519 #1 (biggest)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
+
+ECP check pubkey Curve25519 #2 (too big)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"010000000000000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
-ECP check pubkey Montgomery #2 (biggest)
+ECP check pubkey Curve25519 #3 (DoS big)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
-ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"0100000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve25519 y ignored
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"2":"-1":"1":0
+
+ECP check pubkey Curve25519 z is not 1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"2":"0":"2":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve25519 x negative
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"-2":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #2
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"1":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #3 (let's call this u)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebe0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #4 (let's call this v)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"57119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c5f":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #5 p-1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #6 p
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #7 p+1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #8 p+u
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"80b8495f16056286fdb1329ceb8d09da6ac49ff1fae35616aeb8413b7c7aebcd":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #9 p+v
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"d7119fd0dd4e22d8868e1c58c45c44045bef839c55b1d0b1248c50a3bc959c4c":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #10 2p-1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffd9":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #11 2p
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffda":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+# see https://cr.yp.to/ecdh.html#validate
+ECP check pubkey Curve25519 low-order point #12 2p+1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdb":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 #1 (biggest)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":0
+
+ECP check pubkey Curve448 #2 (too big)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 #3 (DoS big)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"0100000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 y ignored
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"2":"-1":"1":0
+
+ECP check pubkey Curve448 z is not 1
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"2":"0":"2":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 x negative
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"-2":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 low-order point #1
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"0":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 low-order point #2
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"1":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 low-order point #3 p-1
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 low-order point #4 p
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
+
+ECP check pubkey Curve448 low-order point #5 p+1
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_check_pub:MBEDTLS_ECP_DP_CURVE448:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000000000000000000000000000000000000000000000000000":"0":"1":MBEDTLS_ERR_ECP_INVALID_KEY
ECP check pubkey Koblitz #1 (point not on curve)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -276,6 +396,42 @@
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
+ECP generate Montgomery key: Curve25519, random in range
+genkey_mx_known_answer:254:"9e020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3df0":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
+
+ECP generate Montgomery key: Curve25519, clear higher bit
+genkey_mx_known_answer:254:"ff0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8":"7f808101820283038404850586068707880889098a0a8b0b8c0c8d0d8e0e8f78"
+
+ECP generate Montgomery key: Curve25519, clear low bits
+genkey_mx_known_answer:254:"9e020406080a0c0e10121416181a1c1e20222426282a2c2e30323436383a3dff":"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1ef8"
+
+ECP generate Montgomery key: Curve25519, random = all-bits-zero
+genkey_mx_known_answer:254:"0000000000000000000000000000000000000000000000000000000000000000":"4000000000000000000000000000000000000000000000000000000000000000"
+
+ECP generate Montgomery key: Curve25519, random = all-bits-one
+genkey_mx_known_answer:254:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff8"
+
+ECP generate Montgomery key: Curve25519, not enough entropy
+genkey_mx_known_answer:254:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":""
+
+ECP generate Montgomery key: Curve448, random in range
+genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, set high bit
+genkey_mx_known_answer:447:"0f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc":"8f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, clear low bits
+genkey_mx_known_answer:447:"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536ff":"cf0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536fc"
+
+ECP generate Montgomery key: Curve448, random = all-bits-zero
+genkey_mx_known_answer:447:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+
+ECP generate Montgomery key: Curve448, random = all-bits-one
+genkey_mx_known_answer:447:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"
+
+ECP generate Montgomery key: Curve448, not enough entropy
+genkey_mx_known_answer:447:"4f0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30313233343536":""
+
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY:0
@@ -440,15 +596,15 @@
ECP point multiplication Curve25519 (element of order 2: origin) #3
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
-ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"00":"00":"01":"00":"01":"00":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"00":"00":"01":"00":"01":"00":MBEDTLS_ERR_ECP_INVALID_KEY
ECP point multiplication Curve25519 (element of order 4: 1) #4
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
-ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"01":"00":"01":"00":"01":"00":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"01":"00":"01":"00":"01":"00":MBEDTLS_ERR_ECP_INVALID_KEY
ECP point multiplication Curve25519 (element of order 8) #5
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
-ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"B8495F16056286FDB1329CEB8D09DA6AC49FF1FAE35616AEB8413B7C7AEBE0":"00":"01":"00":"01":"00":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"B8495F16056286FDB1329CEB8D09DA6AC49FF1FAE35616AEB8413B7C7AEBE0":"00":"01":"00":"01":"00":MBEDTLS_ERR_ECP_INVALID_KEY
ECP point multiplication rng fail secp256r1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 6d23377..538c648 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -15,6 +15,7 @@
#define ECP_PT_RESET( x ) \
mbedtls_ecp_point_free( x ); \
mbedtls_ecp_point_init( x );
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -385,6 +386,8 @@
TEST_ASSERT( by_id == by_name );
TEST_ASSERT( by_id->bit_size == size );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS );
+ TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 );
}
/* END_CASE */
@@ -400,9 +403,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret );
@@ -451,13 +454,13 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
@@ -535,13 +538,13 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &u1, 16, u1_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &u2, 16, u2_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xR, 16, xR_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yR, 16, yR_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &u1, 16, u1_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &u2, 16, u2_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xR, 16, xR_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yR, 16, yR_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q.X, 16, xQ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q.Y, 16, yQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q.X, 16, xQ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q.Y, 16, yQ_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_lset( &Q.Z, 1 ) == 0 );
mbedtls_ecp_set_max_ops( (unsigned) max_ops );
@@ -598,14 +601,14 @@
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yA, 16, yA_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yB, 16, yB_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xZ, 16, xZ_str ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yA, 16, yA_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yB, 16, yB_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xZ, 16, xZ_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &yZ, 16, yZ_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
@@ -653,11 +656,11 @@
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dA, 16, dA_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &dB, 16, dB_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xA, 16, xA_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xB, 16, xB_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dA, 16, dA_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dB, 16, dB_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xA, 16, xA_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xB, 16, xB_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &xS, 16, xS_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
@@ -793,6 +796,7 @@
TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
&grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, actual_result, sizeof( actual_result ) ) );
+ TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN );
ASSERT_COMPARE( expected_result->x, expected_result->len,
actual_result, len );
@@ -816,7 +820,7 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &R );
mbedtls_ecp_group_init( &grp );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, 16, N_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, 16, N_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( grp.modp != NULL );
@@ -855,15 +859,16 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P.Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_write_binary( &grp, &P, format,
&olen, buf, blen ) == ret );
if( ret == 0 )
{
+ TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN );
TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
}
@@ -886,9 +891,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &grp, &P, buf->x, buf->len ) == ret );
@@ -930,9 +935,9 @@
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Z, 16, z ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, x ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Z, 16, z ) == 0 );
TEST_ASSERT( mbedtls_ecp_tls_read_point( &grp, &P, &vbuf, buf->len ) == ret );
@@ -1067,7 +1072,7 @@
mbedtls_mpi_init( &d );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &d, 16, key_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &d, 16, key_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == ret );
@@ -1094,7 +1099,7 @@
if( id != MBEDTLS_ECP_DP_NONE )
TEST_ASSERT( mbedtls_ecp_group_load( &prv.grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.d, 16, d ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret );
@@ -1237,6 +1242,55 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED */
+void genkey_mx_known_answer( int bits, data_t *seed, data_t *expected )
+{
+ mbedtls_test_rnd_buf_info rnd_info;
+ mbedtls_mpi d;
+ int ret;
+ uint8_t *actual = NULL;
+
+ mbedtls_mpi_init( &d );
+ rnd_info.buf = seed->x;
+ rnd_info.length = seed->len;
+ rnd_info.fallback_f_rng = NULL;
+ rnd_info.fallback_p_rng = NULL;
+
+ ASSERT_ALLOC( actual, expected->len );
+
+ ret = mbedtls_ecp_gen_privkey_mx( bits, &d,
+ mbedtls_test_rnd_buffer_rand, &rnd_info );
+
+ if( expected->len == 0 )
+ {
+ /* Expecting an error (happens if there isn't enough randomness) */
+ TEST_ASSERT( ret != 0 );
+ }
+ else
+ {
+ TEST_EQUAL( ret, 0 );
+ TEST_EQUAL( (size_t) bits + 1, mbedtls_mpi_bitlen( &d ) );
+ TEST_EQUAL( 0, mbedtls_mpi_write_binary( &d, actual, expected->len ) );
+ /* Test the exact result. This assumes that the output of the
+ * RNG is used in a specific way, which is overly constraining.
+ * The advantage is that it's easier to test the expected properties
+ * of the generated key:
+ * - The most significant bit must be at a specific positions
+ * (can be enforced by checking the bit-length).
+ * - The least significant bits must have specific values
+ * (can be enforced by checking these bits).
+ * - Other bits must be random (by testing with different RNG outputs,
+ * we validate that those bits are indeed influenced by the RNG). */
+ ASSERT_COMPARE( expected->x, expected->len,
+ actual, expected->len );
+ }
+
+exit:
+ mbedtls_free( actual );
+ mbedtls_mpi_free( &d );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ecp_selftest( )
{
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index 59fd782..2addd23 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -68,13 +68,13 @@
mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
Test mpi_read_write_string #8 (Empty MPI hex -> hex)
-mpi_read_write_string:16:"":16:"00":4:0:0
+mpi_read_write_string:16:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
Test mpi_read_write_string #8 (Empty MPI dec -> hex)
-mpi_read_write_string:10:"":16:"00":4:0:0
+mpi_read_write_string:10:"":16:"":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> dec)
mpi_read_write_string:10:"":10:"0":4:0:0
@@ -121,6 +121,12 @@
Base test mbedtls_mpi_write_file #1
mbedtls_mpi_write_file:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"data_files/mpi_write"
+Test mbedtls_mpi_lsb: 0 (null)
+mbedtls_mpi_lsb:16:"":0
+
+Test mbedtls_mpi_lsb: 0 (1 limb)
+mbedtls_mpi_lsb:16:"0":0
+
Base test mbedtls_mpi_lsb #1
mbedtls_mpi_lsb:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":2
@@ -151,7 +157,10 @@
Base test mbedtls_mpi_bitlen #6
mbedtls_mpi_bitlen:10:"10":4
-Base test mbedtls_mpi_bitlen #7
+Base test mbedtls_mpi_bitlen: 0 (null)
+mbedtls_mpi_bitlen:10:"":0
+
+Base test mbedtls_mpi_bitlen: 0 (1 limb)
mbedtls_mpi_bitlen:10:"0":0
Base test mbedtls_mpi_cmp_int #1
@@ -199,6 +208,90 @@
Base test mbedtls_mpi_cmp_mpi (Mixed values) #6
mbedtls_mpi_cmp_mpi:10:"-2":10:"31231231289798":-1
+Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (null)
+mbedtls_mpi_cmp_mpi:10:"":10:"":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"":10:"0":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (null)
+mbedtls_mpi_cmp_mpi:10:"0":10:"":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"0":10:"0":0
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < positive
+mbedtls_mpi_cmp_mpi:10:"":10:"123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive
+mbedtls_mpi_cmp_mpi:10:"0":10:"123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > negative
+mbedtls_mpi_cmp_mpi:10:"":10:"-123":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative
+mbedtls_mpi_cmp_mpi:10:"0":10:"-123":1
+
+Test mbedtls_mpi_cmp_mpi: positive > 0 (null)
+mbedtls_mpi_cmp_mpi:10:"123":10:"":1
+
+Test mbedtls_mpi_cmp_mpi: positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"123":10:"0":1
+
+Test mbedtls_mpi_cmp_mpi: negative < 0 (null)
+mbedtls_mpi_cmp_mpi:10:"-123":10:"":-1
+
+Test mbedtls_mpi_cmp_mpi: negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:10:"-123":10:"0":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"":16:"0000000000000000123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"0":16:"0000000000000000123":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"":16:"-0000000000000000123":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative with leading zero limb
+mbedtls_mpi_cmp_mpi:16:"0":16:"-0000000000000000123":1
+
+Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (null)
+mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"":1
+
+Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"0000000000000000123":16:"0":1
+
+Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (null)
+mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"":-1
+
+Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"-0000000000000000123":16:"0":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) < large positive
+mbedtls_mpi_cmp_mpi:16:"":16:"1230000000000000000":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < large positive
+mbedtls_mpi_cmp_mpi:16:"0":16:"1230000000000000000":-1
+
+Test mbedtls_mpi_cmp_mpi: 0 (null) > large negative
+mbedtls_mpi_cmp_mpi:16:"":16:"-1230000000000000000":1
+
+Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > large negative
+mbedtls_mpi_cmp_mpi:16:"0":16:"-1230000000000000000":1
+
+Test mbedtls_mpi_cmp_mpi: large positive > 0 (null)
+mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"":1
+
+Test mbedtls_mpi_cmp_mpi: large positive > 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"1230000000000000000":16:"0":1
+
+Test mbedtls_mpi_cmp_mpi: large negative < 0 (null)
+mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"":-1
+
+Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb)
+mbedtls_mpi_cmp_mpi:16:"-1230000000000000000":16:"0":-1
+
Base test mbedtls_mpi_lt_mpi_ct #1
mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0
@@ -232,6 +325,9 @@
Base test mbedtls_mpi_lt_mpi_ct (Y is longer in storage)
mbedtls_mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+Base test mbedtls_mpi_lt_mpi_ct (length=0)
+mbedtls_mpi_lt_mpi_ct:0:"":0:"":0:0
+
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #1
mbedtls_mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0
@@ -304,7 +400,16 @@
Base test mbedtls_mpi_cmp_abs (Negative values) #3
mbedtls_mpi_cmp_abs:10:"-2":10:"-1":1
-Base test mbedtls_mpi_cmp_abs (Zero and Zero) #4
+Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (null)
+mbedtls_mpi_cmp_abs:10:"":10:"":0
+
+Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (1 limb)
+mbedtls_mpi_cmp_abs:10:"":10:"0":0
+
+Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (null)
+mbedtls_mpi_cmp_abs:10:"0":10:"":0
+
+Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (1 limb)
mbedtls_mpi_cmp_abs:10:"0":10:"0":0
Base test mbedtls_mpi_cmp_abs (Mix values) #1
@@ -316,84 +421,261 @@
Base test mbedtls_mpi_cmp_abs (Mix values) #3
mbedtls_mpi_cmp_abs:10:"-2":10:"1":1
-Copy zero (1 limb) to positive (1 limb)
-mbedtls_mpi_copy_sint:0:1500
+Copy large negative to large negative
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
-Copy zero (1 limb) to negative (1 limb)
-mbedtls_mpi_copy_sint:0:-1500
+Copy large negative to large positive
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
-Copy positive (1 limb) to zero (1 limb)
-mbedtls_mpi_copy_sint:1500:0
+Copy large negative to small negative
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-beef"
-Copy negative (1 limb) to zero (1 limb)
-mbedtls_mpi_copy_sint:-1500:0
+Copy large negative to small positive
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"beef"
-Copy positive (1 limb) to negative (1 limb)
-mbedtls_mpi_copy_sint:1500:-42
+Copy large negative to zero (1 limb)
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"0"
-Copy negative (1 limb) to positive (1 limb)
-mbedtls_mpi_copy_sint:-42:1500
+Copy large negative to zero (null)
+mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":""
+
+Copy large positive to large negative
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+
+Copy large positive to large positive
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+
+Copy large positive to small negative
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-beef"
+
+Copy large positive to small positive
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"beef"
+
+Copy large positive to zero (1 limb)
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"0"
+
+Copy large positive to zero (null)
+mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":""
+
+Copy small negative to large negative
+mbedtls_mpi_copy:"-bead":"-face1e55ca11ab1ecab005e5"
+
+Copy small negative to large positive
+mbedtls_mpi_copy:"-bead":"face1e55ca11ab1ecab005e5"
+
+Copy small negative to small negative
+mbedtls_mpi_copy:"-bead":"-beef"
+
+Copy small negative to small positive
+mbedtls_mpi_copy:"-bead":"beef"
+
+Copy small negative to zero (1 limb)
+mbedtls_mpi_copy:"-bead":"0"
+
+Copy small negative to zero (null)
+mbedtls_mpi_copy:"-bead":""
+
+Copy small positive to large negative
+mbedtls_mpi_copy:"bead":"-face1e55ca11ab1ecab005e5"
+
+Copy small positive to large positive
+mbedtls_mpi_copy:"bead":"face1e55ca11ab1ecab005e5"
+
+Copy small positive to small negative
+mbedtls_mpi_copy:"bead":"-beef"
+
+Copy small positive to small positive
+mbedtls_mpi_copy:"bead":"beef"
+
+Copy small positive to zero (1 limb)
+mbedtls_mpi_copy:"bead":"0"
+
+Copy small positive to zero (null)
+mbedtls_mpi_copy:"bead":""
+
+Copy zero (1 limb) to large negative
+mbedtls_mpi_copy:"0":"-face1e55ca11ab1ecab005e5"
+
+Copy zero (1 limb) to large positive
+mbedtls_mpi_copy:"0":"face1e55ca11ab1ecab005e5"
+
+Copy zero (1 limb) to small negative
+mbedtls_mpi_copy:"0":"-beef"
+
+Copy zero (1 limb) to small positive
+mbedtls_mpi_copy:"0":"beef"
+
+Copy zero (1 limb) to zero (1 limb)
+mbedtls_mpi_copy:"0":"0"
+
+Copy zero (1 limb) to zero (null)
+mbedtls_mpi_copy:"0":""
+
+Copy zero (null) to large negative
+mbedtls_mpi_copy:"":"-face1e55ca11ab1ecab005e5"
+
+Copy zero (null) to large positive
+mbedtls_mpi_copy:"":"face1e55ca11ab1ecab005e5"
+
+Copy zero (null) to small negative
+mbedtls_mpi_copy:"":"-beef"
+
+Copy zero (null) to small positive
+mbedtls_mpi_copy:"":"beef"
+
+Copy zero (null) to zero (1 limb)
+mbedtls_mpi_copy:"":"0"
Copy zero (null) to zero (null)
-mbedtls_mpi_copy_binary:"":""
+mbedtls_mpi_copy:"":""
-Copy zero (null) to positive (1 limb)
-mbedtls_mpi_copy_binary:"":"1234"
+Copy self: large negative
+mpi_copy_self:"-ca5cadedb01dfaceacc01ade"
-Copy positive (1 limb) to zero (null)
-mbedtls_mpi_copy_binary:"1234":""
+Copy self: large positive
+mpi_copy_self:"ca5cadedb01dfaceacc01ade"
-Copy positive to larger
-mbedtls_mpi_copy_binary:"bead":"ca5cadedb01dfaceacc01ade"
+Copy self: small negative
+mpi_copy_self:"-bead"
-Copy positive to smaller
-mbedtls_mpi_copy_binary:"ca5cadedb01dfaceacc01ade":"bead"
-
-Copy self: positive (1 limb)
-mpi_copy_self:14
+Copy self: small positive
+mpi_copy_self:"bead"
Copy self: zero (1 limb)
-mpi_copy_self:0
+mpi_copy_self:"0"
-Swap zero (1 limb) with positive (1 limb)
-mbedtls_mpi_swap_sint:0:1500
+Copy self: zero (null)
+mpi_copy_self:""
-Swap zero (1 limb) with negative (1 limb)
-mbedtls_mpi_swap_sint:0:-1500
+Swap large negative with large negative
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
-Swap positive (1 limb) with zero (1 limb)
-mbedtls_mpi_swap_sint:1500:0
+Swap large negative with large positive
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
-Swap negative (1 limb) with zero (1 limb)
-mbedtls_mpi_swap_sint:-1500:0
+Swap large negative with small negative
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-beef"
-Swap positive (1 limb) with negative (1 limb)
-mbedtls_mpi_swap_sint:1500:-42
+Swap large negative with small positive
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"beef"
-Swap negative (1 limb) with positive (1 limb)
-mbedtls_mpi_swap_sint:-42:1500
+Swap large negative with zero (1 limb)
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"0"
+
+Swap large negative with zero (null)
+mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":""
+
+Swap large positive with large negative
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+
+Swap large positive with large positive
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+
+Swap large positive with small negative
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-beef"
+
+Swap large positive with small positive
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"beef"
+
+Swap large positive with zero (1 limb)
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"0"
+
+Swap large positive with zero (null)
+mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":""
+
+Swap small negative with large negative
+mbedtls_mpi_swap:"-bead":"-face1e55ca11ab1ecab005e5"
+
+Swap small negative with large positive
+mbedtls_mpi_swap:"-bead":"face1e55ca11ab1ecab005e5"
+
+Swap small negative with small negative
+mbedtls_mpi_swap:"-bead":"-beef"
+
+Swap small negative with small positive
+mbedtls_mpi_swap:"-bead":"beef"
+
+Swap small negative with zero (1 limb)
+mbedtls_mpi_swap:"-bead":"0"
+
+Swap small negative with zero (null)
+mbedtls_mpi_swap:"-bead":""
+
+Swap small positive with large negative
+mbedtls_mpi_swap:"bead":"-face1e55ca11ab1ecab005e5"
+
+Swap small positive with large positive
+mbedtls_mpi_swap:"bead":"face1e55ca11ab1ecab005e5"
+
+Swap small positive with small negative
+mbedtls_mpi_swap:"bead":"-beef"
+
+Swap small positive with small positive
+mbedtls_mpi_swap:"bead":"beef"
+
+Swap small positive with zero (1 limb)
+mbedtls_mpi_swap:"bead":"0"
+
+Swap small positive with zero (null)
+mbedtls_mpi_swap:"bead":""
+
+Swap zero (1 limb) with large negative
+mbedtls_mpi_swap:"0":"-face1e55ca11ab1ecab005e5"
+
+Swap zero (1 limb) with large positive
+mbedtls_mpi_swap:"0":"face1e55ca11ab1ecab005e5"
+
+Swap zero (1 limb) with small negative
+mbedtls_mpi_swap:"0":"-beef"
+
+Swap zero (1 limb) with small positive
+mbedtls_mpi_swap:"0":"beef"
+
+Swap zero (1 limb) with zero (1 limb)
+mbedtls_mpi_swap:"0":"0"
+
+Swap zero (1 limb) with zero (null)
+mbedtls_mpi_swap:"0":""
+
+Swap zero (null) with large negative
+mbedtls_mpi_swap:"":"-face1e55ca11ab1ecab005e5"
+
+Swap zero (null) with large positive
+mbedtls_mpi_swap:"":"face1e55ca11ab1ecab005e5"
+
+Swap zero (null) with small negative
+mbedtls_mpi_swap:"":"-beef"
+
+Swap zero (null) with small positive
+mbedtls_mpi_swap:"":"beef"
+
+Swap zero (null) with zero (1 limb)
+mbedtls_mpi_swap:"":"0"
Swap zero (null) with zero (null)
-mbedtls_mpi_swap_binary:"":""
+mbedtls_mpi_swap:"":""
-Swap zero (null) with positive (1 limb)
-mbedtls_mpi_swap_binary:"":"1234"
+Swap self: large negative
+mpi_swap_self:"-ca5cadedb01dfaceacc01ade"
-Swap positive (1 limb) with zero (null)
-mbedtls_mpi_swap_binary:"1234":""
+Swap self: large positive
+mpi_swap_self:"ca5cadedb01dfaceacc01ade"
-Swap positive with larger
-mbedtls_mpi_swap_binary:"bead":"ca5cadedb01dfaceacc01ade"
+Swap self: small negative
+mpi_swap_self:"-bead"
-Swap positive with smaller
-mbedtls_mpi_swap_binary:"ca5cadedb01dfaceacc01ade":"bead"
+Swap self: small positive
+mpi_swap_self:"bead"
-Swap self: 1 limb
-mpi_swap_self:"face"
+Swap self: zero (1 limb)
+mpi_swap_self:"0"
-Swap self: null
+Swap self: zero (null)
mpi_swap_self:""
+Shrink 0 limbs in a buffer of size 0 to 0
+mbedtls_mpi_shrink:0:0:0:0
+
Shrink 2 limbs in a buffer of size 2 to 4
mbedtls_mpi_shrink:2:2:4:4
@@ -418,42 +700,6 @@
Shrink 0 limbs in a buffer of size 4 to 0 yielding 1
mbedtls_mpi_shrink:4:0:0:1
-Test mbedtls_mpi_safe_cond_assign #1
-mbedtls_mpi_safe_cond_assign:+1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #2
-mbedtls_mpi_safe_cond_assign:+1:"FF000000000000000001":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #3
-mbedtls_mpi_safe_cond_assign:+1:"01":+1:"FF000000000000000002"
-
-Test mbedtls_mpi_safe_cond_assign #4
-mbedtls_mpi_safe_cond_assign:+1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #5
-mbedtls_mpi_safe_cond_assign:-1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_assign #6
-mbedtls_mpi_safe_cond_assign:-1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #1
-mbedtls_mpi_safe_cond_swap:+1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #2
-mbedtls_mpi_safe_cond_swap:+1:"FF000000000000000001":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #3
-mbedtls_mpi_safe_cond_swap:+1:"01":+1:"FF000000000000000002"
-
-Test mbedtls_mpi_safe_cond_swap #4
-mbedtls_mpi_safe_cond_swap:+1:"01":-1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #5
-mbedtls_mpi_safe_cond_swap:-1:"01":+1:"02"
-
-Test mbedtls_mpi_safe_cond_swap #6
-mbedtls_mpi_safe_cond_swap:-1:"01":-1:"02"
-
Base test mbedtls_mpi_add_abs #1
mbedtls_mpi_add_abs:10:"12345678":10:"642531":10:"12988209"
@@ -466,6 +712,15 @@
Base test mbedtls_mpi_add_abs #4
mbedtls_mpi_add_abs:10:"-12345678":10:"-642531":10:"12988209"
+Test mbedtls_mpi_add_abs: 0 (null) + 0 (null)
+mbedtls_mpi_add_abs:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_add_abs: 0 (null) + 1
+mbedtls_mpi_add_abs:16:"":16:"01":16:"01"
+
+Test mbedtls_mpi_add_abs: 1 + 0 (null)
+mbedtls_mpi_add_abs:16:"01":16:"":16:"01"
+
Test mbedtls_mpi_add_abs #1
mbedtls_mpi_add_abs:10:"-643808006803554439230129854961492699151386107534013432918073439524138264842370630061369715394739134090922937332590384720397133335969549256322620979036686633213903952966175107096769180017646161851573147596390153":10:"56125680981752282333498088313568935051383833838594899821664631784577337171193624243181360054669678410455329112434552942717084003541384594864129940145043086760031292483340068923506115878221189886491132772739661669044958531131327771":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
@@ -487,6 +742,21 @@
Base test mbedtls_mpi_add_mpi #4
mbedtls_mpi_add_mpi:10:"-12345678":10:"-642531":10:"-12988209"
+Test mbedtls_mpi_add_mpi: 0 (null) + 0 (null)
+mbedtls_mpi_add_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_add_mpi: 0 (null) + 1
+mbedtls_mpi_add_mpi:16:"":16:"01":16:"01"
+
+Test mbedtls_mpi_add_mpi: 1 + 0 (null)
+mbedtls_mpi_add_mpi:16:"01":16:"":16:"01"
+
+Test mbedtls_mpi_add_mpi: 0 (null) + -1
+mbedtls_mpi_add_mpi:16:"":16:"-01":16:"-01"
+
+Test mbedtls_mpi_add_mpi: -1 + 0 (null)
+mbedtls_mpi_add_mpi:16:"-01":16:"":16:"-01"
+
Test mbedtls_mpi_add_mpi #1
mbedtls_mpi_add_mpi:10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"735829167410606161590850601304167976688497607296479119740072111384235241328747126510065763883532084601487937110881909725679916932621242907172467691556475037071866553361927361439411910627880345885122142692610250903804554267860479115964668998643528806263534149325837971432443181537363155848647445226342"
@@ -508,6 +778,12 @@
Test mbedtls_mpi_add_int #2
mbedtls_mpi_add_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097"
+Test mbedtls_mpi_add_int: 0 (null) + 0
+mbedtls_mpi_add_int:16:"":0:16:"0"
+
+Test mbedtls_mpi_add_int: 0 (null) + 1
+mbedtls_mpi_add_int:16:"":1:16:"1"
+
Base test mbedtls_mpi_sub_abs #1 (|B| > |A|)
mbedtls_mpi_sub_abs:10:"5":10:"7":10:"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
@@ -544,6 +820,24 @@
Base test mbedtls_mpi_sub_abs #4
mbedtls_mpi_sub_abs:10:"7":10:"-5":10:"2":0
+Test mbedtls_mpi_sub_abs: 0 (null) - 0 (null)
+mbedtls_mpi_sub_abs:16:"":16:"":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (null) - 0 (1 limb)
+mbedtls_mpi_sub_abs:16:"":16:"00":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (null)
+mbedtls_mpi_sub_abs:16:"00":16:"":16:"":0
+
+Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (1 limb)
+mbedtls_mpi_sub_abs:16:"00":16:"00":16:"":0
+
+Test mbedtls_mpi_sub_abs: 1 - 0 (null)
+mbedtls_mpi_sub_abs:16:"01":16:"":16:"01":0
+
+Test mbedtls_mpi_sub_abs: 0 (null) - 1
+mbedtls_mpi_sub_abs:16:"":16:"01":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Test mbedtls_mpi_sub_abs #1
mbedtls_mpi_sub_abs:16:"FFFFFFFFFF":16:"01":16:"FFFFFFFFFE":0
@@ -568,6 +862,27 @@
Base test mbedtls_mpi_sub_mpi #4 (Test with negative subtraction)
mbedtls_mpi_sub_mpi:10:"5":10:"-7":10:"12"
+Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (null)
+mbedtls_mpi_sub_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (1 limb)
+mbedtls_mpi_sub_mpi:16:"":16:"00":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - 1
+mbedtls_mpi_sub_mpi:16:"":16:"1":16:"-1"
+
+Test mbedtls_mpi_sub_mpi: 0 (null) - -1
+mbedtls_mpi_sub_mpi:16:"":16:"-1":16:"1"
+
+Test mbedtls_mpi_sub_mpi: 0 (1 limb) - 0 (null)
+mbedtls_mpi_sub_mpi:16:"00":16:"":16:"0"
+
+Test mbedtls_mpi_sub_mpi: 1 - 0 (null)
+mbedtls_mpi_sub_mpi:16:"1":16:"":16:"1"
+
+Test mbedtls_mpi_sub_mpi: -1 - 0 (null)
+mbedtls_mpi_sub_mpi:16:"-1":16:"":16:"-1"
+
Test mbedtls_mpi_sub_mpi #1
mbedtls_mpi_sub_mpi:10:"531872289054204184185084734375133399408303613982130856645299464930952178606045848877129147820387996428175564228204785846141207532462936339834139412401975338705794646595487324365194792822189473092273993580587964571659678084484152603881094176995594813302284232006001752128168901293560051833646881436219":10:"203956878356401977405765866929034577280193993314348263094772646453283062722701277632936616063144088173312372882677123879538709400158306567338328279154499698366071906766440037074217117805690872792848149112022286332144876183376326512083574821647933992961249917319836219304274280243803104015000563790123":10:"327915410697802206779318867446098822128109620667782593550526818477669115883344571244192531757243908254863191345527661966602498132304629772495811133247475640339722739829047287290977675016498600299425844468565678239514801901107826091797519355347660820341034314686165532823894621049756947818646317646096"
@@ -580,12 +895,30 @@
Test mbedtls_mpi_sub_int #2
mbedtls_mpi_sub_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227002905097"
+Test mbedtls_mpi_sub_int: 0 (null) - 0
+mbedtls_mpi_sub_int:16:"":0:16:"0"
+
+Test mbedtls_mpi_sub_int: 0 (null) - 1
+mbedtls_mpi_sub_int:16:"":1:16:"-1"
+
+Test mbedtls_mpi_sub_int: 0 (null) - -1
+mbedtls_mpi_sub_int:16:"":-1:16:"1"
+
Test mbedtls_mpi_shift_l #1
mbedtls_mpi_shift_l:10:"64":1:10:"128"
Test mbedtls_mpi_shift_l #2
mbedtls_mpi_shift_l:10:"658385546911733550164516088405238961461880256029834598831972039469421755117818013653494814438931957316403111689187691446941406788869098983929874080332195117465344344350008880118042764943201875870917468833709791733282363323948005998269792207":37:10:"90487820548639020691922304619723076305400961610119884872723190678642804168382367856686134531865643066983017249846286450251272364365605022750900439437595355052945035915579216557330505438734955340526145476988250171181404966718289259743378883640981192704"
+Test mbedtls_mpi_shift_l: 0 (null) <<= 0
+mbedtls_mpi_shift_l:16:"":0:16:"0"
+
+Test mbedtls_mpi_shift_l: 0 (null) <<= 1
+mbedtls_mpi_shift_l:16:"":1:16:"0"
+
+Test mbedtls_mpi_shift_l: 0 (null) <<= 64
+mbedtls_mpi_shift_l:16:"":64:16:"0"
+
Test mbedtls_mpi_shift_r #1
mbedtls_mpi_shift_r:10:"128":1:10:"64"
@@ -604,6 +937,15 @@
Test mbedtls_mpi_shift_r #7
mbedtls_mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00"
+Test mbedtls_mpi_shift_r: 0 (null) >>= 0
+mbedtls_mpi_shift_r:16:"":0:16:"0"
+
+Test mbedtls_mpi_shift_r: 0 (null) >>= 1
+mbedtls_mpi_shift_r:16:"":1:16:"0"
+
+Test mbedtls_mpi_shift_r: 0 (null) >>= 64
+mbedtls_mpi_shift_r:16:"":64:16:"0"
+
Base test mbedtls_mpi_mul_mpi #1
mbedtls_mpi_mul_mpi:10:"5":10:"7":10:"35"
@@ -616,8 +958,131 @@
Base test mbedtls_mpi_mul_mpi #4
mbedtls_mpi_mul_mpi:10:"-5":10:"-7":10:"35"
+Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (null)
+mbedtls_mpi_mul_mpi:16:"":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (1 limb)
+mbedtls_mpi_mul_mpi:16:"":16:"00":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * 1
+mbedtls_mpi_mul_mpi:16:"":16:"01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (null) * -1
+mbedtls_mpi_mul_mpi:16:"":16:"-01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1
+mbedtls_mpi_mul_mpi:16:"00":16:"-01":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null)
+mbedtls_mpi_mul_mpi:16:"00":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: 1 * 0 (null)
+mbedtls_mpi_mul_mpi:16:"01":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: -1 * 0 (null)
+mbedtls_mpi_mul_mpi:16:"-01":16:"":16:"0"
+
+Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb)
+mbedtls_mpi_mul_mpi:16:"-01":16:"00":16:"0"
+
Test mbedtls_mpi_mul_mpi #1
-mbedtls_mpi_mul_mpi:10:"28911710017320205966167820725313234361535259163045867986277478145081076845846493521348693253530011243988160148063424837895971948244167867236923919506962312185829914482993478947657472351461336729641485069323635424692930278888923450060546465883490944265147851036817433970984747733020522259537":10:"16471581891701794764704009719057349996270239948993452268812975037240586099924712715366967486587417803753916334331355573776945238871512026832810626226164346328807407669366029926221415383560814338828449642265377822759768011406757061063524768140567867350208554439342320410551341675119078050953":10:"476221599179424887669515829231223263939342135681791605842540429321038144633323941248706405375723482912535192363845116154236465184147599697841273424891410002781967962186252583311115708128167171262206919514587899883547279647025952837516324649656913580411611297312678955801899536937577476819667861053063432906071315727948826276092545739432005962781562403795455162483159362585281248265005441715080197800335757871588045959754547836825977169125866324128449699877076762316768127816074587766799018626179199776188490087103869164122906791440101822594139648973454716256383294690817576188761"
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, B < 0
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, B < 0
+mbedtls_mpi_mul_mpi:16:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, B < 0
+mbedtls_mpi_mul_mpi:16:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+
+Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0, B < 0
+mbedtls_mpi_mul_mpi:16:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":16:"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":16:"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_int #1
mbedtls_mpi_mul_int:10:"2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"=="
@@ -631,15 +1096,45 @@
Test mbedtls_mpi_mul_int #4 (Unsigned, thus failure)
mbedtls_mpi_mul_int:10:"-2039568783564019774057658669290345772801939933143482630947726464532830627227012776329":-9871232:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":"!="
+Test mbedtls_mpi_mul_int: 0 (null) * 0
+mbedtls_mpi_mul_int:16:"":0:16:"":"=="
+
+Test mbedtls_mpi_mul_int: 0 (null) * 1
+mbedtls_mpi_mul_int:16:"":1:16:"":"=="
+
+Test mbedtls_mpi_mul_int: 0 (null) * 0x1234
+mbedtls_mpi_mul_int:16:"":0x1234:16:"":"=="
+
Base test mbedtls_mpi_div_mpi #1
mbedtls_mpi_div_mpi:10:"1000":10:"13":10:"76":10:"12":0
-Base test mbedtls_mpi_div_mpi #2 (Divide by zero)
+Base test mbedtls_mpi_div_mpi #2 (Divide by zero (1 limb))
mbedtls_mpi_div_mpi:10:"1000":10:"0":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+Base test mbedtls_mpi_div_mpi #2 (Divide by zero (null))
+mbedtls_mpi_div_mpi:10:"1000":10:"":10:"1":10:"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
Base test mbedtls_mpi_div_mpi #3
mbedtls_mpi_div_mpi:10:"1000":10:"-13":10:"-76":10:"12":0
+Test mbedtls_mpi_div_mpi: 0 (null) / 0 (null)
+mbedtls_mpi_div_mpi:16:"":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (null) / 0 (1 limb)
+mbedtls_mpi_div_mpi:16:"":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (null)
+mbedtls_mpi_div_mpi:16:"0":16:"":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (1 limb)
+mbedtls_mpi_div_mpi:16:"0":16:"0":16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_mpi: 0 (null) / 1
+mbedtls_mpi_div_mpi:16:"":16:"1":16:"":16:"":0
+
+Test mbedtls_mpi_div_mpi: 0 (null) / -1
+mbedtls_mpi_div_mpi:16:"":16:"-1":16:"":16:"":0
+
Test mbedtls_mpi_div_mpi #1
mbedtls_mpi_div_mpi:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":10:"34":10:"592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0
@@ -667,10 +1162,22 @@
Test mbedtls_mpi_div_int #2
mbedtls_mpi_div_int:10:"20133056642518226042310730101376278483547239130123806338055387803943342738063359782107667328":-34:10:"-592148724779947824773845002981655249516095268533053127589864347174804198178334111238460803":10:"26":0
+Test mbedtls_mpi_div_int: 0 (null) / 0
+mbedtls_mpi_div_int:16:"":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_int: 0 (1 limb) / 0
+mbedtls_mpi_div_int:16:"00":0:16:"":16:"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Test mbedtls_mpi_div_int: 0 (null) / 1
+mbedtls_mpi_div_int:16:"":1:16:"":16:"":0
+
Base test mbedtls_mpi_mod_mpi #1
mbedtls_mpi_mod_mpi:10:"1000":10:"13":10:"12":0
-Base test mbedtls_mpi_mod_mpi #2 (Divide by zero)
+Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (null))
+mbedtls_mpi_mod_mpi:10:"1000":10:"":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+
+Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (1 limb))
mbedtls_mpi_mod_mpi:10:"1000":10:"0":10:"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_mpi #3
@@ -682,6 +1189,12 @@
Base test mbedtls_mpi_mod_mpi #5 (Negative modulo)
mbedtls_mpi_mod_mpi:10:"-1000":10:"-13":10:"-12":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+Test mbedtls_mpi_mod_mpi: 0 (null) % 1
+mbedtls_mpi_mod_mpi:16:"":16:"1":16:"":0
+
+Test mbedtls_mpi_mod_mpi: 0 (null) % -1
+mbedtls_mpi_mod_mpi:16:"":16:"-1":16:"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Base test mbedtls_mpi_mod_int #1
mbedtls_mpi_mod_int:10:"1000":13:12:0
@@ -706,23 +1219,74 @@
Base test mbedtls_mpi_mod_int #8 (By 2)
mbedtls_mpi_mod_int:10:"1000":2:0:0
+Test mbedtls_mpi_mod_int: 0 (null) % 1
+mbedtls_mpi_mod_int:16:"":1:0:0
+
+Test mbedtls_mpi_mod_int: 0 (null) % -1
+mbedtls_mpi_mod_int:16:"":-1:0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+
Base test mbedtls_mpi_exp_mod #1
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"":10:"24":0
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"29":10:"24":0
Base test mbedtls_mpi_exp_mod #2 (Even N)
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"30":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Base test mbedtls_mpi_exp_mod #2 (N = 0 (null))
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #3 (Negative N)
-mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"13":10:"-29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #4 (Negative base)
-mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"":10:"5":0
+mbedtls_mpi_exp_mod:10:"-23":10:"13":10:"29":10:"5":0
Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
-mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent)
-mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mbedtls_mpi_exp_mod:10:"-23":10:"-13":10:"29":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 1 mod 9
+mbedtls_mpi_exp_mod:16:"":16:"01":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (null) ^ 2 mod 9
+mbedtls_mpi_exp_mod:16:"":16:"02":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 1 mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"01":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 2 mod 9
+mbedtls_mpi_exp_mod:16:"00":16:"02":16:"09":16:"":0
+
+Test mbedtls_mpi_exp_mod: 1 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"01":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 4 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"04":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 10 ^ 0 (null) mod 9
+mbedtls_mpi_exp_mod:16:"0a":16:"":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 1 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"01":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 4 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"04":16:"00":16:"09":16:"1":0
+
+Test mbedtls_mpi_exp_mod: 10 ^ 0 (1 limb) mod 9
+mbedtls_mpi_exp_mod:16:"0a":16:"00":16:"09":16:"1":0
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent
mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:10:"":0
@@ -744,14 +1308,14 @@
Test mbedtls_mpi_exp_mod #1
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
+mbedtls_mpi_exp_mod:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"583137007797276923956891216216022144052044091311388601652961409557516421612874571554415606746479105795833145583959622117418531166391184939066520869800857530421873250114773204354963864729386957427276448683092491947566992077136553066273207777134303397724679138833126700957":10:"114597449276684355144920670007147953232659436380163461553186940113929777196018164149703566472936578890991049344459204199888254907113495794730452699842273939581048142004834330369483813876618772578869083248061616444392091693787039636316845512292127097865026290173004860736":0
Test mbedtls_mpi_exp_mod (Negative base) [#1]
-mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"":10:"1":0
+mbedtls_mpi_exp_mod:10:"-10000000000":10:"10000000000":10:"99999":10:"1":0
Test mbedtls_mpi_exp_mod (Negative base) [#2]
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
+mbedtls_mpi_exp_mod:16:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":16:"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":16:"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":16:"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
Base test GCD #1
mbedtls_mpi_gcd:10:"693":10:"609":10:"21"
@@ -762,24 +1326,105 @@
Base test GCD #3
mbedtls_mpi_gcd:10:"768454923":10:"542167814":10:"1"
-Test GCD #1
+Test GCD: 0 (null), 0 (null)
+mbedtls_mpi_gcd:16:"":16:"":16:"0"
+
+Test GCD: 0 (null), 0 (1 limb)
+mbedtls_mpi_gcd:16:"":16:"00":16:"0"
+
+Test GCD: 0 (null), 3
+mbedtls_mpi_gcd:16:"":16:"03":16:"3"
+
+Test GCD: 0 (null), 6
+mbedtls_mpi_gcd:16:"":16:"06":16:"6"
+
+Test GCD: 0 (1 limb), 0 (null)
+mbedtls_mpi_gcd:16:"00":16:"":16:"0"
+
+Test GCD: 0 (1 limb), 3
+mbedtls_mpi_gcd:16:"00":16:"03":16:"3"
+
+Test GCD: 0 (1 limb), 6
+mbedtls_mpi_gcd:16:"00":16:"06":16:"6"
+
+Test GCD: 3, 0 (null)
+mbedtls_mpi_gcd:16:"03":16:"":16:"3"
+
+Test GCD: 3, 0 (1 limb)
+mbedtls_mpi_gcd:16:"03":16:"00":16:"3"
+
+Test GCD: 6, 0 (null)
+mbedtls_mpi_gcd:16:"06":16:"":16:"6"
+
+Test GCD: 6, 0 (1 limb)
+mbedtls_mpi_gcd:16:"06":16:"00":16:"6"
+
+Test GCD: gcd=1, 0 < A < B
mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+Test GCD: gcd=1, 0 < B < A
+mbedtls_mpi_gcd:10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"1"
+
+Test GCD: gcd=1, A > 0, B < 0
+mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=1, A < 0 < B, |A| < |B|
+mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=1, B < A < 0
+mbedtls_mpi_gcd:10:"-433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"-5781538327977828897150909166778407659250458379645823062042492461576758526757490910073628008613977550546382774775570888130029763571528699574717583228939535960234464230882573615930384979100379102915657483866755371559811718767760594919456971354184113721":10:"1"
+
+Test GCD: gcd=2, 0 < A < B
+mbedtls_mpi_gcd:10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"2"
+
+Test GCD: gcd=2, 0 < B < A
+mbedtls_mpi_gcd:10:"11563076655955657794301818333556815318500916759291646124084984923153517053514981820147256017227955101092765549551141776260059527143057399149435166457879071920468928461765147231860769958200758205831314967733510743119623437535521189838913942708368227442":10:"866038481820754956434747145919120219639297294032193121047538021762345738166676571147513149114791725930190032967735626087327963892955396933002903664815184654712662526249110275464787876484571564289857507839177265358101598397874265844290169694":10:"2"
+
+Test GCD: gcd=3, 0 < A < B
+mbedtls_mpi_gcd:10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"3"
+
+Test GCD: gcd=3, 0 < B < A
+mbedtls_mpi_gcd:10:"17344614983933486691452727500335222977751375138937469186127477384730275580272472730220884025841932651639148324326712664390089290714586098724152749686818607880703392692647720847791154937301137308746972451600266114679435156303281784758370914062552341163":10:"1299057722731132434652120718878680329458945941048289681571307032643518607250014856721269723672187588895285049451603439130991945839433095399504355497222776982068993789373665413197181814726857346434786261758765898037152397596811398766435254541":10:"3"
+
+Test GCD: gcd=4, 0 < A < B
+mbedtls_mpi_gcd:10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"4"
+
+Test GCD: gcd=4, 0 < B < A
+mbedtls_mpi_gcd:10:"23126153311911315588603636667113630637001833518583292248169969846307034107029963640294512034455910202185531099102283552520119054286114798298870332915758143840937856923530294463721539916401516411662629935467021486239246875071042379677827885416736454884":10:"1732076963641509912869494291838240439278594588064386242095076043524691476333353142295026298229583451860380065935471252174655927785910793866005807329630369309425325052498220550929575752969143128579715015678354530716203196795748531688580339388":10:"4"
+
+Test GCD: gcd=6, 0 < A < B
+mbedtls_mpi_gcd:10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"6"
+
+Test GCD: gcd=6, 0 < B < A
+mbedtls_mpi_gcd:10:"34689229967866973382905455000670445955502750277874938372254954769460551160544945460441768051683865303278296648653425328780178581429172197448305499373637215761406785385295441695582309874602274617493944903200532229358870312606563569516741828125104682326":10:"2598115445462264869304241437757360658917891882096579363142614065287037214500029713442539447344375177790570098903206878261983891678866190799008710994445553964137987578747330826394363629453714692869572523517531796074304795193622797532870509082":10:"6"
+
+Test GCD: 0 < A = B
+mbedtls_mpi_gcd:10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847":10:"433019240910377478217373572959560109819648647016096560523769010881172869083338285573756574557395862965095016483867813043663981946477698466501451832407592327356331263124555137732393938242285782144928753919588632679050799198937132922145084847"
+
Base test mbedtls_mpi_inv_mod #1
mbedtls_mpi_inv_mod:10:"3":10:"11":10:"4":0
-Base test mbedtls_mpi_inv_mod #2
+Test mbedtls_mpi_inv_mod: mod 0 (null)
+mbedtls_mpi_inv_mod:10:"3":10:"":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+Test mbedtls_mpi_inv_mod: mod 0 (1 limb)
mbedtls_mpi_inv_mod:10:"3":10:"0":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-Base test mbedtls_mpi_inv_mod #3
+Test mbedtls_mpi_inv_mod: mod negative
mbedtls_mpi_inv_mod:10:"3":10:"-11":10:"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
-Base test mbedtls_mpi_inv_mod #4
+Test mbedtls_mpi_inv_mod: 2^-1 mod 4
mbedtls_mpi_inv_mod:10:"2":10:"4":10:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
-Base test mbedtls_mpi_inv_mod #5
+Test mbedtls_mpi_inv_mod: mod 1
mbedtls_mpi_inv_mod:10:"3":10:"1":10:"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+Test mbedtls_mpi_inv_mod: 0 (null) ^-1
+mbedtls_mpi_inv_mod:16:"":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+
+Test mbedtls_mpi_inv_mod: 0 (1 limb) ^-1
+mbedtls_mpi_inv_mod:16:"00":16:"11":16:"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+
Test mbedtls_mpi_inv_mod #1
mbedtls_mpi_inv_mod:16:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":16:"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":16:"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0
@@ -964,6 +1609,9 @@
Test bit getting (Larger and non-existing limb)
mbedtls_mpi_get_bit:10:"49979687":500:0
+Test bit getting in 0 (null)
+mbedtls_mpi_get_bit:10:"":500:0
+
Test bit getting (Value bit 24)
mbedtls_mpi_get_bit:10:"49979687":24:0
@@ -982,6 +1630,12 @@
Test bit set (Add above existing limbs with a 1)
mbedtls_mpi_set_bit:10:"49979687":80:1:10:"1208925819614629224685863":0
+Test bit set (Add to 0 (null) with a 0)
+mbedtls_mpi_set_bit:16:"":65:0:16:"":0
+
+Test bit set (Add to 0 (null) with a 1)
+mbedtls_mpi_set_bit:16:"":65:1:16:"020000000000000000":0
+
Test bit set (Bit index larger than 31 with a 0)
mbedtls_mpi_set_bit:16:"FFFFFFFFFFFFFFFF":32:0:16:"FFFFFFFEFFFFFFFF":0
@@ -992,46 +1646,246 @@
mbedtls_mpi_set_bit:16:"00":5:2:16:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Fill random: 0 bytes
-mpi_fill_random:0:0:0
+mpi_fill_random:0:0:0:0
Fill random: 1 byte, good
-mpi_fill_random:1:1:0
+mpi_fill_random:1:1:0:0
Fill random: 2 bytes, good, no leading zero
-mpi_fill_random:2:2:0
+mpi_fill_random:2:2:0:0
Fill random: 2 bytes, good, 1 leading zero
-mpi_fill_random:2:256:0
+mpi_fill_random:2:256:0:0
Fill random: MAX_SIZE - 7, good
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE - 7:MBEDTLS_MPI_MAX_SIZE - 7:0:0
Fill random: MAX_SIZE, good
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:0:0
+
+Fill random: 0 bytes, previously small >0
+mpi_fill_random:0:0:1:0
+
+Fill random: 0 bytes, previously small <0
+mpi_fill_random:0:0:-1:0
+
+Fill random: 0 bytes, previously large >0
+mpi_fill_random:0:0:65:0
+
+Fill random: 0 bytes, previously large <0
+mpi_fill_random:0:0:-65:0
+
+Fill random: 1 byte, previously small >0
+mpi_fill_random:1:1:1:0
+
+Fill random: 1 byte, previously small <0
+mpi_fill_random:1:1:-1:0
+
+Fill random: 1 byte, previously large >0
+mpi_fill_random:1:1:65:0
+
+Fill random: 1 byte, previously large <0
+mpi_fill_random:1:1:-65:0
+
+Fill random: 9 bytes, previously small >0
+mpi_fill_random:1:1:1:0
+
+Fill random: 9 bytes, previously small <0
+mpi_fill_random:1:1:-1:0
Fill random: 1 byte, RNG failure
-mpi_fill_random:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:1:0:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 2 bytes, RNG failure after 1 byte
-mpi_fill_random:2:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:2:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 4 bytes, RNG failure after 3 bytes
-mpi_fill_random:4:3:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:4:3:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 8 bytes, RNG failure after 7 bytes
-mpi_fill_random:8:7:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:8:7:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 1 bytes
-mpi_fill_random:16:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 8 bytes
-mpi_fill_random:16:8:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:8:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: 16 bytes, RNG failure after 15 bytes
-mpi_fill_random:16:15:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:16:15:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
Fill random: MAX_SIZE bytes, RNG failure after MAX_SIZE-1 bytes
-mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+mpi_fill_random:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE-1:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
+
+MPI random in range: 1..2
+mpi_random_many:1:"02":1000
+
+MPI random in range: 1..3
+mpi_random_many:1:"03":1000
+
+MPI random in range: 1..4
+mpi_random_many:1:"04":1000
+
+MPI random in range: 1..5
+mpi_random_many:1:"05":1000
+
+MPI random in range: 1..6
+mpi_random_many:1:"06":1000
+
+MPI random in range: 1..7
+mpi_random_many:1:"07":1000
+
+MPI random in range: 1..8
+mpi_random_many:1:"08":1000
+
+MPI random in range: 1..9
+mpi_random_many:1:"09":1000
+
+MPI random in range: 1..10
+mpi_random_many:1:"0a":1000
+
+MPI random in range: 1..11
+mpi_random_many:1:"0b":1000
+
+MPI random in range: 1..12
+mpi_random_many:1:"0c":1000
+
+MPI random in range: 1..255
+mpi_random_many:1:"ff":100
+
+MPI random in range: 1..256
+mpi_random_many:1:"0100":100
+
+MPI random in range: 1..257
+mpi_random_many:1:"0101":100
+
+MPI random in range: 1..272
+mpi_random_many:1:"0110":100
+
+MPI random in range: 1..2^64-1
+mpi_random_many:1:"ffffffffffffffff":100
+
+MPI random in range: 1..2^64
+mpi_random_many:1:"010000000000000000":100
+
+MPI random in range: 1..2^64+1
+mpi_random_many:1:"010000000000000001":100
+
+MPI random in range: 1..2^64+2^63
+mpi_random_many:1:"018000000000000000":100
+
+MPI random in range: 1..2^65-1
+mpi_random_many:1:"01ffffffffffffffff":100
+
+MPI random in range: 1..2^65
+mpi_random_many:1:"020000000000000000":100
+
+MPI random in range: 1..2^65+1
+mpi_random_many:1:"020000000000000001":100
+
+MPI random in range: 1..2^65+2^64
+mpi_random_many:1:"030000000000000000":100
+
+MPI random in range: 1..2^66+2^65
+mpi_random_many:1:"060000000000000000":100
+
+MPI random in range: 1..2^71-1
+mpi_random_many:1:"7fffffffffffffffff":100
+
+MPI random in range: 1..2^71
+mpi_random_many:1:"800000000000000000":100
+
+MPI random in range: 1..2^71+1
+mpi_random_many:1:"800000000000000001":100
+
+MPI random in range: 1..2^71+2^70
+mpi_random_many:1:"c00000000000000000":100
+
+MPI random in range: 1..2^72-1
+mpi_random_many:1:"ffffffffffffffffff":100
+
+MPI random in range: 1..2^72
+mpi_random_many:1:"01000000000000000000":100
+
+MPI random in range: 1..2^72+1
+mpi_random_many:1:"01000000000000000001":100
+
+MPI random in range: 1..2^72+2^71
+mpi_random_many:1:"01800000000000000000":100
+
+MPI random in range: 0..1
+mpi_random_many:0:"04":10000
+
+MPI random in range: 0..4
+mpi_random_many:0:"04":10000
+
+MPI random in range: 2..4
+mpi_random_many:2:"04":10000
+
+MPI random in range: 3..4
+mpi_random_many:3:"04":10000
+
+MPI random in range: smaller result
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaabbbbbbbbbbbbbbbb":1:0
+
+MPI random in range: same size result (32-bit limbs)
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":2:0
+
+MPI random in range: same size result (64-bit limbs)
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":1:0
+
+MPI random in range: larger result
+mpi_random_sizes:1:"aaaaaaaaaaaaaaaa":3:0
+
+## The "0 limb in upper bound" tests rely on the fact that
+## mbedtls_mpi_read_binary() bases the size of the MPI on the size of
+## the input, without first checking for leading zeros. If this was
+## not the case, the tests would still pass, but would not exercise
+## the advertised behavior.
+MPI random in range: leading 0 limb in upper bound #0
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":0:0
+
+MPI random in range: leading 0 limb in upper bound #1
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":1:0
+
+MPI random in range: leading 0 limb in upper bound #2
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":2:0
+
+MPI random in range: leading 0 limb in upper bound #3
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":3:0
+
+MPI random in range: leading 0 limb in upper bound #4
+mpi_random_sizes:1:"00aaaaaaaaaaaaaaaa":4:0
+
+MPI random in range: previously small >0
+mpi_random_sizes:1:"1234567890":4:1
+
+MPI random in range: previously small <0
+mpi_random_sizes:1:"1234567890":4:-1
+
+MPI random in range: previously large >0
+mpi_random_sizes:1:"1234":4:65
+
+MPI random in range: previously large <0
+mpi_random_sizes:1:"1234":4:-65
+
+MPI random bad arguments: min < 0
+mpi_random_fail:-1:"04":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min = N = 0
+mpi_random_fail:0:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min = N = 1
+mpi_random_fail:1:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 0
+mpi_random_fail:1:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 1
+mpi_random_fail:2:"01":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+
+MPI random bad arguments: min > N = 1, 0 limb in upper bound
+mpi_random_fail:2:"000000000000000001":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
MPI Selftest
depends_on:MBEDTLS_SELF_TEST
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index c5bb5a6..360916a 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -6,6 +6,18 @@
#define MPI_MAX_BITS_LARGER_THAN_792
#endif
+/* Check the validity of the sign bit in an MPI object. Reject representations
+ * that are not supported by the rest of the library and indicate a bug when
+ * constructing the value. */
+static int sign_is_valid( const mbedtls_mpi *X )
+{
+ if( X->s != 1 && X->s != -1 )
+ return( 0 ); // invalid sign bit, e.g. 0
+ if( mbedtls_mpi_bitlen( X ) == 0 && X->s != 1 )
+ return( 0 ); // negative zero
+ return( 1 );
+}
+
typedef struct mbedtls_test_mpi_random
{
data_t *data;
@@ -64,6 +76,50 @@
return( 0 );
}
+/* Test whether bytes represents (in big-endian base 256) a number b that
+ * is significantly above a power of 2. That is, b must not have a long run
+ * of unset bits after the most significant bit.
+ *
+ * Let n be the bit-size of b, i.e. the integer such that 2^n <= b < 2^{n+1}.
+ * This function returns 1 if, when drawing a number between 0 and b,
+ * the probability that this number is at least 2^n is not negligible.
+ * This probability is (b - 2^n) / b and this function checks that this
+ * number is above some threshold A. The threshold value is heuristic and
+ * based on the needs of mpi_random_many().
+ */
+static int is_significantly_above_a_power_of_2( data_t *bytes )
+{
+ const uint8_t *p = bytes->x;
+ size_t len = bytes->len;
+ unsigned x;
+
+ /* Skip leading null bytes */
+ while( len > 0 && p[0] == 0 )
+ {
+ ++p;
+ --len;
+ }
+ /* 0 is not significantly above a power of 2 */
+ if( len == 0 )
+ return( 0 );
+ /* Extract the (up to) 2 most significant bytes */
+ if( len == 1 )
+ x = p[0];
+ else
+ x = ( p[0] << 8 ) | p[1];
+
+ /* Shift the most significant bit of x to position 8 and mask it out */
+ while( ( x & 0xfe00 ) != 0 )
+ x >>= 1;
+ x &= 0x00ff;
+
+ /* At this point, x = floor((b - 2^n) / 2^(n-8)). b is significantly above
+ * a power of 2 iff x is significantly above 0 compared to 2^8.
+ * Testing x >= 2^4 amounts to picking A = 1/16 in the function
+ * description above. */
+ return( x >= 0x10 );
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -321,6 +377,7 @@
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read );
if( result_read == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, output_size, &len ) == result_write );
if( result_write == 0 )
{
@@ -345,6 +402,7 @@
TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
@@ -364,6 +422,7 @@
TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
@@ -385,7 +444,7 @@
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
@@ -417,7 +476,7 @@
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
@@ -458,6 +517,7 @@
if( result == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
buflen = mbedtls_mpi_size( &X );
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
@@ -481,7 +541,7 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
file_out = fopen( output_file, "w" );
TEST_ASSERT( file_out != NULL );
@@ -507,7 +567,7 @@
{
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_get_bit( &X, pos ) == val );
exit:
@@ -522,12 +582,13 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, output_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, output_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_set_bit( &X, pos, val ) == result );
if( result == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
}
@@ -542,7 +603,7 @@
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_lsb( &X ) == (size_t) nr_bits );
exit:
@@ -556,7 +617,7 @@
mbedtls_mpi X;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_bitlen( &X ) == (size_t) nr_bits );
exit:
@@ -571,10 +632,11 @@
mbedtls_mpi A, X, Y, Z;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_gcd( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -603,8 +665,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == input_A );
exit:
@@ -622,8 +684,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &X, size_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_grow( &Y, size_Y ) == 0 );
@@ -644,8 +706,8 @@
mbedtls_mpi X, Y;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_abs( &X, &Y ) == input_A );
exit:
@@ -654,55 +716,125 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy_sint( int input_X, int input_Y )
+void mbedtls_mpi_copy( char *src_hex, char *dst_hex )
{
- mbedtls_mpi X, Y;
+ mbedtls_mpi src, dst, ref;
+ mbedtls_mpi_init( &src );
+ mbedtls_mpi_init( &dst );
+ mbedtls_mpi_init( &ref );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &src, 16, src_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ref, 16, dst_hex ) == 0 );
+
+ /* mbedtls_mpi_copy() */
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_copy( &dst, &src ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_assign(), assignment done */
+ mbedtls_mpi_free( &dst );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 1 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &src ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_assign(), assignment not done */
+ mbedtls_mpi_free( &dst );
+ TEST_ASSERT( mbedtls_test_read_mpi( &dst, 16, dst_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &dst, &src, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &dst ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &dst, &ref ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &src );
+ mbedtls_mpi_free( &dst );
+ mbedtls_mpi_free( &ref );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_copy_self( char *input_X )
+{
+ mbedtls_mpi X, A;
+ mbedtls_mpi_init( &A );
+ mbedtls_mpi_init( &X );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
+
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, 16, input_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
+
+exit:
+ mbedtls_mpi_free( &A );
+ mbedtls_mpi_free( &X );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_mpi_swap( char *X_hex, char *Y_hex )
+{
+ mbedtls_mpi X, Y, X0, Y0;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
+ mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y0, 16, Y_hex ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 );
+ /* mbedtls_mpi_swap() */
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ mbedtls_mpi_swap( &X, &Y );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_swap(), swap done */
+ mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &Y );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
+
+ /* mbedtls_mpi_safe_cond_swap(), swap not done */
+ mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &Y );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, 16, Y_hex ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
+ TEST_ASSERT( sign_is_valid( &Y ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &Y0 ) == 0 );
exit:
mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
+ mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy_binary( data_t *input_X, data_t *input_Y )
+void mpi_swap_self( char *X_hex )
{
- mbedtls_mpi X, Y, X0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &X0 );
+ mbedtls_mpi X, X0;
+ mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, 16, X_hex ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X0, 16, X_hex ) == 0 );
+
+ mbedtls_mpi_swap( &X, &X );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &Y, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
-
exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &X0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mpi_copy_self( int input_X )
-{
- mbedtls_mpi X;
- mbedtls_mpi_init( &X );
-
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &X, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X );
+ mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
}
/* END_CASE */
@@ -713,10 +845,14 @@
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_grow( &X, before ) == 0 );
- TEST_ASSERT( used <= before );
- memset( X.p, 0x2a, used * sizeof( mbedtls_mpi_uint ) );
+ if( used > 0 )
+ {
+ size_t used_bit_count = used * 8 * sizeof( mbedtls_mpi_uint );
+ TEST_ASSERT( mbedtls_mpi_set_bit( &X, used_bit_count - 1, 1 ) == 0 );
+ }
+ TEST_EQUAL( X.n, (size_t) before );
TEST_ASSERT( mbedtls_mpi_shrink( &X, min ) == 0 );
- TEST_ASSERT( X.n == (size_t) after );
+ TEST_EQUAL( X.n, (size_t) after );
exit:
mbedtls_mpi_free( &X );
@@ -724,139 +860,28 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_assign( int x_sign, char * x_str, int y_sign,
- char * y_str )
-{
- mbedtls_mpi X, Y, XX;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &XX );
-
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 );
- X.s = x_sign;
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 );
- Y.s = y_sign;
- TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_assign( &X, &Y, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y ); mbedtls_mpi_free( &XX );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_safe_cond_swap( int x_sign, char * x_str, int y_sign,
- char * y_str )
-{
- mbedtls_mpi X, Y, XX, YY;
-
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &XX ); mbedtls_mpi_init( &YY );
-
- TEST_ASSERT( mbedtls_mpi_read_string( &X, 16, x_str ) == 0 );
- X.s = x_sign;
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, 16, y_str ) == 0 );
- Y.s = y_sign;
-
- TEST_ASSERT( mbedtls_mpi_copy( &XX, &X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_copy( &YY, &Y ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &XX ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &YY ) == 0 );
-
- TEST_ASSERT( mbedtls_mpi_safe_cond_swap( &X, &Y, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &XX ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &YY ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &XX ); mbedtls_mpi_free( &YY );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_swap_sint( int input_X, int input_Y )
-{
- mbedtls_mpi X, Y;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
-
- TEST_ASSERT( mbedtls_mpi_lset( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_lset( &Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_Y ) == 0 );
-
- mbedtls_mpi_swap( &X, &Y );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &X, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, input_X ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mbedtls_mpi_swap_binary( data_t *input_X, data_t *input_Y )
-{
- mbedtls_mpi X, Y, X0, Y0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y );
- mbedtls_mpi_init( &X0 ); mbedtls_mpi_init( &Y0 );
-
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y, input_Y->x, input_Y->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &Y0, input_Y->x, input_Y->len ) == 0 );
-
- mbedtls_mpi_swap( &X, &Y );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &Y0 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &X0 ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &Y );
- mbedtls_mpi_free( &X0 ); mbedtls_mpi_free( &Y0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void mpi_swap_self( data_t *input_X )
-{
- mbedtls_mpi X, X0;
- mbedtls_mpi_init( &X ); mbedtls_mpi_init( &X0 );
-
- TEST_ASSERT( mbedtls_mpi_read_binary( &X, input_X->x, input_X->len ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_binary( &X0, input_X->x, input_X->len ) == 0 );
-
- mbedtls_mpi_swap( &X, &X );
- TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &X0 ) == 0 );
-
-exit:
- mbedtls_mpi_free( &X ); mbedtls_mpi_free( &X0 );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
void mbedtls_mpi_add_mpi( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A )
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_mpi( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -871,18 +896,21 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &X, 0 ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_mpi( &X, &X, &X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -898,19 +926,22 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_abs( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_add_abs( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -925,9 +956,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_add_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -942,19 +974,22 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &X, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_mpi( &Y, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Y ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
exit:
@@ -971,23 +1006,26 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_sub_abs( &Z, &X, &Y );
TEST_ASSERT( res == sub_result );
+ TEST_ASSERT( sign_is_valid( &Z ) );
if( res == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
/* result == first operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &X, &X, &Y ) == sub_result );
+ TEST_ASSERT( sign_is_valid( &X ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
/* result == second operand */
TEST_ASSERT( mbedtls_mpi_sub_abs( &Y, &X, &Y ) == sub_result );
+ TEST_ASSERT( sign_is_valid( &Y ) );
if( sub_result == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Y, &A ) == 0 );
@@ -1003,9 +1041,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_sub_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -1020,10 +1059,11 @@
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_mpi( &Z, &X, &Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
exit:
@@ -1039,9 +1079,10 @@
mbedtls_mpi X, Z, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_mul_int( &Z, &X, input_Y ) == 0 );
+ TEST_ASSERT( sign_is_valid( &Z ) );
if( strcmp( result_comparison, "==" ) == 0 )
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
else if( strcmp( result_comparison, "!=" ) == 0 )
@@ -1064,14 +1105,16 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R );
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &B );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 );
res = mbedtls_mpi_div_mpi( &Q, &R, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Q ) );
+ TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
@@ -1092,13 +1135,15 @@
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &R ); mbedtls_mpi_init( &A );
mbedtls_mpi_init( &B );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &B, radix_B, input_B ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &B, radix_B, input_B ) == 0 );
res = mbedtls_mpi_div_int( &Q, &R, &X, input_Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Q ) );
+ TEST_ASSERT( sign_is_valid( &R ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &A ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &B ) == 0 );
}
@@ -1118,13 +1163,14 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_mod_mpi( &X, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
}
@@ -1142,7 +1188,7 @@
mbedtls_mpi_uint r;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
res = mbedtls_mpi_mod_int( &r, &X, input_Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
@@ -1158,26 +1204,41 @@
/* BEGIN_CASE */
void mbedtls_mpi_exp_mod( int radix_A, char * input_A, int radix_E,
char * input_E, int radix_N, char * input_N,
- int radix_RR, char * input_RR, int radix_X,
- char * input_X, int div_result )
+ int radix_X, char * input_X, int exp_result )
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &N );
mbedtls_mpi_init( &RR ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
- if( strlen( input_RR ) )
- TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
-
- res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
- TEST_ASSERT( res == div_result );
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, NULL );
+ TEST_ASSERT( res == exp_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Z ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ }
+
+ /* Now test again with the speed-up parameter supplied as an output. */
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
+ TEST_ASSERT( res == exp_result );
+ if( res == 0 )
+ {
+ TEST_ASSERT( sign_is_valid( &Z ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
+ }
+
+ /* Now test again with the speed-up parameter supplied in calculated form. */
+ res = mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR );
+ TEST_ASSERT( res == exp_result );
+ if( res == 0 )
+ {
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &X ) == 0 );
}
@@ -1211,7 +1272,7 @@
TEST_ASSERT( mbedtls_mpi_set_bit( &N, 0, 1 ) == 0 );
if( strlen( input_RR ) )
- TEST_ASSERT( mbedtls_mpi_read_string( &RR, radix_RR, input_RR ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &RR, radix_RR, input_RR ) == 0 );
TEST_ASSERT( mbedtls_mpi_exp_mod( &Z, &A, &E, &N, &RR ) == exp_result );
@@ -1230,13 +1291,14 @@
int res;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &Y ); mbedtls_mpi_init( &Z ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Y, radix_Y, input_Y ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Y, radix_Y, input_Y ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
res = mbedtls_mpi_inv_mod( &Z, &X, &Y );
TEST_ASSERT( res == div_result );
if( res == 0 )
{
+ TEST_ASSERT( sign_is_valid( &Z ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Z, &A ) == 0 );
}
@@ -1252,7 +1314,7 @@
int res;
mbedtls_mpi_init( &X );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == div_result );
@@ -1312,6 +1374,7 @@
TEST_ASSERT( actual_bits >= (size_t) bits );
TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
mbedtls_test_rnd_std_rand,
@@ -1338,9 +1401,10 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_l( &X, shift_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -1355,9 +1419,10 @@
mbedtls_mpi X, A;
mbedtls_mpi_init( &X ); mbedtls_mpi_init( &A );
- TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &A, radix_A, input_A ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &X, radix_X, input_X ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &A, radix_A, input_A ) == 0 );
TEST_ASSERT( mbedtls_mpi_shift_r( &X, shift_X ) == 0 );
+ TEST_ASSERT( sign_is_valid( &X ) );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &X, &A ) == 0 );
exit:
@@ -1366,13 +1431,23 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_fill_random( int wanted_bytes, int rng_bytes, int expected_ret )
+void mpi_fill_random( int wanted_bytes, int rng_bytes,
+ int before, int expected_ret )
{
mbedtls_mpi X;
int ret;
size_t bytes_left = rng_bytes;
mbedtls_mpi_init( &X );
+ if( before != 0 )
+ {
+ /* Set X to sign(before) * 2^(|before|-1) */
+ TEST_ASSERT( mbedtls_mpi_lset( &X, before > 0 ? 1 : -1 ) == 0 );
+ if( before < 0 )
+ before = - before;
+ TEST_ASSERT( mbedtls_mpi_shift_l( &X, before - 1 ) == 0 );
+ }
+
ret = mbedtls_mpi_fill_random( &X, wanted_bytes,
f_rng_bytes_left, &bytes_left );
TEST_ASSERT( ret == expected_ret );
@@ -1389,6 +1464,7 @@
TEST_ASSERT( mbedtls_mpi_size( &X ) + leading_zeros ==
(size_t) wanted_bytes );
TEST_ASSERT( (int) bytes_left == rng_bytes - wanted_bytes );
+ TEST_ASSERT( sign_is_valid( &X ) );
}
exit:
@@ -1396,6 +1472,170 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void mpi_random_many( int min, data_t *bound_bytes, int iterations )
+{
+ /* Generate numbers in the range 1..bound-1. Do it iterations times.
+ * This function assumes that the value of bound is at least 2 and
+ * that iterations is large enough that a one-in-2^iterations chance
+ * effectively never occurs.
+ */
+
+ mbedtls_mpi upper_bound;
+ size_t n_bits;
+ mbedtls_mpi result;
+ size_t b;
+ /* If upper_bound is small, stats[b] is the number of times the value b
+ * has been generated. Otherwise stats[b] is the number of times a
+ * value with bit b set has been generated. */
+ size_t *stats = NULL;
+ size_t stats_len;
+ int full_stats;
+ size_t i;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ n_bits = mbedtls_mpi_bitlen( &upper_bound );
+ /* Consider a bound "small" if it's less than 2^5. This value is chosen
+ * to be small enough that the probability of missing one value is
+ * negligible given the number of iterations. It must be less than
+ * 256 because some of the code below assumes that "small" values
+ * fit in a byte. */
+ if( n_bits <= 5 )
+ {
+ full_stats = 1;
+ stats_len = bound_bytes->x[bound_bytes->len - 1];
+ }
+ else
+ {
+ full_stats = 0;
+ stats_len = n_bits;
+ }
+ ASSERT_ALLOC( stats, stats_len );
+
+ for( i = 0; i < (size_t) iterations; i++ )
+ {
+ mbedtls_test_set_step( i );
+ TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_ASSERT( sign_is_valid( &result ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+ if( full_stats )
+ {
+ uint8_t value;
+ TEST_EQUAL( 0, mbedtls_mpi_write_binary( &result, &value, 1 ) );
+ TEST_ASSERT( value < stats_len );
+ ++stats[value];
+ }
+ else
+ {
+ for( b = 0; b < n_bits; b++ )
+ stats[b] += mbedtls_mpi_get_bit( &result, b );
+ }
+ }
+
+ if( full_stats )
+ {
+ for( b = min; b < stats_len; b++ )
+ {
+ mbedtls_test_set_step( 1000000 + b );
+ /* Assert that each value has been reached at least once.
+ * This is almost guaranteed if the iteration count is large
+ * enough. This is a very crude way of checking the distribution.
+ */
+ TEST_ASSERT( stats[b] > 0 );
+ }
+ }
+ else
+ {
+ int statistically_safe_all_the_way =
+ is_significantly_above_a_power_of_2( bound_bytes );
+ for( b = 0; b < n_bits; b++ )
+ {
+ mbedtls_test_set_step( 1000000 + b );
+ /* Assert that each bit has been set in at least one result and
+ * clear in at least one result. Provided that iterations is not
+ * too small, it would be extremely unlikely for this not to be
+ * the case if the results are uniformly distributed.
+ *
+ * As an exception, the top bit may legitimately never be set
+ * if bound is a power of 2 or only slightly above.
+ */
+ if( statistically_safe_all_the_way || b != n_bits - 1 )
+ {
+ TEST_ASSERT( stats[b] > 0 );
+ }
+ TEST_ASSERT( stats[b] < (size_t) iterations );
+ }
+ }
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+ mbedtls_free( stats );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_random_sizes( int min, data_t *bound_bytes, int nlimbs, int before )
+{
+ mbedtls_mpi upper_bound;
+ mbedtls_mpi result;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ if( before != 0 )
+ {
+ /* Set result to sign(before) * 2^(|before|-1) */
+ TEST_ASSERT( mbedtls_mpi_lset( &result, before > 0 ? 1 : -1 ) == 0 );
+ if( before < 0 )
+ before = - before;
+ TEST_ASSERT( mbedtls_mpi_shift_l( &result, before - 1 ) == 0 );
+ }
+
+ TEST_EQUAL( 0, mbedtls_mpi_grow( &result, nlimbs ) );
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ TEST_EQUAL( 0, mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_ASSERT( sign_is_valid( &result ) );
+ TEST_ASSERT( mbedtls_mpi_cmp_mpi( &result, &upper_bound ) < 0 );
+ TEST_ASSERT( mbedtls_mpi_cmp_int( &result, min ) >= 0 );
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mpi_random_fail( int min, data_t *bound_bytes, int expected_ret )
+{
+ mbedtls_mpi upper_bound;
+ mbedtls_mpi result;
+ int actual_ret;
+
+ mbedtls_mpi_init( &upper_bound );
+ mbedtls_mpi_init( &result );
+
+ TEST_EQUAL( 0, mbedtls_mpi_read_binary( &upper_bound,
+ bound_bytes->x, bound_bytes->len ) );
+ actual_ret = mbedtls_mpi_random( &result, min, &upper_bound,
+ mbedtls_test_rnd_std_rand, NULL );
+ TEST_EQUAL( expected_ret, actual_ret );
+
+exit:
+ mbedtls_mpi_free( &upper_bound );
+ mbedtls_mpi_free( &result );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mpi_selftest( )
{
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index bc469b6..82d1573 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -670,8 +670,8 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( mbedtls_md_info_from_type( digest ) != NULL )
@@ -713,8 +713,8 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
if( digest != MBEDTLS_MD_NONE )
@@ -801,7 +801,7 @@
TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &mbedtls_pk_ec( prv )->d, 16, d_str ) == 0 );
TEST_ASSERT( mbedtls_pk_setup( &pub, mbedtls_pk_info_from_type( pk_type ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
@@ -883,8 +883,9 @@
void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret )
{
mbedtls_pk_context pk;
- size_t sig_len;
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ size_t sig_len, hash_len;
+ mbedtls_md_type_t md = MBEDTLS_MD_SHA256;
+ unsigned char *hash = NULL;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
void *rs_ctx = NULL;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -898,40 +899,43 @@
mbedtls_ecp_set_max_ops( 42000 );
#endif
+ hash_len = mbedtls_md_get_size( mbedtls_md_info_from_type( md ) );
+ ASSERT_ALLOC( hash, hash_len );
+
mbedtls_pk_init( &pk );
USE_PSA_INIT( );
- memset( hash, 0x2a, sizeof hash );
+ memset( hash, 0x2a, hash_len );
memset( sig, 0, sizeof sig );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
TEST_ASSERT( pk_genkey( &pk, parameter ) == 0 );
- TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, md,
+ hash, hash_len, sig, &sig_len,
mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
else
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) == verify_ret );
+ TEST_ASSERT( mbedtls_pk_verify( &pk, md,
+ hash, hash_len, sig, sig_len ) == verify_ret );
if( verify_ret == 0 )
{
hash[0]++;
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ TEST_ASSERT( mbedtls_pk_verify( &pk, md,
+ hash, hash_len, sig, sig_len ) != 0 );
hash[0]--;
sig[0]++;
- TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len ) != 0 );
+ TEST_ASSERT( mbedtls_pk_verify( &pk, md,
+ hash, hash_len, sig, sig_len ) != 0 );
sig[0]--;
}
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
+ TEST_ASSERT( mbedtls_pk_sign( &pk, md, hash, hash_len,
sig, &sig_len,
mbedtls_test_rnd_std_rand,
NULL ) == sign_ret );
@@ -940,19 +944,19 @@
else
sig_len = MBEDTLS_PK_SIGNATURE_MAX_SIZE;
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx ) == verify_ret );
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx ) == verify_ret );
if( verify_ret == 0 )
{
hash[0]++;
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
hash[0]--;
sig[0]++;
- TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx ) != 0 );
+ TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, md,
+ hash, hash_len, sig, sig_len, rs_ctx ) != 0 );
sig[0]--;
}
@@ -961,6 +965,7 @@
mbedtls_pk_restart_free( rs_ctx );
#endif
mbedtls_pk_free( &pk );
+ mbedtls_free( hash );
USE_PSA_DONE( );
}
/* END_CASE */
@@ -985,8 +990,8 @@
rsa = mbedtls_pk_rsa( pk );
rsa->len = mod / 8;
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &rsa->E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
output, &olen, sizeof( output ),
@@ -1024,12 +1029,12 @@
rsa = mbedtls_pk_rsa( pk );
/* load public key */
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
/* load private key */
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 );
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 068027b..d355340 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -19,6 +19,8 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
@@ -26,8 +28,8 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
@@ -74,10 +76,10 @@
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
@@ -275,6 +277,8 @@
mbedtls_mpi N, P, Q, E;
mbedtls_test_rnd_buf_info info;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
@@ -285,10 +289,10 @@
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
@@ -331,8 +335,8 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
memset( hash_result, 0x00, sizeof( hash_result ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 97f440d..c23a4ad 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -18,6 +18,8 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
@@ -124,6 +126,8 @@
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
+ info.fallback_f_rng = mbedtls_test_rnd_std_rand;
+ info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 91d5197..4964bfa 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -989,7 +989,7 @@
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.pem":0
Parse EC Key #1 (SEC1 DER)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
Parse EC Key #2 (SEC1 PEM)
@@ -1005,15 +1005,15 @@
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0
Parse EC Key #4a (PKCS8 DER, no public key)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopub.der":"NULL":0
Parse EC Key #4b (PKCS8 DER, no public key, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8nopubparam.der":"NULL":0
Parse EC Key #4c (PKCS8 DER, with parameters)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.der":"NULL":0
Parse EC Key #5 (PKCS8 PEM)
@@ -1069,7 +1069,7 @@
pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0
Parse EC Key #15 (SEC1 DER, secp256k1, SpecifiedECDomain)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
Key ASN1 (No data)
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 944ef23..cf524f6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -365,108 +365,144 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDING
-PSA key policy: ECC SECP256R1, sign
+PSA key policy: ECC SECP256R1, SIGN_HASH -> SIGN_HASH+MESSAGE
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY
-PSA key policy: ECC SECP256R1, sign+verify
+PSA key policy: ECC SECP256R1, VERIFY_HASH -> VERIFY_HASH+MESSAGE
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
+
+PSA key policy: ECC SECP256R1, SIGN+VERIFY_HASH -> {SIGN,VERIFY}_{HASH,MESSAGE}
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY
+PSA key policy: ECC SECP256R1, {SIGN,VERIFY}_{HASH,MESSAGE}
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY
+
+PSA key policy: ECC SECP256R1, SIGN_MESSAGE
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
+PSA key policy: ECC SECP256R1, VERIFY_MESSAGE
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
+PSA key policy: ECC SECP256R1, SIGN+VERIFY_MESSAGE
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
Key attributes initializers zero properly
key_attributes_init:
-PSA key policy: MAC, sign | verify
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
-
-PSA key policy: MAC, wrong algorithm
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED
-
-PSA key policy: MAC, alg=0 in policy
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
-
-PSA key policy: MAC, ANY_HASH in policy is not meaningful
-depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
-
-PSA key policy: MAC, sign but not verify
+PSA key policy: MAC, SIGN_HASH -> SIGN_HASH+MESSAGE
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
-PSA key policy: MAC, verify but not sign
+PSA key policy: MAC, VERIFY_HASH -> VERIFY_HASH+MESSAGE
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+PSA key policy: MAC, SIGN+VERIFY_HASH -> {SIGN,VERIFY}_{HASH,MESSAGE}
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA key policy: MAC, {SIGN,VERIFY}_{HASH,MESSAGE}
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA key policy: MAC, SIGN_MESSAGE
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA key policy: MAC, VERIFY_MESSAGE
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA key policy: MAC, SIGN+VERIFY_MESSAGE
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+
PSA key policy: MAC, neither sign nor verify
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
mac_key_policy:0:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+PSA key policy: MAC, wrong algorithm
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_224):PSA_ERROR_NOT_PERMITTED
+
+PSA key policy: MAC, alg=0 in policy
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+
+PSA key policy: MAC, ANY_HASH in policy is not meaningful
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+
PSA key policy: HMAC, sign-verify, tag length > min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 30):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length = min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length < min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
PSA key policy: CMAC, sign-verify, tag length > min-length policy
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 16):PSA_SUCCESS
PSA key policy: CMAC, sign-verify, tag length = min-length policy
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 10):PSA_SUCCESS
PSA key policy: CMAC, sign-verify, tag length < min-length policy
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 10):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 8):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, default tag length > min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 31):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, default tag length = min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 32):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, default tag length < min-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 33):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different hash base)
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy, unmatched base alg (different algorithm)
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_CMAC:PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, min-length policy used as algorithm
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_INVALID_ARGUMENT
PSA key policy: HMAC, sign-verify, tag length > exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_ERROR_NOT_PERMITTED
PSA key policy: HMAC, sign-verify, tag length = exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_SUCCESS
PSA key policy: HMAC, sign-verify, tag length < exact-length policy
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
+mac_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 10):PSA_ERROR_NOT_PERMITTED
PSA key policy: cipher, encrypt | decrypt
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
@@ -604,49 +640,105 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
asymmetric_encryption_key_policy:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT
-PSA key policy: asymmetric signature, sign | verify
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature, sign | verify hash, PKCS#1v1.5 raw
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature, sign | verify hash, ECDSA SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature, sign, key usage extension
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA key policy: asymmetric signature, verify, key usage extension
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature, sign | verify, key usage extension
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wrong algorithm family
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wildcard in policy, wrong algorithm family
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, wrong hash algorithm
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, alg=0 in policy
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, sign but not verify
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA key policy: asymmetric signature, verify but not sign
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: asymmetric signature, neither sign nor verify
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
-asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:0
+
+PSA key policy: asymmetric signature for message, sign | verify
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, wrong algorithm family
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, wildcard in policy, wrong algorithm family
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, wildcard in policy, ECDSA SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, wildcard in policy, PKCS#1v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, wrong hash algorithm
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, alg=0 in policy
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA key policy: asymmetric signature for message, sign but not verify
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA key policy: asymmetric signature for message, verify but not sign
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1:PSA_KEY_USAGE_VERIFY_MESSAGE
PSA key policy: derive via HKDF, permitted
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -716,9 +808,17 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
-PSA key policy algorithm2: ECDH, ECDSA
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY
+PSA key policy algorithm2: ECDH, ECDSA, HASH usage
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
+PSA key policy algorithm2: ECDH, ECDSA, HASH+MESSAGE usage
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+
+PSA key policy algorithm2: ECDH, ECDSA, MESSAGE usage
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
Copy key: raw, 1 byte
copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0
@@ -757,55 +857,63 @@
Copy key: RSA key pair, same usage flags
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+
+Copy key: RSA key pair, extended usage flags
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, fewer usage flags
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, more usage flags
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, intersect usage flags #0
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, intersect usage flags #1
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in source
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in target
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
Copy key: RSA key pair, wildcard algorithm in source and target
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_MD_C
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0
Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+
+Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
Copy key: source=ECDSA+ECDH, target=ECDSA+0
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0
Copy key: source=ECDSA+ECDH, target=0+ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH
Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH
Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256)
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
-copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
+copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256)
Copy fail: raw data, no COPY flag
copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_NOT_PERMITTED
@@ -818,41 +926,45 @@
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+Copy key: source=MAC, target=MAC extended usage flags
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0
+
Copy key: source=MAC min-length, target=MAC length > min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy key: source=MAC min-length, target=MAC length = min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy fail: source=MAC min-length, target=MAC length < min-length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=MAC min-length, target=MAC min-length, src > tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy key: source=MAC min-length, target=MAC min-length, src = tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=MAC min-length, target=MAC min-length, src < tgt
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0
Copy fail: source=MAC, target=MAC min-length > length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
+copy_fail:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 24):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT
Copy key: source=MAC, target=MAC min-length = length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=MAC, target=MAC min-length < length
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
-copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
+copy_success:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0:PSA_KEY_TYPE_HMAC:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 16):0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 20):0
Copy key: source=AEAD min-length, target=AEAD length > min-length
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -1294,6 +1406,22 @@
depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde"
+PSA MAC sign: CMAC-3DES (CAVP vector #95)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_sign:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726"
+
+PSA MAC verify: CMAC-3DES (CAVP vector #95)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_verify:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726"
+
+PSA MAC: CMAC-3DES-2key (not supported in PSA)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_setup:PSA_KEY_TYPE_DES:"89fe91f1c1ef2f01efc4c18f5715894c":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC: CMAC-DES (not supported in PSA)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES
+mac_setup:PSA_KEY_TYPE_DES:"89fe91f1c1ef2f01":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED
+
PSA MAC sign: CMAC-AES-128
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827"
@@ -1354,125 +1482,285 @@
PSA cipher: bad order function calls
cipher_bad_order:
-PSA symmetric encrypt: AES-ECB, 0 bytes, good
+PSA cipher encrypt: without initialization
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS
+cipher_encrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"":"":PSA_ERROR_BAD_STATE
-PSA symmetric encrypt: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
+PSA cipher encrypt: invalid key type
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING
+cipher_encrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_RAW_DATA:"2b7e151628aed2a6abf7158809cf4f3c":"":PSA_ERROR_NOT_SUPPORTED
-PSA symmetric encrypt: AES-ECB, 32 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":PSA_SUCCESS
+PSA cipher encrypt: incompatible key ARC4 for CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_ARC4
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+cipher_encrypt_fail:PSA_ALG_CTR:PSA_KEY_TYPE_ARC4:"2b7e151628aed2a6abf7158809cf4f3c":"":PSA_ERROR_NOT_SUPPORTED
-PSA symmetric encrypt: AES-CBC-nopad, 16 bytes, good
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
+PSA cipher encrypt: bad algorithm (unknown cipher algorithm)
+depends_on:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_fail:PSA_ALG_CATEGORY_CIPHER:PSA_KEY_TYPE_RAW_DATA:"2b7e151628aed2a6abf7158809cf4f3c":"":PSA_ERROR_NOT_SUPPORTED
-PSA symmetric encrypt: AES-CBC-PKCS#7, 16 bytes, good
-depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
-
-PSA symmetric encrypt: AES-CBC-PKCS#7, 15 bytes, good
-depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
+PSA cipher encrypt: bad algorithm (not a cipher algorithm)
+depends_on:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_fail:PSA_ALG_MD4:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric encrypt: AES-ECB, input too short (15 bytes)
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":"":PSA_ERROR_INVALID_ARGUMENT
+cipher_encrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric encrypt: AES-CBC-nopad, input too short
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+cipher_encrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
-PSA symmetric encrypt: AES-CTR, 16 bytes, good
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":""
-PSA symmetric encrypt: AES-CTR, 15 bytes, good
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
+PSA symmetric encrypt: AES-ECB, 16 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":"3ad77bb40d7a3660a89ecaf32466ef97"
-PSA symmetric encrypt: DES-CBC-nopad, 8 bytes, good
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"64f917b0152f8f05":PSA_SUCCESS
-
-PSA symmetric encrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"5d0652429c5b0ac7":PSA_SUCCESS
-
-PSA symmetric encrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
-depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_encrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":"817ca7d69b80d86a":PSA_SUCCESS
+PSA symmetric encrypt: AES-ECB, 32 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1"
PSA symmetric encrypt: 2-key 3DES-ECB, 8 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"c78e2b38139610e3":"5d0652429c5b0ac7":PSA_SUCCESS
+cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"c78e2b38139610e3":"5d0652429c5b0ac7"
PSA symmetric encrypt: 3-key 3DES-ECB, 8 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_encrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":"817ca7d69b80d86a":PSA_SUCCESS
+cipher_encrypt_alg_without_iv:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"c78e2b38139610e3":"817ca7d69b80d86a"
-PSA symmetric decrypt: AES-ECB, 0 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":"":PSA_SUCCESS
-
-PSA symmetric decrypt: AES-ECB, 16 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS
-
-PSA symmetric decrypt: AES-ECB, 32 bytes, good
-depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
-
-PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
+PSA symmetric encrypt validation: AES-CBC-nopad, 16 bytes, good
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
-PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good
+PSA symmetric encrypt validation: AES-CBC-PKCS#7, 16 bytes, good
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
-PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good
+PSA symmetric encrypt validation: AES-CBC-PKCS#7, 15 bytes, good
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
+
+PSA symmetric encrypt validation: AES-CTR, 16 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric encrypt validation: AES-CTR, 15 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
+
+PSA symmetric encrypt validation: DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"eda4011239bc3ac9"
+
+PSA symmetric encrypt validation: 2-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"eda4011239bc3ac9"
+
+PSA symmetric encrypt validation: 3-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_validation:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"eda4011239bc3ac9"
+
+PSA symmetric encrypt multipart: AES-ECB, 0 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-ECB, 16 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-ECB, 32 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":32:32:0:"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CBC-nopad, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CBC-PKCS#7, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CBC-PKCS#7, 15 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:0:0:"6279b49d7f7a8dd87b685175d4276e24":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-ECB, input too short (15 bytes)
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e11739317":0:0:0:"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric encrypt multipart: AES-CBC-nopad, input too short
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":0:0:0:"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric encrypt multipart: AES-CTR, 16 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CTR, 15 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":8:8:0:"64f917b0152f8f05":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: 2-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":8:8:0:"5d0652429c5b0ac7":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: 3-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"eda4011239bc3ac9":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: 2-key 3DES-ECB, 8 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"c78e2b38139610e3":8:8:0:"5d0652429c5b0ac7":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: 3-key 3DES-ECB, 8 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"c78e2b38139610e3":8:8:0:"817ca7d69b80d86a":PSA_SUCCESS
+
+PSA cipher decrypt: without initialization
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"":"":"":PSA_ERROR_BAD_STATE
+
+PSA cipher decrypt: invalid key type
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING
+cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_RAW_DATA:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher decrypt: incompatible key ARC4 for CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_ARC4
+# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here
+cipher_decrypt_fail:PSA_ALG_CTR:PSA_KEY_TYPE_ARC4:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher decrypt: bad algorithm (unknown cipher algorithm)
+cipher_decrypt_fail:PSA_ALG_CATEGORY_CIPHER:PSA_KEY_TYPE_RAW_DATA:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"":PSA_ERROR_NOT_SUPPORTED
+
+PSA cipher decrypt: bad algorithm (not a cipher algorithm)
+depends_on:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_fail:PSA_ALG_MD4:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-CBC-PKCS#7, input too short (15 bytes)
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT
-
-PSA symmetric decrypt: AES-CTR, 16 bytes, good
-depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
+cipher_decrypt_fail:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-ECB, input too short (15 bytes)
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT
+cipher_decrypt_fail:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes)
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric decrypt: AES-ECB, 0 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":""
+
+PSA symmetric decrypt: AES-ECB, 16 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":"63cecc46a382414d5fa7d2b79387437f"
+
+PSA symmetric decrypt: AES-ECB, 32 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97"
+
+PSA symmetric decrypt: AES-CBC-nopad, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"49e4e66c89a86b67758df89db9ad6955"
+
+PSA symmetric decrypt: AES-CBC-PKCS#7, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":"6bc1bee22e409f96e93d7e117393172a"
+
+PSA symmetric decrypt: AES-CBC-PKCS#7, 15 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":"6bc1bee22e409f96e93d7e11739317"
+
+PSA symmetric decrypt: AES-CTR, 16 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"dd3b5e5319b7591daab1e1a92687feb2"
PSA symmetric decrypt: DES-CBC-nopad, 8 bytes, good
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":"eda4011239bc3ac9"
PSA symmetric decrypt: 2-key 3DES-CBC-nopad, 8 bytes, good
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":"eda4011239bc3ac9"
PSA symmetric decrypt: 3-key 3DES-CBC-nopad, 8 bytes, good
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":"eda4011239bc3ac9"
PSA symmetric decrypt: 2-key 3DES-ECB, 8 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":"c78e2b38139610e3":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":"c78e2b38139610e3"
PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
-cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3":PSA_SUCCESS
+cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3"
+
+PSA symmetric decrypt multipart: AES-ECB, 0 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"":0:0:0:"":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-ECB, 16 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"63cecc46a382414d5fa7d2b79387437f":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-ECB, 32 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef972249a2638c6f1c755a84f9681a9f08c1":32:32:0:"6bc1bee22e409f96e93d7e117393172a3ad77bb40d7a3660a89ecaf32466ef97":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CBC-nopad, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"49e4e66c89a86b67758df89db9ad6955":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CBC-PKCS#7, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743bca7e8a15dc3c776436314293031cd4f3":16:0:16:"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CBC-PKCS#7, 15 bytes, good
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6279b49d7f7a8dd87b685175d4276e24":16:0:0:"6bc1bee22e409f96e93d7e11739317":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CBC-PKCS#7, input too short (15 bytes)
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:0:"49e4e66c89a86b67758df89db9ad6955":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric decrypt multipart: AES-CTR, 16 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-ECB, input too short (15 bytes)
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"396ee84fb75fdbb5c2b13c7fe5a654":0:0:0:"63cecc46a382414d5fa7d2b7938743":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric decrypt multipart: AES-CBC-nopad, input too short (5 bytes)
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":0:0:0:"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
+
+PSA symmetric decrypt multipart: DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0e":"2a2a2a2a2a2a2a2a":"64f917b0152f8f05":8:8:0:"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: 2-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"2a2a2a2a2a2a2a2a":"5d0652429c5b0ac7":8:8:0:"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: 3-key 3DES-CBC-nopad, 8 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"2a2a2a2a2a2a2a2a":"817ca7d69b80d86a":8:8:0:"eda4011239bc3ac9":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: 2-key 3DES-ECB, 8 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce":"":"5d0652429c5b0ac7":8:8:0:"c78e2b38139610e3":PSA_SUCCESS
+
+PSA symmetric decrypt multipart: 3-key 3DES-ECB, 8 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":8:8:0:"c78e2b38139610e3":PSA_SUCCESS
PSA symmetric encrypt/decrypt: AES-ECB, 16 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
@@ -1496,151 +1784,171 @@
PSA symmetric encryption multipart: AES-ECB, 16+16 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c"
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS
PSA symmetric encryption multipart: AES-ECB, 13+19 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":13:0:32:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c"
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":13:0:32:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS
PSA symmetric encryption multipart: AES-ECB, 24+12 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":24:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c"
+cipher_encrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":24:16:16:"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":7:0:16:"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 3+13 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":3:0:16:"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 4+12 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":4:0:16:"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 11+5 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:0:16:"a076ec9dfbe47d52afc357336f20743b":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 16+16 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 12+20 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:0:32:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CBC-nopad, 20+12 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f"
+cipher_encrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:16:16:"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 0+15 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 15+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 0+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 16+16 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 11+21 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":11:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-ECB, 28+4 bytes
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"":"3ad77bb40d7a3660a89ecaf32466ef9755ed5e9e066820fa52c729886d18854c":28:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 7+9 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":7:0:16:"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 3+13 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":3:0:16:"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 11+5 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b":11:0:16:"6bc1bee22e409f96e93d7e117393172a":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 16+16 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":16:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 12+20 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":12:0:32:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CBC-nopad, 20+12 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef"
+cipher_decrypt_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"a076ec9dfbe47d52afc357336f20743b89906f2f9207ac02aa658cb4ef19c61f":20:16:16:"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 11+5 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 16+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 12+20 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 20+12 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 12+10 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 0+15 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 15+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 0+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 16+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":PSA_SUCCESS
+
+PSA symmetric encrypt/decrypt multipart: AES-ECB, 16 bytes, good
+depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output_multipart:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16
+
+PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 16 bytes, good
+depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output_multipart:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16
+
+PSA symmetric encrypt/decrypt multipart: AES-CBC-PKCS#7, 16 bytes
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16
+
+PSA symmetric encrypt/decrypt multipart: AES-CBC-PKCS#7, 15 bytes
+depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317":15
+
+PSA symmetric encrypt/decrypt multipart: AES-CTR
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_verify_output_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a":16
PSA symmetric encrypt/decrypt multipart: AES-CBC-nopad, 11+5 bytes
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
@@ -1650,25 +1958,33 @@
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_AES
cipher_verify_output_multipart:PSA_ALG_CBC_PKCS7:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"a076ec9dfbe47d52afc357336f20743b":4
-PSA symmetric encrypt: ChaCha20, K=0 N=0
+PSA symmetric encrypt validation: ChaCha20, K=0 N=0
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
-cipher_encrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
-PSA symmetric encrypt: ChaCha20, K=rand N=rand
+PSA symmetric encrypt validation: ChaCha20, K=rand N=rand
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
-cipher_encrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
+
+PSA symmetric encrypt multipart: ChaCha20, K=0 N=0
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
+cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":64:64:0:"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":PSA_SUCCESS
+
+PSA symmetric encrypt multipart: ChaCha20, K=rand N=rand
+depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
+cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":64:64:0:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
PSA symmetric encryption multipart: ChaCha20, 14+50 bytes
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
-cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+cipher_encrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
-PSA symmetric decrypt: ChaCha20, K=rand N=rand
+PSA symmetric decrypt multipart: ChaCha20, K=rand N=rand
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
-cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
+cipher_decrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":64:64:0:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
PSA symmetric decryption multipart: ChaCha20, 14+50 bytes
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
-cipher_decrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4"
+cipher_decrypt_multipart:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":"a170d9349d24955aa4501891":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":14:14:50:"9ba7d8de0c6b579fc436e368619e09228070d23246c836d6c6b4c476af6f5eb2b78fbe809d03f7881e6af28cfe3746e8dcf1eb7f762fe7d003141f1539a6cec4":PSA_SUCCESS
PSA AEAD encrypt/decrypt: AES-CCM, 19 bytes #1
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
@@ -2106,197 +2422,421 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
-PSA sign: RSA PKCS#1 v1.5, raw
+PSA sign hash: RSA PKCS#1 v1.5, raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
+sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a"
-PSA sign: RSA PKCS#1 v1.5 SHA-256
+PSA sign hash: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
-PSA sign: deterministic ECDSA SECP256R1 SHA-256
+PSA sign hash: deterministic ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
-PSA sign: deterministic ECDSA SECP256R1 SHA-384
+PSA sign hash: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca"
+sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca"
-PSA sign: deterministic ECDSA SECP384R1 SHA-256
+PSA sign hash: deterministic ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C
-sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f"
+sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f"
-PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size
+PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard)
+PSA sign hash: RSA PKCS#1 v1.5, invalid hash (wildcard)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: RSA PKCS#1 v1.5 raw, input too large
+PSA sign hash: RSA PKCS#1 v1.5 raw, input too large
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: RSA PKCS#1 v1.5 SHA-256, output buffer too small
+PSA sign hash: RSA PKCS#1 v1.5 SHA-256, output buffer too small
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL
-PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
+PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL
-PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer
+PSA sign hash: RSA PKCS#1 v1.5 SHA-256, empty output buffer
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL
+sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL
-PSA sign: deterministic ECDSA SECP256R1 SHA-256, empty output buffer
+PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, empty output buffer
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL
-PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
+PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (0)
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard)
+PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard)
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: invalid key type, signing with a public key
+PSA sign hash: invalid key type, signing with a public key
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C
-sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: invalid algorithm for ECC key
+PSA sign hash: invalid algorithm for ECC key
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
-PSA sign: deterministic ECDSA not supported
+PSA sign hash: deterministic ECDSA not supported
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C
-sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED
+sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED
-PSA sign/verify: RSA PKCS#1 v1.5, raw
+PSA sign/verify hash: RSA PKCS#1 v1.5, raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
+sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
-PSA sign/verify: RSA PKCS#1 v1.5 SHA-256
+PSA sign/verify hash: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
+sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
-PSA sign/verify: RSA PSS SHA-256, 0 bytes
+PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
+sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
-PSA sign/verify: RSA PSS SHA-256, 32 bytes (hash size)
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"
-
-PSA sign/verify: RSA PSS SHA-256, 129 bytes
-depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
-
-PSA sign/verify: randomized ECDSA SECP256R1 SHA-256
+PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256
+PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/verify: randomized ECDSA SECP256R1 SHA-384
+PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
-PSA sign/verify: deterministic ECDSA SECP256R1 SHA-384
+PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f"
-PSA sign/verify: randomized ECDSA SECP384R1 SHA-256
+PSA sign/verify hash: randomized ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA sign/verify: deterministic ECDSA SECP384R1 SHA-256
+PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C
-sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
+sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
-PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
-PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
+PSA verify hash with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash length
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty)
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated)
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk)
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
+PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: RSA PSS SHA-256, good signature, 0 bytes
+PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d"
+verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
-PSA verify: RSA PSS SHA-256, good signature, 32 bytes (hash size)
+PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT
-PSA verify: RSA PSS SHA-256, good signature, 129 bytes
+PSA verify hash: RSA PSS SHA-256, wrong hash length (129 bytes)
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
-asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308"
+verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT
-PSA verify: ECDSA SECP256R1, good
+PSA verify hash: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
-PSA verify with keypair: ECDSA SECP256R1, good
+PSA verify hash with keypair: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
+verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
-PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
+PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: ECDSA SECP256R1, wrong signature of correct size
+PSA verify hash: ECDSA SECP256R1, wrong signature of correct size
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: ECDSA SECP256R1, wrong signature (empty)
+PSA verify hash: ECDSA SECP256R1, wrong signature (empty)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: ECDSA SECP256R1, wrong signature (truncated)
+PSA verify hash: ECDSA SECP256R1, wrong signature (truncated)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: ECDSA SECP256R1, wrong signature (trailing junk)
+PSA verify hash: ECDSA SECP256R1, wrong signature (trailing junk)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: ECDSA SECP256R1, wrong signature (leading junk)
+PSA verify hash: ECDSA SECP256R1, wrong signature (leading junk)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
+verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
-PSA verify: invalid algorithm for ECC key
+PSA verify hash: invalid algorithm for ECC key
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
-asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA sign message: deterministic ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548"
+
+PSA sign message: deterministic ECDSA SECP256R1 SHA-384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066"
+
+PSA sign message: deterministic ECDSA SECP384R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C
+sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"3548ea85eb66d756ae90fd64a3104b5b9a17aa282f8722409762e9da4811ec5d3060a97d3450b4bc484cd21ac588f563c4873843506fed8609b7d093db0e9a2496c36995ee74c906528af6898feb502f45bfb1e9ccf371416c68d32bb5ebc1b6"
+
+PSA sign message: RSA PKCS#1 v1.5, invalid hash (wildcard)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"616263":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: RSA PKCS#1 v1.5, invalid hash algorithm (0)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(0):"616263":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: RSA PKCS#1 v1.5 SHA-256, output buffer too small
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":127:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign message: RSA PKCS#1 v1.5 SHA-256, empty output buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign message: RSA PKCS#1 v1.5 without hash
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: ECDSA SECP256R1 SHA-256, output buffer too small
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":63:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign message: ECDSA SECP256R1 SHA-256, empty output buffer
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL
+
+PSA sign message: ECDSA SECP256R1 SHA-256, invalid key type
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":64:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: invalid algorithm for ECC key
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":72:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign message: deterministic ECDSA not supported
+depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED
+
+PSA sign message: ECDSA without hash
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"616263":96:PSA_ERROR_INVALID_ARGUMENT
+
+PSA sign/verify message: RSA PKCS#1 v1.5 SHA-256
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263"
+
+PSA sign/verify message: RSA PSS SHA-256
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263"
+
+PSA sign/verify message: RSA PSS SHA-256, 0 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):""
+
+PSA sign/verify message: RSA PSS SHA-256, 32 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: RSA PSS SHA-256, 128 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: RSA PSS SHA-256, 129 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263"
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 0 bytes
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):""
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 32 bytes
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 64 bytes
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 65 bytes
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+
+PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263"
+
+PSA sign/verify message: randomized ECDSA SECP256R1 SHA-384
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263"
+
+PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263"
+
+PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263"
+
+PSA sign/verify message: deterministic ECDSA SECP384R1 SHA-256
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C
+sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263"
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, good signature
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
+
+PSA verify message: RSA PSS SHA-256, good signature, 0 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4"
+
+PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d"
+
+PSA verify message: RSA PSS SHA-256, good signature, 128 bytes (signature size)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5"
+
+PSA verify message: RSA PSS SHA-256, good signature, 129 bytes
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830"
+
+PSA verify message: ECDSA SECP256R1 SHA-256, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b"
+
+PSA verify message with keypair: ECDSA SECP256R1 SHA-256, good
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b"
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: RSA PKCS#1 v1.5 without hash
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT
+
+PSA verify message: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"304502200b295f3dc3ac2bde92f550b7e73a2de15a753b4ebc761c521a32d1ed9bf5800a022100fe7301254058347c3dec7768f62dfc63f7c049d28bfdd1d6712126fd888e9f04":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: ECDSA SECP256R1, wrong signature of correct size
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf00":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: ECDSA SECP256R1, wrong signature (empty)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: ECDSA SECP256R1, wrong signature (truncated)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: ECDSA SECP256R1, wrong signature (trailing junk)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0bff":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: ECDSA SECP256R1, wrong signature (leading junk)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"ff0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b":PSA_ERROR_INVALID_SIGNATURE
+
+PSA verify message: invalid algorithm for ECC key
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C
+verify_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
+
+PSA verify message: ECDSA without hash
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"":"":PSA_ERROR_INVALID_ARGUMENT
PSA encrypt: RSA PKCS#1 v1.5, good
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C
@@ -2489,6 +3029,22 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+PSA key derivation: HKDF-SHA-256, good case, omitted salt
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, info first
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, info after salt
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: HKDF-SHA-256, good case, omitted salt, info first
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
PSA key derivation: HKDF-SHA-256, good case, key output
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
@@ -2523,6 +3079,10 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+PSA key derivation: HKDF-SHA-256, missing secret, key output
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+
PSA key derivation: HKDF-SHA-256, RAW_DATA key as salt
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_RAW_DATA:"412073616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
@@ -2545,14 +3105,94 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_DERIVE:"4120696e666f":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: HKDF-SHA-256, salt after secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, missing secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, missing info
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate salt step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, direct)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, key)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (key, direct)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate secret step (key, key)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate info step (non-consecutive)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, duplicate info step (consecutive)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject label step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject seed step
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, good case
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-256, missing label
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, missing label and secret
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS 1.2 PRF SHA-256, no inputs
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
+derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, key first
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, key first
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation: TLS 1.2 PRF SHA-256, label first
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
@@ -2605,20 +3245,36 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
+PSA key derivation: ECDH on P256 with HKDF-SHA256, info first
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
+
PSA key derivation: ECDH on P256 with HKDF-SHA256, key output
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS
-PSA key derivation: HKDF invalid state (double generate + read past capacity)
+PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
+derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation over capacity: HKDF
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256)
+derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256)
-PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity)
+PSA key derivation over capacity: TLS 1.2 PRF
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
+derive_over_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
-PSA key derivation: invalid state (call read/get_capacity after init and abort)
-test_derive_invalid_key_derivation_tests:
+PSA key derivation: actions without setup
+derive_actions_without_setup:
PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -3081,7 +3737,7 @@
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:512:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
PSA generate key: RSA, 1024 bits, good, encrypt (OAEP SHA-256)
-depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_GENPRIME:MBEDTLS_MD_C
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):PSA_SUCCESS:0
PSA generate key: RSA, 0 bits: invalid
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 310b2a7..82f17c8 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -16,6 +16,14 @@
#include "test/psa_crypto_helpers.h"
#include "test/psa_exercise_key.h"
+/* If this comes up, it's a bug in the test code or in the test data. */
+#define UNUSED 0xdeadbeef
+
+/* Assert that an operation is (not) active.
+ * This serves as a proxy for checking if the operation is aborted. */
+#define ASSERT_OPERATION_IS_ACTIVE( operation ) TEST_ASSERT( operation.id != 0 )
+#define ASSERT_OPERATION_IS_INACTIVE( operation ) TEST_ASSERT( operation.id == 0 )
+
/** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U;
@@ -375,7 +383,8 @@
PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_type( &got_attributes ), type );
- TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
+ TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ),
+ mbedtls_test_update_key_usage_flags( usage ) );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
ASSERT_NO_SLOT_NUMBER( &got_attributes );
@@ -796,7 +805,9 @@
int usage_arg, int alg_arg )
{
test_effective_key_attributes( type_arg, type_arg, bits_arg, bits_arg,
- usage_arg, usage_arg, alg_arg, alg_arg );
+ usage_arg,
+ mbedtls_test_update_key_usage_flags( usage_arg ),
+ alg_arg, alg_arg );
goto exit;
}
/* END_CASE */
@@ -837,16 +848,20 @@
/* END_CASE */
/* BEGIN_CASE */
-void mac_key_policy( int policy_usage,
- int policy_alg,
- int key_type,
+void mac_key_policy( int policy_usage_arg,
+ int policy_alg_arg,
+ int key_type_arg,
data_t *key_data,
- int exercise_alg,
+ int exercise_alg_arg,
int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t policy_alg = policy_alg_arg;
+ psa_algorithm_t exercise_alg = exercise_alg_arg;
+ psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
unsigned char mac[PSA_MAC_MAX_SIZE];
@@ -860,6 +875,9 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ mbedtls_test_update_key_usage_flags( policy_usage ) );
+
status = psa_mac_sign_setup( &operation, key, exercise_alg );
if( ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) == 0 )
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -883,7 +901,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void cipher_key_policy( int policy_usage,
+void cipher_key_policy( int policy_usage_arg,
int policy_alg,
int key_type,
data_t *key_data,
@@ -892,6 +910,7 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -903,6 +922,10 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ /* Check if no key usage flag implication is done */
+ TEST_EQUAL( policy_usage,
+ mbedtls_test_update_key_usage_flags( policy_usage ) );
+
status = psa_cipher_encrypt_setup( &operation, key, exercise_alg );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_ENCRYPT ) != 0 )
@@ -926,7 +949,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void aead_key_policy( int policy_usage,
+void aead_key_policy( int policy_usage_arg,
int policy_alg,
int key_type,
data_t *key_data,
@@ -937,6 +960,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
psa_status_t expected_status = expected_status_arg;
unsigned char nonce[16] = {0};
@@ -957,6 +981,10 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ /* Check if no key usage implication is done */
+ TEST_EQUAL( policy_usage,
+ mbedtls_test_update_key_usage_flags( policy_usage ) );
+
status = psa_aead_encrypt( key, exercise_alg,
nonce, nonce_length,
NULL, 0,
@@ -989,7 +1017,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_encryption_key_policy( int policy_usage,
+void asymmetric_encryption_key_policy( int policy_usage_arg,
int policy_alg,
int key_type,
data_t *key_data,
@@ -997,6 +1025,7 @@
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_usage_t policy_usage = policy_usage_arg;
psa_status_t status;
size_t key_bits;
size_t buffer_length;
@@ -1012,6 +1041,10 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ /* Check if no key usage implication is done */
+ TEST_EQUAL( policy_usage,
+ mbedtls_test_update_key_usage_flags( policy_usage ) );
+
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
key_bits = psa_get_key_bits( &attributes );
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits,
@@ -1056,15 +1089,18 @@
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_signature_key_policy( int policy_usage,
+void asymmetric_signature_key_policy( int policy_usage_arg,
int policy_alg,
int key_type,
data_t *key_data,
int exercise_alg,
- int payload_length_arg )
+ int payload_length_arg,
+ int expected_usage_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_usage_t policy_usage = policy_usage_arg;
+ psa_key_usage_t expected_usage = expected_usage_arg;
psa_status_t status;
unsigned char payload[PSA_HASH_MAX_SIZE] = {1};
/* If `payload_length_arg > 0`, `exercise_alg` is supposed to be
@@ -1076,6 +1112,11 @@
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0};
size_t signature_length;
+ /* Check if all implicit usage flags are deployed
+ in the expected usage flags. */
+ TEST_EQUAL( expected_usage,
+ mbedtls_test_update_key_usage_flags( policy_usage ) );
+
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, policy_usage );
@@ -1085,11 +1126,13 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ), expected_usage );
+
status = psa_sign_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ),
&signature_length );
- if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
+ if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_HASH ) != 0 )
PSA_ASSERT( status );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
@@ -1098,11 +1141,33 @@
status = psa_verify_hash( key, exercise_alg,
payload, payload_length,
signature, sizeof( signature ) );
- if( compatible_alg && ( policy_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
+ if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_HASH ) != 0 )
TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
else
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ if( PSA_ALG_IS_HASH_AND_SIGN( exercise_alg ) &&
+ PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( exercise_alg ) ) )
+ {
+ status = psa_sign_message( key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ),
+ &signature_length );
+ if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE ) != 0 )
+ PSA_ASSERT( status );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+
+ memset( signature, 0, sizeof( signature ) );
+ status = psa_verify_message( key, exercise_alg,
+ payload, payload_length,
+ signature, sizeof( signature ) );
+ if( compatible_alg && ( expected_usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) != 0 )
+ TEST_EQUAL( status, PSA_ERROR_INVALID_SIGNATURE );
+ else
+ TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
+ }
+
exit:
psa_destroy_key( key );
PSA_DONE( );
@@ -1215,6 +1280,8 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ /* Update the usage flags to obtain implicit usage flags */
+ usage = mbedtls_test_update_key_usage_flags( usage );
PSA_ASSERT( psa_get_key_attributes( key, &got_attributes ) );
TEST_EQUAL( psa_get_key_usage_flags( &got_attributes ), usage );
TEST_EQUAL( psa_get_key_algorithm( &got_attributes ), alg );
@@ -1598,15 +1665,28 @@
/* Call setup twice in a row. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_hash_setup( &operation, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update without calling setup beforehand. */
TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_hash_abort( &operation ) );
+ /* Check that update calls abort on error. */
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ operation.id = UINT_MAX;
+ ASSERT_OPERATION_IS_ACTIVE( operation );
+ TEST_EQUAL( psa_hash_update( &operation, input, sizeof( input ) ),
+ PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+
/* Call update after finish. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
PSA_ASSERT( psa_hash_finish( &operation,
@@ -1632,11 +1712,14 @@
/* Call verify twice in a row. */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
PSA_ASSERT( psa_hash_verify( &operation,
valid_hash, sizeof( valid_hash ) ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
TEST_EQUAL( psa_hash_verify( &operation,
valid_hash, sizeof( valid_hash ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_hash_abort( &operation ) );
/* Call finish without calling setup beforehand. */
@@ -1685,8 +1768,12 @@
/* psa_hash_verify with a smaller hash than expected */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_hash_verify( &operation, hash, expected_size - 1 ),
PSA_ERROR_INVALID_SIGNATURE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
+ PSA_ASSERT( psa_hash_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* psa_hash_verify with a non-matching hash */
PSA_ASSERT( psa_hash_setup( &operation, alg ) );
@@ -1929,9 +2016,12 @@
/* Call setup twice in a row. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_sign_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update after sign finish. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
@@ -1977,19 +2067,25 @@
/* Setup sign but try verify. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Setup verify but try sign. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
&sign_mac_length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_mac_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_destroy_key( key ) );
@@ -2045,7 +2141,21 @@
mbedtls_test_set_step( output_size );
ASSERT_ALLOC( actual_mac, output_size );
- /* Calculate the MAC. */
+ /* Calculate the MAC, one-shot case. */
+ TEST_EQUAL( psa_mac_compute( key, alg,
+ input->x, input->len,
+ actual_mac, output_size, &mac_length ),
+ expected_status );
+ if( expected_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_mac->x, expected_mac->len,
+ actual_mac, mac_length );
+ }
+
+ if( output_size > 0 )
+ memset( actual_mac, 0, output_size );
+
+ /* Calculate the MAC, multi-part case. */
PSA_ASSERT( psa_mac_sign_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2097,7 +2207,11 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
- /* Test the correct MAC. */
+ /* Verify correct MAC, one-shot case. */
+ PSA_ASSERT( psa_mac_verify( key, alg, input->x, input->len,
+ expected_mac->x, expected_mac->len ) );
+
+ /* Verify correct MAC, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2105,7 +2219,14 @@
expected_mac->x,
expected_mac->len ) );
- /* Test a MAC that's too short. */
+ /* Test a MAC that's too short, one-shot case. */
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ expected_mac->x,
+ expected_mac->len - 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Test a MAC that's too short, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2114,9 +2235,15 @@
expected_mac->len - 1 ),
PSA_ERROR_INVALID_SIGNATURE );
- /* Test a MAC that's too long. */
+ /* Test a MAC that's too long, one-shot case. */
ASSERT_ALLOC( perturbed_mac, expected_mac->len + 1 );
memcpy( perturbed_mac, expected_mac->x, expected_mac->len );
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len + 1 ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
+ /* Test a MAC that's too long, multi-part case. */
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2130,6 +2257,12 @@
{
mbedtls_test_set_step( i );
perturbed_mac[i] ^= 1;
+
+ TEST_EQUAL( psa_mac_verify( key, alg,
+ input->x, input->len,
+ perturbed_mac, expected_mac->len ),
+ PSA_ERROR_INVALID_SIGNATURE );
+
PSA_ASSERT( psa_mac_verify_setup( &operation, key, alg ) );
PSA_ASSERT( psa_mac_update( &operation,
input->x, input->len ) );
@@ -2254,15 +2387,21 @@
/* Call encrypt setup twice in a row. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_encrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call decrypt setup twice in a row. */
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_decrypt_setup( &operation, key, alg ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Generate an IV without calling setup beforehand. */
TEST_EQUAL( psa_cipher_generate_iv( &operation,
@@ -2276,11 +2415,14 @@
PSA_ASSERT( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_generate_iv( &operation,
buffer, sizeof( buffer ),
&length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Generate an IV after it's already set. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2302,10 +2444,13 @@
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
PSA_ASSERT( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_set_iv( &operation,
iv, sizeof( iv ) ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Set an IV after it's already generated. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2326,12 +2471,16 @@
PSA_ASSERT( psa_cipher_abort( &operation ) );
/* Call update without an IV where an IV is required. */
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_update( &operation,
text, sizeof( text ),
buffer, sizeof( buffer ),
&length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call update after finish. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2356,10 +2505,13 @@
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
/* Not calling update means we are encrypting an empty buffer, which is OK
* for cipher modes with padding. */
+ ASSERT_OPERATION_IS_ACTIVE( operation );
TEST_EQUAL( psa_cipher_finish( &operation,
buffer, sizeof( buffer ), &length ),
PSA_ERROR_BAD_STATE );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_OPERATION_IS_INACTIVE( operation );
/* Call finish twice in a row. */
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
@@ -2381,10 +2533,11 @@
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input, data_t *expected_output,
- int expected_status_arg )
+void cipher_encrypt_fail( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input,
+ int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
@@ -2393,8 +2546,97 @@
psa_status_t expected_status = expected_status_arg;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if ( PSA_ERROR_BAD_STATE != expected_status )
+ {
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg,
+ input->len );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ }
+
+ status = psa_cipher_encrypt( key, alg, input->x, input->len, output,
+ output_buffer_size, &output_length );
+
+ TEST_EQUAL( status, expected_status );
+
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_alg_without_iv( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input,
+ data_t *expected_output )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output,
+ output_buffer_size, &output_length ) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, output_length );
+exit:
+ mbedtls_free( output );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_validation( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
+ unsigned char *output1 = NULL;
+ size_t output1_buffer_size = 0;
+ size_t output1_length = 0;
+ unsigned char *output2 = NULL;
+ size_t output2_buffer_size = 0;
+ size_t output2_length = 0;
size_t function_output_length = 0;
- size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -2404,53 +2646,55 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
+ ASSERT_ALLOC( output1, output1_buffer_size );
+ ASSERT_ALLOC( output2, output2_buffer_size );
+
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
-
- if( iv->len > 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- }
-
- output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output_buffer_size <=
+ /* The one-shot cipher encryption uses generated iv so validating
+ the output is not possible. Validating with multipart encryption. */
+ PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
+ output1_buffer_size, &output1_length ) );
+ TEST_ASSERT( output1_length <=
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
+ TEST_ASSERT( output1_length <=
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
- ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
PSA_ASSERT( psa_cipher_update( &operation,
input->x, input->len,
- output, output_buffer_size,
+ output2, output2_buffer_size,
&function_output_length ) );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
- total_output_length += function_output_length;
+ output2_length += function_output_length;
- status = psa_cipher_finish( &operation,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length );
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length ) );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
- total_output_length += function_output_length;
+ output2_length += function_output_length;
- TEST_EQUAL( status, expected_status );
- if( expected_status == PSA_SUCCESS )
- {
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
- }
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
+ output2, output2_length );
exit:
psa_cipher_abort( &operation );
- mbedtls_free( output );
+ mbedtls_free( output1 );
+ mbedtls_free( output2 );
psa_destroy_key( key );
PSA_DONE( );
}
@@ -2462,11 +2706,14 @@
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
- data_t *expected_output )
+ data_t *expected_output,
+ int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
size_t first_part_size = first_part_size_arg;
size_t output1_length = output1_length_arg;
size_t output2_length = output2_length_arg;
@@ -2493,9 +2740,8 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output_buffer_size <=
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
ASSERT_ALLOC( output, output_buffer_size );
TEST_ASSERT( first_part_size <= input->len );
@@ -2509,36 +2755,44 @@
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output2_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
- total_output_length += function_output_length;
+ if( first_part_size < input->len )
+ {
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ ( output_buffer_size == 0 ? NULL :
+ output + total_output_length ),
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output2_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ total_output_length += function_output_length;
+ }
- PSA_ASSERT( psa_cipher_finish( &operation,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
+ status = psa_cipher_finish( &operation,
+ ( output_buffer_size == 0 ? NULL :
+ output + total_output_length ),
+ output_buffer_size - total_output_length,
+ &function_output_length );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
TEST_ASSERT( function_output_length <=
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL( status, expected_status );
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+ }
exit:
psa_cipher_abort( &operation );
@@ -2554,11 +2808,14 @@
data_t *input,
int first_part_size_arg,
int output1_length_arg, int output2_length_arg,
- data_t *expected_output )
+ data_t *expected_output,
+ int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
size_t first_part_size = first_part_size_arg;
size_t output1_length = output1_length_arg;
size_t output2_length = output2_length_arg;
@@ -2585,9 +2842,8 @@
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
}
- output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output_buffer_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
+ output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
ASSERT_ALLOC( output, output_buffer_size );
TEST_ASSERT( first_part_size <= input->len );
@@ -2602,94 +2858,25 @@
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length == output2_length );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
- alg,
- input->len - first_part_size ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
- total_output_length += function_output_length;
-
- PSA_ASSERT( psa_cipher_finish( &operation,
- ( output_buffer_size == 0 ? NULL :
- output + total_output_length ),
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
- total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
-
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
-
-exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input, data_t *expected_output,
- int expected_status_arg )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_status_t status;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- psa_status_t expected_status = expected_status_arg;
- unsigned char *output = NULL;
- size_t output_buffer_size = 0;
- size_t function_output_length = 0;
- size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- PSA_ASSERT( psa_crypto_init( ) );
-
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
-
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
-
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
-
- if( iv->len > 0 )
+ if( first_part_size < input->len )
{
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ ( output_buffer_size == 0 ? NULL :
+ output + total_output_length ),
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_ASSERT( function_output_length == output2_length );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
+ alg,
+ input->len - first_part_size ) );
+ TEST_ASSERT( function_output_length <=
+ PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
+ total_output_length += function_output_length;
}
- output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output_buffer_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
- ASSERT_ALLOC( output, output_buffer_size );
-
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
- total_output_length += function_output_length;
-
status = psa_cipher_finish( &operation,
( output_buffer_size == 0 ? NULL :
output + total_output_length ),
@@ -2705,6 +2892,7 @@
if( expected_status == PSA_SUCCESS )
{
PSA_ASSERT( psa_cipher_abort( &operation ) );
+
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
}
@@ -2718,25 +2906,132 @@
/* END_CASE */
/* BEGIN_CASE */
-void cipher_verify_output( int alg_arg, int key_type_arg,
+void cipher_decrypt_fail( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_status_t status;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *input = NULL;
+ size_t input_buffer_size = 0;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ if ( PSA_ERROR_BAD_STATE != expected_status )
+ {
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ }
+
+ /* Allocate input buffer and copy the iv and the plaintext */
+ input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
+ if ( input_buffer_size > 0 )
+ {
+ ASSERT_ALLOC( input, input_buffer_size );
+ memcpy( input, iv->x, iv->len );
+ memcpy( input + iv->len, input_arg->x, input_arg->len );
+ }
+
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length );
+ TEST_EQUAL( status, expected_status );
+
+exit:
+ mbedtls_free( input );
+ mbedtls_free( output );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_decrypt( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ data_t *expected_output )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ unsigned char *input = NULL;
+ size_t input_buffer_size = 0;
+ unsigned char *output = NULL;
+ size_t output_buffer_size = 0;
+ size_t output_length = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ /* Allocate input buffer and copy the iv and the plaintext */
+ input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
+ if ( input_buffer_size > 0 )
+ {
+ ASSERT_ALLOC( input, input_buffer_size );
+ memcpy( input, iv->x, iv->len );
+ memcpy( input + iv->len, input_arg->x, input_arg->len );
+ }
+
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
+ ASSERT_ALLOC( output, output_buffer_size );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ PSA_ASSERT( psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length ) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size ) );
+ TEST_ASSERT( output_length <=
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input_buffer_size ) );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, output_length );
+exit:
+ mbedtls_free( input );
+ mbedtls_free( output );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_verify_output( int alg_arg,
+ int key_type_arg,
data_t *key_data,
data_t *input )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
- unsigned char iv[16] = {0};
- size_t iv_size = 16;
- size_t iv_length = 0;
unsigned char *output1 = NULL;
size_t output1_size = 0;
size_t output1_length = 0;
unsigned char *output2 = NULL;
size_t output2_size = 0;
size_t output2_length = 0;
- size_t function_output_length = 0;
- psa_cipher_operation_t operation1 = PSA_CIPHER_OPERATION_INIT;
- psa_cipher_operation_t operation2 = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@@ -2747,82 +3042,31 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
-
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation1, key, alg ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation2, key, alg ) );
-
- if( alg != PSA_ALG_ECB_NO_PADDING )
- {
- PSA_ASSERT( psa_cipher_generate_iv( &operation1,
- iv, iv_size,
- &iv_length ) );
- }
output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
- TEST_ASSERT( output1_size <=
- PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
ASSERT_ALLOC( output1, output1_size );
- PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
- output1, output1_size,
- &output1_length ) );
+ PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len,
+ output1, output1_size,
+ &output1_length ) );
TEST_ASSERT( output1_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
+ PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len ) );
TEST_ASSERT( output1_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
-
- PSA_ASSERT( psa_cipher_finish( &operation1,
- output1 + output1_length,
- output1_size - output1_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
-
- output1_length += function_output_length;
-
- PSA_ASSERT( psa_cipher_abort( &operation1 ) );
+ PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
output2_size = output1_length;
- TEST_ASSERT( output2_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
- TEST_ASSERT( output2_size <=
- PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_ALLOC( output2, output2_size );
- if( iv_length > 0 )
- {
- PSA_ASSERT( psa_cipher_set_iv( &operation2,
- iv, iv_length ) );
- }
-
- PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
- output2, output2_size,
- &output2_length ) );
+ PSA_ASSERT( psa_cipher_decrypt( key, alg, output1, output1_length,
+ output2, output2_size,
+ &output2_length ) );
TEST_ASSERT( output2_length <=
- PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) );
+ PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
TEST_ASSERT( output2_length <=
- PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) );
-
- function_output_length = 0;
- PSA_ASSERT( psa_cipher_finish( &operation2,
- output2 + output2_length,
- output2_size - output2_length,
- &function_output_length ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
- TEST_ASSERT( function_output_length <=
- PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
-
- output2_length += function_output_length;
-
- PSA_ASSERT( psa_cipher_abort( &operation2 ) );
+ PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
ASSERT_COMPARE( input->x, input->len, output2, output2_length );
exit:
- psa_cipher_abort( &operation1 );
- psa_cipher_abort( &operation2 );
mbedtls_free( output1 );
mbedtls_free( output2 );
psa_destroy_key( key );
@@ -3235,9 +3479,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void sign_deterministic( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data,
- data_t *output_data )
+void sign_hash_deterministic( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ data_t *output_data )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3301,9 +3545,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void sign_fail( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data,
- int signature_size_arg, int expected_status_arg )
+void sign_hash_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data,
+ int signature_size_arg, int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3356,8 +3600,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void sign_verify( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *input_data )
+void sign_verify_hash( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *input_data )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3427,9 +3671,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_verify( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *hash_data,
- data_t *signature_data )
+void verify_hash( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3467,10 +3711,10 @@
/* END_CASE */
/* BEGIN_CASE */
-void asymmetric_verify_fail( int key_type_arg, data_t *key_data,
- int alg_arg, data_t *hash_data,
- data_t *signature_data,
- int expected_status_arg )
+void verify_hash_fail( int key_type_arg, data_t *key_data,
+ int alg_arg, data_t *hash_data,
+ data_t *signature_data,
+ int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
@@ -3508,6 +3752,239 @@
/* END_CASE */
/* BEGIN_CASE */
+void sign_message_deterministic( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *output_data )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *signature = NULL;
+ size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
+ PSA_ASSERT( psa_sign_message( key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
+
+ ASSERT_COMPARE( output_data->x, output_data->len,
+ signature, signature_length );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+
+ psa_destroy_key( key );
+ mbedtls_free( signature );
+ PSA_DONE( );
+
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_message_fail( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ int signature_size_arg,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t signature_size = signature_size_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *signature = NULL;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ ASSERT_ALLOC( signature, signature_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ actual_status = psa_sign_message( key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length );
+ TEST_EQUAL( actual_status, expected_status );
+ /* The value of *signature_length is unspecified on error, but
+ * whatever it is, it should be less than signature_size, so that
+ * if the caller tries to read *signature_length bytes without
+ * checking the error code then they don't overflow a buffer. */
+ TEST_ASSERT( signature_length <= signature_size );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ mbedtls_free( signature );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void sign_verify_message( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
+ unsigned char *signature = NULL;
+ size_t signature_size;
+ size_t signature_length = 0xdeadbeef;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_VERIFY_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg );
+ TEST_ASSERT( signature_size != 0 );
+ TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE );
+ ASSERT_ALLOC( signature, signature_size );
+
+ PSA_ASSERT( psa_sign_message( key, alg,
+ input_data->x, input_data->len,
+ signature, signature_size,
+ &signature_length ) );
+ TEST_ASSERT( signature_length <= signature_size );
+ TEST_ASSERT( signature_length > 0 );
+
+ PSA_ASSERT( psa_verify_message( key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ) );
+
+ if( input_data->len != 0 )
+ {
+ /* Flip a bit in the input and verify that the signature is now
+ * detected as invalid. Flip a bit at the beginning, not at the end,
+ * because ECDSA may ignore the last few bits of the input. */
+ input_data->x[0] ^= 1;
+ TEST_EQUAL( psa_verify_message( key, alg,
+ input_data->x, input_data->len,
+ signature, signature_length ),
+ PSA_ERROR_INVALID_SIGNATURE );
+ }
+
+exit:
+ psa_reset_key_attributes( &attributes );
+
+ psa_destroy_key( key );
+ mbedtls_free( signature );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void verify_message( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input_data,
+ data_t *signature_data )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ PSA_ASSERT( psa_verify_message( key, alg,
+ input_data->x, input_data->len,
+ signature_data->x, signature_data->len ) );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void verify_message_fail( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *hash_data,
+ data_t *signature_data,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t actual_status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ actual_status = psa_verify_message( key, alg,
+ hash_data->x, hash_data->len,
+ signature_data->x,
+ signature_data->len );
+ TEST_EQUAL( actual_status, expected_status );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void asymmetric_encrypt( int key_type_arg,
data_t *key_data,
int alg_arg,
@@ -3895,7 +4372,12 @@
for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
{
- if( key_types[i] != PSA_KEY_TYPE_NONE )
+ mbedtls_test_set_step( i );
+ if( steps[i] == 0 )
+ {
+ /* Skip this step */
+ }
+ else if( key_types[i] != PSA_KEY_TYPE_NONE )
{
psa_set_key_type( &attributes, key_types[i] );
PSA_ASSERT( psa_import_key( &attributes,
@@ -3954,7 +4436,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_key_derivation_state( int alg_arg )
+void derive_over_capacity( int alg_arg )
{
psa_algorithm_t alg = alg_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
@@ -4005,7 +4487,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void test_derive_invalid_key_derivation_tests( )
+void derive_actions_without_setup( )
{
uint8_t output_buffer[16];
size_t buffer_size = 16;
@@ -4956,7 +5438,8 @@
PSA_KEY_LIFETIME_PERSISTENT );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
TEST_EQUAL( psa_get_key_bits( &attributes ), bits );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ mbedtls_test_update_key_usage_flags( usage_flags ) );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
/* Export the key again if permitted by the key policy. */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 2513883..ead7a69 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -1,35 +1,68 @@
sign_hash through transparent driver: calculate in driver
-ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
+ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
sign_hash through transparent driver: fallback
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
+ecdsa_sign_hash:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
sign_hash through transparent driver: error
-ecdsa_sign:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR
+ecdsa_sign_hash:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR
sign_hash through transparent driver: fake
-ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
+ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
verify_hash using private key through transparent driver: calculate in driver
-ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+ecdsa_verify_hash:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using private key through transparent driver: fallback
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using private key through transparent driver: error
-ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
+ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
verify_hash using public key through transparent driver: calculate in driver
-ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+ecdsa_verify_hash:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using public key through transparent driver: fallback
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
-ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
+ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
verify_hash using public key through transparent driver: error
-ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
+ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR
+
+sign_message through transparent driver: calculate in driver
+ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+
+sign_message through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+ecdsa_sign_message:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS
+
+sign_message through transparent driver: error
+ecdsa_sign_message:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_ERROR_GENERIC_ERROR
+
+sign_message through transparent driver: fake
+ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS
+
+verify_message using private key through transparent driver: calculate in driver
+ecdsa_verify_message:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message using private key through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message using private key through transparent driver: error
+ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
+
+verify_message using public key through transparent driver: calculate in driver
+ecdsa_verify_message:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message using public key through transparent driver: fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
+ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS
+
+verify_message using public key through transparent driver: error
+ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR
generate_key through transparent driver: fake
generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS
@@ -84,29 +117,45 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256
export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR
-PSA symmetric encrypt: AES-CTR, 16 bytes, good
+PSA symmetric encrypt validation: AES-CTR, 16 bytes, good
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
-PSA symmetric encrypt: AES-CTR, 15 bytes, good
+PSA symmetric encrypt validation: AES-CTR, 15 bytes, good
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
-PSA symmetric encrypt: AES-CTR, 16 bytes, fallback
+PSA symmetric encrypt validation: AES-CTR, 16 bytes, fallback
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e117393172a"
-PSA symmetric encrypt: AES-CTR, 15 bytes, fallback
+PSA symmetric encrypt validation: AES-CTR, 15 bytes, fallback
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+cipher_encrypt_validation:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"6bc1bee22e409f96e93d7e11739317"
-PSA symmetric encrypt: AES-CTR, 16 bytes, fake
+PSA symmetric encrypt multipart: AES-CTR, 16 bytes, good
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
-PSA symmetric encrypt: AES-CTR, 15 bytes, fake
+PSA symmetric encrypt multipart: AES-CTR, 15 bytes, good
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fallback
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CTR, 15 bytes, fallback
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CTR, 16 bytes, fake
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:8:0:"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
+
+PSA symmetric encrypt multipart: AES-CTR, 15 bytes, fake
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:8:0:"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decrypt: AES-CTR, 16 bytes, good
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
@@ -120,84 +169,96 @@
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
+PSA symmetric decrypt multipart: AES-CTR, 16 bytes, good
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_SUCCESS:PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fallback
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_CIPHER
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:16:0:"dd3b5e5319b7591daab1e1a92687feb2":0:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+PSA symmetric decrypt multipart: AES-CTR, 16 bytes, fake
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"396ee84fb75fdbb5c2b13c7fe5a654aa":16:8:0:"d07a6a6e2687feb2":1:PSA_SUCCESS:PSA_SUCCESS
+
PSA symmetric encryption multipart: AES-CTR, 11+5 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 16+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 12+20 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 20+12 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 12+10 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 0+15 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 15+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 0+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric encryption multipart: AES-CTR, 16+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_encrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 11+5 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":11:11:5:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 16+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":16:16:16:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 12+20 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":12:12:20:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 20+12 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597bcef1389318c7fc865ef":20:20:12:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7baf71025f6ef6393ca587":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 12+10 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a5434f378a597":12:12:10:"8f9408fe80a81d3e813da3c7b0b2bd321c965bb1de7b":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 0+15 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":0:0:15:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 15+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e11739317":15:15:0:"8f9408fe80a81d3e813da3c7b0b2bd":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 0+16 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":0:0:16:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
PSA symmetric decryption multipart: AES-CTR, 16+0 bytes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32"
+cipher_decrypt_multipart:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a":16:16:0:"8f9408fe80a81d3e813da3c7b0b2bd32":0:PSA_SUCCESS:PSA_SUCCESS
Cipher driver: negative testing on all entry points
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a"
PSA AEAD encrypt: AES-CCM, 24 bytes
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS
PSA AEAD encrypt: AES-CCM, 24 bytes, fallback
@@ -205,11 +266,11 @@
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_INSUFFICIENT_MEMORY
PSA AEAD encrypt, AES-GCM, 128 bytes #1
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS
PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback
@@ -217,11 +278,11 @@
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_INSUFFICIENT_MEMORY
PSA AEAD decrypt: AES-CCM, 39 bytes
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS
PSA AEAD decrypt: AES-CCM, 39 bytes, fallback
@@ -229,11 +290,11 @@
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED
PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY
-depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_INSUFFICIENT_MEMORY
PSA AEAD decrypt, AES-GCM, 144 bytes #1
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS
PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback
@@ -241,29 +302,139 @@
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED
PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
-depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY
+PSA MAC sign, through driver: HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS
+
+PSA MAC sign, fallback: HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_BUILTIN_ALG_HMAC
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC sign, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR
+
+PSA MAC sign, through driver: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
+
+PSA MAC sign, fallback: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC sign, driver reports error: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR
+
+PSA MAC verify, through driver: HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS
+
+PSA MAC verify, fallback: HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_BUILTIN_ALG_HMAC
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC verify, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR
+
+PSA MAC verify, through driver: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS
+
+PSA MAC verify, fallback: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED
+
+PSA MAC verify, driver reports error: CMAC-AES-128
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES
+mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR
+
PSA opaque driver builtin key export: AES
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
PSA opaque driver builtin key export: AES (registered to ID_MAX-1)
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
PSA opaque driver builtin key export: AES (registered to ID_MAX)
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
PSA opaque driver builtin key export: key ID out of range (ID_MIN - 1)
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
PSA opaque driver builtin key export: key ID out of range (ID_MAX + 1)
+depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
PSA opaque driver builtin key export: secp256r1
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"dc7d9d26d67a4f632c34c2dc0b6986183882c206df04cdb7d69aabe28be4f81a":PSA_SUCCESS
PSA opaque driver builtin pubkey export: secp256r1
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_SUCCESS
PSA opaque driver builtin pubkey export: not a public key
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_ERROR_INVALID_ARGUMENT
+
+Hash compute: SHA-256, computed by the driver
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS:PSA_SUCCESS
+
+Hash compute: SHA-256, fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+Hash compute: SHA-256, no fallback
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+Hash compute: SHA-256, INSUFFICIENT_MEMORY
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+Hash multi-part setup: SHA-256, computed by the driver
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS:PSA_SUCCESS
+
+Hash multi-part setup: SHA-256, fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+Hash multi-part setup: SHA-256, no fallback
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+Hash multi-part setup: SHA-256, INSUFFICIENT_MEMORY
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+Hash multi-part update: SHA-256, update successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash multi-part update: SHA-256, update failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
+
+Hash multi-part finish: SHA-256, finish successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash multi-part finish: SHA-256, finish failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
+
+Hash clone: SHA-256, clone successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_clone:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash clone: SHA-256, clone failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_clone:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 8ccce06..6d78ad5 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -7,13 +7,13 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void ecdsa_sign( int force_status_arg,
- data_t *key_input,
- data_t *data_input,
- data_t *expected_output,
- int fake_output,
- int expected_status_arg )
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
+void ecdsa_sign_hash( int force_status_arg,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
@@ -23,22 +23,25 @@
uint8_t signature[64];
size_t signature_length = 0xdeadbeef;
psa_status_t actual_status;
- test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) );
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
key_input->x, key_input->len,
&key );
- test_driver_signature_sign_hooks.forced_status = force_status;
+ mbedtls_test_driver_signature_sign_hooks.forced_status = force_status;
if( fake_output == 1 )
{
- test_driver_signature_sign_hooks.forced_output = expected_output->x;
- test_driver_signature_sign_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_signature_sign_hooks.forced_output =
+ expected_output->x;
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length =
+ expected_output->len;
}
actual_status = psa_sign_hash( key, alg,
@@ -51,37 +54,39 @@
ASSERT_COMPARE( signature, signature_length,
expected_output->x, expected_output->len );
}
- TEST_EQUAL( test_driver_signature_sign_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, 1 );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
-void ecdsa_verify( int force_status_arg,
- int register_public_key,
- data_t *key_input,
- data_t *data_input,
- data_t *signature_input,
- int expected_status_arg )
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
+void ecdsa_verify_hash( int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg )
{
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
+ psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
psa_status_t actual_status;
- test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
if( register_public_key )
{
psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) );
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -91,7 +96,7 @@
else
{
psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) );
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
psa_set_key_algorithm( &attributes, alg );
psa_import_key( &attributes,
@@ -99,23 +104,142 @@
&key );
}
- test_driver_signature_verify_hooks.forced_status = force_status;
+ mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
actual_status = psa_verify_hash( key, alg,
data_input->x, data_input->len,
signature_input->x, signature_input->len );
TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( test_driver_signature_verify_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, 1 );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
+void ecdsa_sign_message( int force_status_arg,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *expected_output,
+ int fake_output,
+ int expected_status_arg )
+{
+ psa_status_t force_status = force_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
+ uint8_t signature[64];
+ size_t signature_length = 0xdeadbeef;
+ psa_status_t actual_status;
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_set_key_type( &attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_import_key( &attributes,
+ key_input->x, key_input->len,
+ &key );
+
+ mbedtls_test_driver_signature_sign_hooks.forced_status = force_status;
+ if( fake_output == 1 )
+ {
+ mbedtls_test_driver_signature_sign_hooks.forced_output =
+ expected_output->x;
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length =
+ expected_output->len;
+ }
+
+ actual_status = psa_sign_message( key, alg,
+ data_input->x, data_input->len,
+ signature, sizeof( signature ),
+ &signature_length );
+ TEST_EQUAL( actual_status, expected_status );
+ if( expected_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( signature, signature_length,
+ expected_output->x, expected_output->len );
+ }
+ /* In the builtin algorithm the driver is called twice. */
+ TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits,
+ force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */
+void ecdsa_verify_message( int force_status_arg,
+ int register_public_key,
+ data_t *key_input,
+ data_t *data_input,
+ data_t *signature_input,
+ int expected_status_arg )
+{
+ psa_status_t force_status = force_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 );
+ psa_status_t actual_status;
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ if( register_public_key )
+ {
+ psa_set_key_type( &attributes,
+ PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_import_key( &attributes,
+ key_input->x, key_input->len,
+ &key );
+ }
+ else
+ {
+ psa_set_key_type( &attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_import_key( &attributes,
+ key_input->x, key_input->len,
+ &key );
+ }
+
+ mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
+
+ actual_status = psa_verify_message( key, alg,
+ data_input->x, data_input->len,
+ signature_input->x, signature_input->len );
+ TEST_EQUAL( actual_status, expected_status );
+ /* In the builtin algorithm the driver is called twice. */
+ TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits,
+ force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 );
+
+exit:
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
void generate_key( int force_status_arg,
data_t *fake_output,
int expected_status_arg )
@@ -130,28 +254,33 @@
psa_status_t actual_status;
uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0};
size_t actual_output_length;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) );
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
psa_set_key_bits( &attributes, 256 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes, alg );
if( fake_output->len > 0 )
{
- expected_output = test_driver_key_management_hooks.forced_output = fake_output->x;
- expected_output_length = test_driver_key_management_hooks.forced_output_length =
+ expected_output =
+ mbedtls_test_driver_key_management_hooks.forced_output =
+ fake_output->x;
+
+ expected_output_length =
+ mbedtls_test_driver_key_management_hooks.forced_output_length =
fake_output->len;
}
- test_driver_key_management_hooks.hits = 0;
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
actual_status = psa_generate_key( &attributes, &key );
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
if( actual_status == PSA_SUCCESS )
@@ -178,11 +307,12 @@
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
void validate_key( int force_status_arg,
int key_type_arg,
data_t *key_input,
@@ -194,29 +324,31 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t actual_status;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes,
key_type );
psa_set_key_bits( &attributes, 0 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */
void export_key( int force_status_arg,
data_t *fake_output,
int key_in_type_arg,
@@ -236,7 +368,8 @@
psa_status_t actual_status;
uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0};
size_t actual_output_length;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes, input_key_type );
psa_set_key_bits( &attributes, 256 );
@@ -247,8 +380,12 @@
if( fake_output->len > 0 )
{
- expected_output_ptr = test_driver_key_management_hooks.forced_output = fake_output->x;
- expected_output_length = test_driver_key_management_hooks.forced_output_length =
+ expected_output_ptr =
+ mbedtls_test_driver_key_management_hooks.forced_output =
+ fake_output->x;
+
+ expected_output_length =
+ mbedtls_test_driver_key_management_hooks.forced_output_length =
fake_output->len;
}
else
@@ -257,8 +394,8 @@
expected_output_length = expected_output->len;
}
- test_driver_key_management_hooks.hits = 0;
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) )
actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
@@ -268,7 +405,7 @@
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) &&
!PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) )
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
if( actual_status == PSA_SUCCESS )
{
@@ -279,32 +416,139 @@
psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input, data_t *expected_output,
- int mock_output_arg,
- int force_status_arg,
- int expected_status_arg )
+void cipher_encrypt_validation( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *input )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_status_t status;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t iv_size = PSA_CIPHER_IV_LENGTH ( key_type, alg );
+ unsigned char *output1 = NULL;
+ size_t output1_buffer_size = 0;
+ size_t output1_length = 0;
+ unsigned char *output2 = NULL;
+ size_t output2_buffer_size = 0;
+ size_t output2_length = 0;
+ size_t function_output_length = 0;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
+ output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) +
+ PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg );
+ ASSERT_ALLOC( output1, output1_buffer_size );
+ ASSERT_ALLOC( output2, output2_buffer_size );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ PSA_ASSERT( psa_cipher_encrypt( key, alg, input->x, input->len, output1,
+ output1_buffer_size, &output1_length ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ PSA_ASSERT( psa_cipher_set_iv( &operation, output1, iv_size ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x, input->len,
+ output2, output2_buffer_size,
+ &function_output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ output2_length += function_output_length;
+ PSA_ASSERT( psa_cipher_finish( &operation,
+ output2 + output2_length,
+ output2_buffer_size - output2_length,
+ &function_output_length ) );
+ /* Finish will have called abort as well, so expecting two hits here */
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ output2_length += function_output_length;
+
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ // driver function should've been called as part of the finish() core routine
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+ ASSERT_COMPARE( output1 + iv_size, output1_length - iv_size,
+ output2, output2_length );
+
+exit:
+ psa_cipher_abort( &operation );
+ mbedtls_free( output1 );
+ mbedtls_free( output2 );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void cipher_encrypt_multipart( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input,
+ int first_part_size_arg,
+ int output1_length_arg,
+ int output2_length_arg,
+ data_t *expected_output,
+ int mock_output_arg,
+ int force_status_arg,
+ int expected_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t status;
psa_status_t expected_status = expected_status_arg;
psa_status_t force_status = force_status_arg;
+ size_t first_part_size = first_part_size_arg;
+ size_t output1_length = output1_length_arg;
+ size_t output2_length = output2_length_arg;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
size_t function_output_length = 0;
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
- test_driver_cipher_hooks.forced_status = force_status;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
+
+ /* Test operation initialization */
+ mbedtls_psa_cipher_operation_t mbedtls_operation =
+ MBEDTLS_PSA_CIPHER_OPERATION_INIT;
+
+ mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+ MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
+
+ mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
+ MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
+
+ operation.ctx.mbedtls_ctx = mbedtls_operation;
+ operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+ operation.ctx.opaque_test_driver_ctx = opaque_operation;
PSA_ASSERT( psa_crypto_init( ) );
@@ -316,12 +560,12 @@
&key ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@@ -329,40 +573,56 @@
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = expected_output->x;
- test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, input->len,
+ TEST_ASSERT( first_part_size <= input->len );
+ PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ TEST_ASSERT( function_output_length == output1_length );
+ total_output_length += function_output_length;
+
+ if( first_part_size < input->len )
+ {
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ TEST_ASSERT( function_output_length == output2_length );
+ total_output_length += function_output_length;
+ }
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = NULL;
- test_driver_cipher_hooks.forced_output_length = 0;
+ mbedtls_test_driver_cipher_hooks.forced_output = NULL;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
}
- total_output_length += function_output_length;
- status = psa_cipher_finish( &operation,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length );
+ status = psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
-
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0 ;
total_output_length += function_output_length;
-
TEST_EQUAL( status, expected_status );
+
if( expected_status == PSA_SUCCESS )
{
PSA_ASSERT( psa_cipher_abort( &operation ) );
- // driver function should've been called as part of the finish() core routine
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
}
@@ -372,21 +632,30 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
+void cipher_decrypt_multipart( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
data_t *input,
int first_part_size_arg,
- int output1_length_arg, int output2_length_arg,
- data_t *expected_output )
+ int output1_length_arg,
+ int output2_length_arg,
+ data_t *expected_output,
+ int mock_output_arg,
+ int force_status_arg,
+ int expected_status_arg )
{
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ psa_status_t status;
+ psa_status_t expected_status = expected_status_arg;
+ psa_status_t force_status = force_status_arg;
size_t first_part_size = first_part_size_arg;
size_t output1_length = output1_length_arg;
size_t output2_length = output2_length_arg;
@@ -396,92 +665,22 @@
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
- PSA_ASSERT( psa_crypto_init( ) );
+ /* Test operation initialization */
+ mbedtls_psa_cipher_operation_t mbedtls_operation =
+ MBEDTLS_PSA_CIPHER_OPERATION_INIT;
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
- psa_set_key_algorithm( &attributes, alg );
- psa_set_key_type( &attributes, key_type );
+ mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+ MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
- PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
- &key ) );
+ mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
+ MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
- PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
-
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
-
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
- ASSERT_ALLOC( output, output_buffer_size );
-
- TEST_ASSERT( first_part_size <= input->len );
- PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
-
- TEST_ASSERT( function_output_length == output1_length );
- total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
- TEST_ASSERT( function_output_length == output2_length );
- total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
- /* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- test_driver_cipher_hooks.hits = 0 ;
- total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
-
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
-
-exit:
- psa_cipher_abort( &operation );
- mbedtls_free( output );
- psa_destroy_key( key );
- PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
-}
-/* END_CASE */
-
-/* BEGIN_CASE */
-void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input,
- int first_part_size_arg,
- int output1_length_arg, int output2_length_arg,
- data_t *expected_output )
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
- psa_key_type_t key_type = key_type_arg;
- psa_algorithm_t alg = alg_arg;
- size_t first_part_size = first_part_size_arg;
- size_t output1_length = output1_length_arg;
- size_t output2_length = output2_length_arg;
- unsigned char *output = NULL;
- size_t output_buffer_size = 0;
- size_t function_output_length = 0;
- size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ operation.ctx.mbedtls_ctx = mbedtls_operation;
+ operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+ operation.ctx.opaque_test_driver_ctx = opaque_operation;
PSA_ASSERT( psa_crypto_init( ) );
@@ -493,65 +692,90 @@
&key ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
ASSERT_ALLOC( output, output_buffer_size );
+ if( mock_output_arg )
+ {
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ }
+
TEST_ASSERT( first_part_size <= input->len );
PSA_ASSERT( psa_cipher_update( &operation,
input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
TEST_ASSERT( function_output_length == output1_length );
total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x + first_part_size,
- input->len - first_part_size,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
- TEST_ASSERT( function_output_length == output2_length );
- total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_finish( &operation,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length ) );
+ if( first_part_size < input->len )
+ {
+ PSA_ASSERT( psa_cipher_update( &operation,
+ input->x + first_part_size,
+ input->len - first_part_size,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
+
+ TEST_ASSERT( function_output_length == output2_length );
+ total_output_length += function_output_length;
+ }
+
+ if( mock_output_arg )
+ {
+ mbedtls_test_driver_cipher_hooks.forced_output = NULL;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
+ }
+
+ status = psa_cipher_finish( &operation,
+ output + total_output_length,
+ output_buffer_size - total_output_length,
+ &function_output_length );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
total_output_length += function_output_length;
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( status, expected_status );
- ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_cipher_abort( &operation ) );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
+
+ ASSERT_COMPARE( expected_output->x, expected_output->len,
+ output, total_output_length );
+ }
exit:
psa_cipher_abort( &operation );
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
/* BEGIN_CASE */
-void cipher_decrypt( int alg_arg, int key_type_arg,
- data_t *key_data, data_t *iv,
- data_t *input, data_t *expected_output,
+void cipher_decrypt( int alg_arg,
+ int key_type_arg,
+ data_t *key_data,
+ data_t *iv,
+ data_t *input_arg,
+ data_t *expected_output,
int mock_output_arg,
int force_status_arg,
int expected_status_arg )
@@ -562,14 +786,14 @@
psa_algorithm_t alg = alg_arg;
psa_status_t expected_status = expected_status_arg;
psa_status_t force_status = force_status_arg;
+ unsigned char *input = NULL;
+ size_t input_buffer_size = 0;
unsigned char *output = NULL;
size_t output_buffer_size = 0;
- size_t function_output_length = 0;
- size_t total_output_length = 0;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ size_t output_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
- test_driver_cipher_hooks.forced_status = force_status;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -577,66 +801,46 @@
psa_set_key_algorithm( &attributes, alg );
psa_set_key_type( &attributes, key_type );
+ /* Allocate input buffer and copy the iv and the plaintext */
+ input_buffer_size = ( (size_t) input_arg->len + (size_t) iv->len );
+ if ( input_buffer_size > 0 )
+ {
+ ASSERT_ALLOC( input, input_buffer_size );
+ memcpy( input, iv->x, iv->len );
+ memcpy( input + iv->len, input_arg->x, input_arg->len );
+ }
+
+ output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input_buffer_size );
+ ASSERT_ALLOC( output, output_buffer_size );
+
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
- PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
-
- PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
-
- output_buffer_size = ( (size_t) input->len +
- PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
- ASSERT_ALLOC( output, output_buffer_size );
-
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = expected_output->x;
- test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
- PSA_ASSERT( psa_cipher_update( &operation,
- input->x, input->len,
- output, output_buffer_size,
- &function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ status = psa_cipher_decrypt( key, alg, input, input_buffer_size, output,
+ output_buffer_size, &output_length );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- if( mock_output_arg )
- {
- test_driver_cipher_hooks.forced_output = NULL;
- test_driver_cipher_hooks.forced_output_length = 0;
- }
-
- total_output_length += function_output_length;
- status = psa_cipher_finish( &operation,
- output + total_output_length,
- output_buffer_size - total_output_length,
- &function_output_length );
- /* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
-
- total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
if( expected_status == PSA_SUCCESS )
{
- PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
ASSERT_COMPARE( expected_output->x, expected_output->len,
- output, total_output_length );
+ output, output_length );
}
exit:
- psa_cipher_abort( &operation );
+ mbedtls_free( input );
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -654,7 +858,7 @@
size_t function_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
ASSERT_ALLOC( output, input->len + 16 );
output_buffer_size = input->len + 16;
@@ -669,136 +873,136 @@
&key ) );
/* Test setup call, encrypt */
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_encrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
/* Test setup call failure, decrypt */
status = psa_cipher_decrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
/* Test IV setting failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
/* When setting the IV fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test IV generation failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
/* When generating the IV fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test update failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
/* When the update call fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test finish failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_finish( &operation,
output + function_output_length,
output_buffer_size - function_output_length,
&function_output_length );
/* When the finish call fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
exit:
@@ -806,7 +1010,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -829,7 +1033,7 @@
size_t output_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -852,15 +1056,15 @@
PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
ASSERT_ALLOC( output_data, output_size );
- test_driver_aead_hooks.forced_status = forced_status;
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x, additional_data->len,
input_data->x, input_data->len,
output_data, output_size,
&output_length );
- TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
PSA_SUCCESS : forced_status );
@@ -875,7 +1079,7 @@
psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
}
/* END_CASE */
@@ -898,7 +1102,7 @@
size_t output_length = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -915,7 +1119,7 @@
alg );
ASSERT_ALLOC( output_data, output_size );
- test_driver_aead_hooks.forced_status = forced_status;
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
@@ -923,8 +1127,8 @@
input_data->x, input_data->len,
output_data, output_size,
&output_length );
- TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
PSA_SUCCESS : forced_status );
@@ -939,7 +1143,242 @@
psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_sign( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *actual_mac = NULL;
+ size_t mac_buffer_size =
+ PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg );
+ size_t mac_length = 0;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_status_t forced_status = forced_status_arg;
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+
+ TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE );
+ /* We expect PSA_MAC_LENGTH to be exact. */
+ TEST_ASSERT( expected_mac->len == mac_buffer_size );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ ASSERT_ALLOC( actual_mac, mac_buffer_size );
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Calculate the MAC, one-shot case.
+ */
+ status = psa_mac_compute( key, alg,
+ input->x, input->len,
+ actual_mac, mac_buffer_size,
+ &mac_length );
+
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ if( mac_buffer_size > 0 )
+ memset( actual_mac, 0, mac_buffer_size );
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Calculate the MAC, multipart case.
+ */
+ status = psa_mac_sign_setup( &operation, key, alg );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ status = psa_mac_update( &operation,
+ input->x, input->len );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ status = psa_mac_sign_finish( &operation,
+ actual_mac, mac_buffer_size,
+ &mac_length );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( expected_mac->x, expected_mac->len,
+ actual_mac, mac_length );
+ }
+
+ mbedtls_free( actual_mac );
+ actual_mac = NULL;
+
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_free( actual_mac );
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mac_verify( int key_type_arg,
+ data_t *key_data,
+ int alg_arg,
+ data_t *input,
+ data_t *expected_mac,
+ int forced_status_arg )
+{
+ mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_type_t key_type = key_type_arg;
+ psa_algorithm_t alg = alg_arg;
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ psa_status_t forced_status = forced_status_arg;
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+
+ TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH );
+ psa_set_key_algorithm( &attributes, alg );
+ psa_set_key_type( &attributes, key_type );
+
+ PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
+ &key ) );
+
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Verify the MAC, one-shot case.
+ */
+ status = psa_mac_verify( key, alg,
+ input->x, input->len,
+ expected_mac->x, expected_mac->len );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
+ mbedtls_test_driver_mac_hooks.forced_status = forced_status;
+
+ /*
+ * Verify the MAC, multi-part case.
+ */
+ status = psa_mac_verify_setup( &operation, key, alg );
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( forced_status, status );
+
+ status = psa_mac_update( &operation,
+ input->x, input->len );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+ status = psa_mac_verify_finish( &operation,
+ expected_mac->x,
+ expected_mac->len );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+ if( forced_status == PSA_SUCCESS ||
+ forced_status == PSA_ERROR_NOT_SUPPORTED )
+ {
+ PSA_ASSERT( status );
+ }
+ else
+ TEST_EQUAL( PSA_ERROR_BAD_STATE, status );
+
+
+ PSA_ASSERT( psa_mac_abort( &operation ) );
+ if( forced_status == PSA_SUCCESS )
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 );
+ else
+ TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 );
+
+exit:
+ psa_mac_abort( &operation );
+ psa_destroy_key( key );
+ PSA_DONE( );
+ mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init();
}
/* END_CASE */
@@ -1046,3 +1485,256 @@
PSA_DONE( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_compute( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *output = NULL;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ TEST_EQUAL( psa_hash_compute( alg, input->x, input->len,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ), expected_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_setup( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_setup( &operation, alg ), expected_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ PSA_ASSERT( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_update( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Update inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
+ forced_status );
+ /* One or two more calls to the driver interface: update or update + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ PSA_ASSERT( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ /* Two calls to the driver interface: update + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_finish( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Finish inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_finish( &operation, output, PSA_HASH_LENGTH( alg ),
+ &output_length ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ),
+ forced_status );
+ /* Two more calls to the driver interface: finish + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_clone( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Clone inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &source_operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
+ forced_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ PSA_ASSERT( psa_hash_update( &target_operation,
+ input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ PSA_ASSERT( psa_hash_finish( &target_operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &source_operation );
+ psa_hash_abort( &target_operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 8c1fdab..4dcbb36 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -75,7 +75,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_set_key_type( &attributes, key_type );
- psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN );
+ psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH );
psa_set_key_algorithm( &attributes, alg );
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
size_t input_size = input_size_arg;
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 4e2f4d5..526f0f7 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -361,3 +361,39 @@
DH group family: RFC 7919
dh_key_family:PSA_DH_FAMILY_RFC7919
+
+Lifetime: VOLATILE
+lifetime:PSA_KEY_LIFETIME_VOLATILE:KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: PERSISTENT
+lifetime:PSA_KEY_LIFETIME_PERSISTENT:0:PSA_KEY_PERSISTENCE_DEFAULT:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: volatile, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, PSA_KEY_LOCATION_LOCAL_STORAGE):KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: default, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_LOCAL_STORAGE):0:PSA_KEY_PERSISTENCE_DEFAULT:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: 2, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):0:2:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: 254, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, PSA_KEY_LOCATION_LOCAL_STORAGE):0:254:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: read-only, local storage
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_LOCAL_STORAGE):KEY_LIFETIME_IS_READ_ONLY:PSA_KEY_PERSISTENCE_READ_ONLY:PSA_KEY_LOCATION_LOCAL_STORAGE
+
+Lifetime: volatile, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0x123456):KEY_LIFETIME_IS_VOLATILE:PSA_KEY_PERSISTENCE_VOLATILE:0x123456
+
+Lifetime: default, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 0x123456):0:PSA_KEY_PERSISTENCE_DEFAULT:0x123456
+
+Lifetime: 2, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, 0x123456):0:2:0x123456
+
+Lifetime: 254, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, 0x123456):0:254:0x123456
+
+Lifetime: read-only, 0x123456
+lifetime:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, 0x123456):KEY_LIFETIME_IS_READ_ONLY:PSA_KEY_PERSISTENCE_READ_ONLY:0x123456
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 8134f44..d91f90f 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -55,8 +55,21 @@
#define KEY_TYPE_IS_ECC ( 1u << 6 )
#define KEY_TYPE_IS_DH ( 1u << 7 )
-#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
- TEST_ASSERT( PSA_##flag( alg ) == !! ( ( flags ) & flag ) )
+/* Flags for lifetime classification macros. There is a flag for every
+ * lifetime classification macro PSA_KEY_LIFETIME_IS_xxx. The name of the
+ * flag is the name of the classification macro without the PSA_ prefix. */
+#define KEY_LIFETIME_IS_VOLATILE ( 1u << 0 )
+#define KEY_LIFETIME_IS_READ_ONLY ( 1u << 1 )
+
+#define TEST_CLASSIFICATION_MACRO( flag, alg, flags ) \
+ do \
+ { \
+ if( ( flags ) & ( flag ) ) \
+ TEST_ASSERT( PSA_##flag( alg ) ); \
+ else \
+ TEST_ASSERT( ! PSA_##flag( alg ) ); \
+ } \
+ while( 0 )
/* Check the parity of value.
*
@@ -639,3 +652,20 @@
TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void lifetime( int lifetime_arg, int classification_flags,
+ int persistence_arg, int location_arg )
+{
+ psa_key_lifetime_t lifetime = lifetime_arg;
+ psa_key_persistence_t persistence = persistence_arg;
+ psa_key_location_t location = location_arg;
+ unsigned flags = classification_flags;
+
+ TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_VOLATILE, lifetime, flags );
+ TEST_CLASSIFICATION_MACRO( KEY_LIFETIME_IS_READ_ONLY, lifetime, flags );
+
+ TEST_EQUAL( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ), persistence );
+ TEST_EQUAL( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ), location );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data
index dad1205..b250634 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.data
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.data
@@ -119,3 +119,12 @@
import/export-persistent symmetric key with restart: 16 bytes
depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C
import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0
+
+Destroy invalid id: 0
+destroy_nonexistent:0:PSA_SUCCESS
+
+Destroy non-existent key
+destroy_nonexistent:1:PSA_ERROR_INVALID_HANDLE
+
+Destroy invalid id: 0xffffffff
+destroy_nonexistent:0xffffffff:PSA_ERROR_INVALID_HANDLE
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index 9759077..bd9b9c9 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -323,3 +323,18 @@
psa_destroy_persistent_key( key_id );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void destroy_nonexistent( int id_arg, int expected_status_arg )
+{
+ mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make( 1, id_arg );
+ psa_status_t expected_status = expected_status_arg;
+
+ PSA_INIT( );
+
+ TEST_EQUAL( expected_status, psa_destroy_key( id ) );
+
+exit:
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index 0fedd14..68b196d 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -78,6 +78,27 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:137:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":INVALIDATE_BY_SHUTDOWN
+Persistent slot, check after closing, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):124:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING
+
+Persistent slot, check after closing and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):125:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_CLOSING_WITH_SHUTDOWN
+
+Persistent slot, check after destroying, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):126:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING
+
+Persistent slot, check after destroying and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):127:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN
+
+Persistent slot, check after purging, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):200:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING
+
+Persistent slot, check after purging and restarting, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):201:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_PURGING_WITH_SHUTDOWN
+
+Persistent slot, check after restart with live handle, persistence=2
+persistent_slot_lifecycle:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):128:PSA_KEY_ID_USER_MIN:0:0:0:PSA_KEY_TYPE_RAW_DATA:"0123456789abcdef0123456789abcdef":INVALIDATE_BY_SHUTDOWN
+
Attempt to overwrite: close before
create_existent:PSA_KEY_LIFETIME_PERSISTENT:0x1736:1:CLOSE_BEFORE
@@ -107,13 +128,17 @@
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
open_fail:1:PSA_ERROR_DOES_NOT_EXIST
-Create failure: invalid lifetime for a persistent key
+Create failure: read-only key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-create_fail:0x7fffffff:1:PSA_ERROR_INVALID_ARGUMENT
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_LOCAL_STORAGE):1:PSA_ERROR_INVALID_ARGUMENT
-Create failure: invalid lifetime for a volatile key
+Create failure: invalid location for a persistent key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-create_fail:0x7fffff00:0:PSA_ERROR_INVALID_ARGUMENT
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 0xbad10cU):1:PSA_ERROR_INVALID_ARGUMENT
+
+Create failure: invalid location for a volatile key
+depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
+create_fail:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_VOLATILE, 0xbad10cU):0:PSA_ERROR_INVALID_ARGUMENT
Create failure: invalid key id (0) for a persistent key
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index dac52ab..aa3ce28 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -242,7 +242,8 @@
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ mbedtls_test_update_key_usage_flags( usage_flags ) );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
@@ -261,7 +262,8 @@
TEST_EQUAL( psa_get_key_lifetime( &attributes ), lifetime );
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ), id ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ mbedtls_test_update_key_usage_flags( usage_flags ) );
TEST_EQUAL( psa_get_key_algorithm( &attributes ), alg );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ), alg2 );
TEST_EQUAL( psa_get_key_type( &attributes ), type );
@@ -293,7 +295,8 @@
TEST_ASSERT( mbedtls_svc_key_id_equal(
psa_get_key_id( &attributes ),
psa_get_key_id( &read_attributes ) ) );
- TEST_EQUAL( psa_get_key_usage_flags( &attributes ), usage_flags );
+ TEST_EQUAL( psa_get_key_usage_flags( &attributes ),
+ mbedtls_test_update_key_usage_flags( usage_flags ) );
TEST_EQUAL( psa_get_key_algorithm( &attributes ),
psa_get_key_algorithm( &read_attributes ) );
TEST_EQUAL( psa_get_key_enrollment_algorithm( &attributes ),
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.current.data b/tests/suites/test_suite_psa_crypto_storage_format.current.data
index f74d0e2..ec74aba 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.current.data
+++ b/tests/suites/test_suite_psa_crypto_storage_format.current.data
@@ -1,5 +1,21 @@
# Automatically generated by generate_psa_tests.py. Do not edit!
+PSA storage save: lifetime: (DEFAULT, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c"
+
+PSA storage save: lifetime: (2, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000200000001100800010000000000000000000000010000004c"
+
+PSA storage save: lifetime: (254, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b45590000000000fe00000001100800010000000000000000000000010000004c"
+
+PSA storage save: lifetime: PERSISTENT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c"
+
PSA storage save: usage: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b"
@@ -26,11 +42,19 @@
PSA storage save: usage: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b"
+
+PSA storage save: usage: SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b"
PSA storage save: usage: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b"
+
+PSA storage save: usage: VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b"
PSA storage save: usage: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
@@ -50,19 +74,27 @@
PSA storage save: usage: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011400000000000000000000010000004b"
-PSA storage save: usage: SIGN_HASH | VERIFY_HASH
+PSA storage save: usage: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800003000000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b"
-PSA storage save: usage: VERIFY_HASH | COPY
+PSA storage save: usage: SIGN_MESSAGE | VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800022000000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002c00000000000000000000010000004b"
+
+PSA storage save: usage: VERIFY_HASH | VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b"
+
+PSA storage save: usage: VERIFY_MESSAGE | COPY
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b"
PSA storage save: usage: all known
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037300000000000000000000010000004b"
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037f00000000000000000000010000004b"
PSA storage save: type: AES 128-bit
depends_on:PSA_WANT_KEY_TYPE_AES
@@ -124,58 +156,6 @@
depends_on:PSA_WANT_KEY_TYPE_DES
key_storage_save:0x0001:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902644573206b457904":"505341004b45590000000000010000000123c00001000000000000000000000018000000644573206b457901644573206b457902644573206b457904"
-PSA storage save: type: HMAC 128-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461"
-
-PSA storage save: type: HMAC 160-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265"
-
-PSA storage save: type: HMAC 224-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0"
-
-PSA storage save: type: HMAC 256-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461"
-
-PSA storage save: type: HMAC 384-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461"
-
-PSA storage save: type: HMAC 512-bit
-depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461"
-
-PSA storage save: type: RAW_DATA 8-bit
-depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048"
-
-PSA storage save: type: RAW_DATA 40-bit
-depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:40:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4865726500":"505341004b455900000000000100000001102800010000000000000000000000050000004865726500"
-
-PSA storage save: type: RAW_DATA 128-bit
-depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000011080000100000000000000000000001000000048657265006973206b6579a064617461"
-
-PSA storage save: type: RSA_KEY_PAIR 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24"
-
-PSA storage save: type: RSA_KEY_PAIR 1536-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf"
-
-PSA storage save: type: RSA_PUBLIC_KEY 1024-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
-
-PSA storage save: type: RSA_PUBLIC_KEY 1536-bit
-depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001"
-
PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000100000000000000000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac"
@@ -424,307 +404,1503 @@
depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":"505341004b45590000000000010000004241c001010000000000000000000000390000005fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180"
-PSA storage save: alg: PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA
+PSA storage save: type: HMAC 128-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461"
+
+PSA storage save: type: HMAC 160-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265"
+
+PSA storage save: type: HMAC 224-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0"
+
+PSA storage save: type: HMAC 256-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461"
+
+PSA storage save: type: HMAC 384-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461"
+
+PSA storage save: type: HMAC 512-bit
+depends_on:PSA_WANT_KEY_TYPE_HMAC
+key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461"
+
+PSA storage save: type: RAW_DATA 8-bit
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048"
+
+PSA storage save: type: RAW_DATA 40-bit
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:40:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4865726500":"505341004b455900000000000100000001102800010000000000000000000000050000004865726500"
+
+PSA storage save: type: RAW_DATA 128-bit
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000011080000100000000000000000000001000000048657265006973206b6579a064617461"
+
+PSA storage save: type: RSA_KEY_PAIR 1024-bit
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24"
+
+PSA storage save: type: RSA_KEY_PAIR 1536-bit
+depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf"
+
+PSA storage save: type: RSA_PUBLIC_KEY 1024-bit
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
+
+PSA storage save: type: RSA_PUBLIC_KEY 1536-bit
+depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001"
+
+PSA storage save: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000081410500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000814105010000004c"
+
+PSA storage save: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CHACHA20_POLY1305, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000085010500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CHACHA20_POLY1305, 1):"4c":"505341004b455900000000000100000001100800010000000000000000850105010000004c"
+
+PSA storage save: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000082410500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000824105010000004c"
+
+PSA storage save: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 63):0x0000:"4b":"505341004b4559000000000001000000011008000100000000817f0500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 63):"4c":"505341004b455900000000000100000001100800010000000000000000817f05010000004c"
+
+PSA storage save: alg: AEAD_WITH_SHORTENED_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000001410500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_SHORTENED_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000014105010000004c"
+
+PSA storage save: alg: AEAD_WITH_SHORTENED_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000005010500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_SHORTENED_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 1):"4c":"505341004b455900000000000100000001100800010000000000000000050105010000004c"
+
+PSA storage save: alg: AEAD_WITH_SHORTENED_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000002410500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_SHORTENED_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000024105010000004c"
+
+PSA storage save: alg: AEAD_WITH_SHORTENED_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 63):0x0000:"4b":"505341004b4559000000000001000000011008000100000000017f0500000000010000004b"
+
+PSA storage save: alg2: AEAD_WITH_SHORTENED_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 63):"4c":"505341004b455900000000000100000001100800010000000000000000017f05010000004c"
+
+PSA storage save: alg: ANY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ANY_HASH:0x0000:"4b":"505341004b45590000000000010000000110080001000000ff00000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA
+PSA storage save: alg2: ANY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ANY_HASH:"4c":"505341004b4559000000000001000000011008000100000000000000ff000002010000004c"
-PSA storage save: alg: PSA_ALG_CBC_MAC
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000081c10300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000081c103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000082c10300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000082c103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000180810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):"4c":"505341004b455900000000000100000001100800010000000000000001808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000280810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):"4c":"505341004b455900000000000100000001100800010000000000000002808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000380810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):"4c":"505341004b455900000000000100000001100800010000000000000003808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000480810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):"4c":"505341004b455900000000000100000001100800010000000000000004808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000580810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):"4c":"505341004b455900000000000100000001100800010000000000000005808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000880810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):"4c":"505341004b455900000000000100000001100800010000000000000008808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000980810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):"4c":"505341004b455900000000000100000001100800010000000000000009808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000a80810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):"4c":"505341004b45590000000000010000000110080001000000000000000a808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000b80810300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):"4c":"505341004b45590000000000010000000110080001000000000000000b808103010000004c"
+
+PSA storage save: alg: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 63):0x0000:"4b":"505341004b455900000000000100000001100800010000000081ff0300000000010000004b"
+
+PSA storage save: alg2: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 63):"4c":"505341004b45590000000000010000000110080001000000000000000081ff03010000004c"
+
+PSA storage save: alg: CBC_MAC
depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_MAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000001c00300000000010000004b"
-PSA storage save: alg2: PSA_ALG_CBC_MAC
+PSA storage save: alg2: CBC_MAC
depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_MAC:"4c":"505341004b45590000000000010000000110080001000000000000000001c003010000004c"
-PSA storage save: alg: PSA_ALG_CBC_NO_PADDING
+PSA storage save: alg: CBC_NO_PADDING
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000040400400000000010000004b"
-PSA storage save: alg2: PSA_ALG_CBC_NO_PADDING
+PSA storage save: alg2: CBC_NO_PADDING
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000404004010000004c"
-PSA storage save: alg: PSA_ALG_CBC_PKCS7
+PSA storage save: alg: CBC_PKCS7
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_PKCS7:0x0000:"4b":"505341004b455900000000000100000001100800010000000041400400000000010000004b"
-PSA storage save: alg2: PSA_ALG_CBC_PKCS7
+PSA storage save: alg2: CBC_PKCS7
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_PKCS7:"4c":"505341004b455900000000000100000001100800010000000000000000414004010000004c"
-PSA storage save: alg: PSA_ALG_CCM
+PSA storage save: alg: CCM
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000001500500000000010000004b"
-PSA storage save: alg2: PSA_ALG_CCM
+PSA storage save: alg2: CCM
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CCM:"4c":"505341004b455900000000000100000001100800010000000000000000015005010000004c"
-PSA storage save: alg: PSA_ALG_CFB
+PSA storage save: alg: CFB
depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000011c00400000000010000004b"
-PSA storage save: alg2: PSA_ALG_CFB
+PSA storage save: alg2: CFB
depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CFB:"4c":"505341004b45590000000000010000000110080001000000000000000011c004010000004c"
-PSA storage save: alg: PSA_ALG_CHACHA20_POLY1305
+PSA storage save: alg: CHACHA20_POLY1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CHACHA20_POLY1305:0x0000:"4b":"505341004b455900000000000100000001100800010000000005100500000000010000004b"
-PSA storage save: alg2: PSA_ALG_CHACHA20_POLY1305
+PSA storage save: alg2: CHACHA20_POLY1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CHACHA20_POLY1305:"4c":"505341004b455900000000000100000001100800010000000000000000051005010000004c"
-PSA storage save: alg: PSA_ALG_CMAC
+PSA storage save: alg: CMAC
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CMAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000002c00300000000010000004b"
-PSA storage save: alg2: PSA_ALG_CMAC
+PSA storage save: alg2: CMAC
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CMAC:"4c":"505341004b45590000000000010000000110080001000000000000000002c003010000004c"
-PSA storage save: alg: PSA_ALG_CTR
+PSA storage save: alg: CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0x0000:"4b":"505341004b455900000000000100000001100800010000000010c00400000000010000004b"
-PSA storage save: alg2: PSA_ALG_CTR
+PSA storage save: alg2: CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CTR:"4c":"505341004b45590000000000010000000110080001000000000000000010c004010000004c"
-PSA storage save: alg: PSA_ALG_ECB_NO_PADDING
+PSA storage save: alg: DETERMINISTIC_DSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000105000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000205000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000305000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000405000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000505000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000805000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000905000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a05000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b05000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b050006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000107000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000207000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000307000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000407000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000507000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000807000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000907000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a07000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b07000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b070006010000004c"
+
+PSA storage save: alg: DETERMINISTIC_ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff07000600000000010000004b"
+
+PSA storage save: alg2: DETERMINISTIC_ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff070006010000004c"
+
+PSA storage save: alg: DSA(MD2)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000104000600000000010000004b"
+
+PSA storage save: alg2: DSA(MD2)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001040006010000004c"
+
+PSA storage save: alg: DSA(MD4)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000204000600000000010000004b"
+
+PSA storage save: alg2: DSA(MD4)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002040006010000004c"
+
+PSA storage save: alg: DSA(MD5)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000304000600000000010000004b"
+
+PSA storage save: alg2: DSA(MD5)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003040006010000004c"
+
+PSA storage save: alg: DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000404000600000000010000004b"
+
+PSA storage save: alg2: DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004040006010000004c"
+
+PSA storage save: alg: DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000504000600000000010000004b"
+
+PSA storage save: alg2: DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005040006010000004c"
+
+PSA storage save: alg: DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000804000600000000010000004b"
+
+PSA storage save: alg2: DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008040006010000004c"
+
+PSA storage save: alg: DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000904000600000000010000004b"
+
+PSA storage save: alg2: DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009040006010000004c"
+
+PSA storage save: alg: DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a04000600000000010000004b"
+
+PSA storage save: alg2: DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a040006010000004c"
+
+PSA storage save: alg: DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b04000600000000010000004b"
+
+PSA storage save: alg2: DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b040006010000004c"
+
+PSA storage save: alg: ECB_NO_PADDING
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECB_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000044400400000000010000004b"
-PSA storage save: alg2: PSA_ALG_ECB_NO_PADDING
+PSA storage save: alg2: ECB_NO_PADDING
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECB_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000444004010000004c"
-PSA storage save: alg: PSA_ALG_ECDH
+PSA storage save: alg: ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000020900000000010000004b"
-PSA storage save: alg2: PSA_ALG_ECDH
+PSA storage save: alg2: ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDH:"4c":"505341004b455900000000000100000001100800010000000000000000000209010000004c"
-PSA storage save: alg: PSA_ALG_ECDSA_ANY
+PSA storage save: alg: ECDSA(MD2)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000106000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(MD2)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001060006010000004c"
+
+PSA storage save: alg: ECDSA(MD4)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000206000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(MD4)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002060006010000004c"
+
+PSA storage save: alg: ECDSA(MD5)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000306000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(MD5)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003060006010000004c"
+
+PSA storage save: alg: ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000406000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004060006010000004c"
+
+PSA storage save: alg: ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000506000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005060006010000004c"
+
+PSA storage save: alg: ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000806000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008060006010000004c"
+
+PSA storage save: alg: ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000906000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009060006010000004c"
+
+PSA storage save: alg: ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a06000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a060006010000004c"
+
+PSA storage save: alg: ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b06000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b060006010000004c"
+
+PSA storage save: alg: ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff06000600000000010000004b"
+
+PSA storage save: alg2: ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff060006010000004c"
+
+PSA storage save: alg: ECDSA_ANY
depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0x0000:"4b":"505341004b455900000000000100000001100800010000000006000600000000010000004b"
-PSA storage save: alg2: PSA_ALG_ECDSA_ANY
+PSA storage save: alg2: ECDSA_ANY
depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA_ANY:"4c":"505341004b455900000000000100000001100800010000000000000000060006010000004c"
-PSA storage save: alg: PSA_ALG_ED25519PH
+PSA storage save: alg: ED25519PH
depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED25519PH:0x0000:"4b":"505341004b455900000000000100000001100800010000000b09000600000000010000004b"
-PSA storage save: alg2: PSA_ALG_ED25519PH
+PSA storage save: alg2: ED25519PH
depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED25519PH:"4c":"505341004b45590000000000010000000110080001000000000000000b090006010000004c"
-PSA storage save: alg: PSA_ALG_ED448PH
+PSA storage save: alg: ED448PH
depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED448PH:0x0000:"4b":"505341004b455900000000000100000001100800010000001509000600000000010000004b"
-PSA storage save: alg2: PSA_ALG_ED448PH
+PSA storage save: alg2: ED448PH
depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED448PH:"4c":"505341004b455900000000000100000001100800010000000000000015090006010000004c"
-PSA storage save: alg: PSA_ALG_FFDH
+PSA storage save: alg: FFDH
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000010900000000010000004b"
-PSA storage save: alg2: PSA_ALG_FFDH
+PSA storage save: alg2: FFDH
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_FFDH:"4c":"505341004b455900000000000100000001100800010000000000000000000109010000004c"
-PSA storage save: alg: PSA_ALG_GCM
+PSA storage save: alg: GCM
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_GCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000002500500000000010000004b"
-PSA storage save: alg2: PSA_ALG_GCM
+PSA storage save: alg2: GCM
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_GCM:"4c":"505341004b455900000000000100000001100800010000000000000000025005010000004c"
-PSA storage save: alg: PSA_ALG_MD2
+PSA storage save: alg: HKDF(MD2)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000101000800000000010000004b"
+
+PSA storage save: alg2: HKDF(MD2)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001010008010000004c"
+
+PSA storage save: alg: HKDF(MD4)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000201000800000000010000004b"
+
+PSA storage save: alg2: HKDF(MD4)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002010008010000004c"
+
+PSA storage save: alg: HKDF(MD5)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000301000800000000010000004b"
+
+PSA storage save: alg2: HKDF(MD5)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003010008010000004c"
+
+PSA storage save: alg: HKDF(RIPEMD160)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000401000800000000010000004b"
+
+PSA storage save: alg2: HKDF(RIPEMD160)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004010008010000004c"
+
+PSA storage save: alg: HKDF(SHA_1)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000501000800000000010000004b"
+
+PSA storage save: alg2: HKDF(SHA_1)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005010008010000004c"
+
+PSA storage save: alg: HKDF(SHA_224)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000801000800000000010000004b"
+
+PSA storage save: alg2: HKDF(SHA_224)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008010008010000004c"
+
+PSA storage save: alg: HKDF(SHA_256)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000901000800000000010000004b"
+
+PSA storage save: alg2: HKDF(SHA_256)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009010008010000004c"
+
+PSA storage save: alg: HKDF(SHA_384)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01000800000000010000004b"
+
+PSA storage save: alg2: HKDF(SHA_384)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a010008010000004c"
+
+PSA storage save: alg: HKDF(SHA_512)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b01000800000000010000004b"
+
+PSA storage save: alg2: HKDF(SHA_512)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b010008010000004c"
+
+PSA storage save: alg: HMAC(MD2)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000100800300000000010000004b"
+
+PSA storage save: alg2: HMAC(MD2)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001008003010000004c"
+
+PSA storage save: alg: HMAC(MD4)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000200800300000000010000004b"
+
+PSA storage save: alg2: HMAC(MD4)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002008003010000004c"
+
+PSA storage save: alg: HMAC(MD5)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000300800300000000010000004b"
+
+PSA storage save: alg2: HMAC(MD5)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003008003010000004c"
+
+PSA storage save: alg: HMAC(RIPEMD160)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000400800300000000010000004b"
+
+PSA storage save: alg2: HMAC(RIPEMD160)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004008003010000004c"
+
+PSA storage save: alg: HMAC(SHA_1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000500800300000000010000004b"
+
+PSA storage save: alg2: HMAC(SHA_1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005008003010000004c"
+
+PSA storage save: alg: HMAC(SHA_224)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000800800300000000010000004b"
+
+PSA storage save: alg2: HMAC(SHA_224)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008008003010000004c"
+
+PSA storage save: alg: HMAC(SHA_256)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000900800300000000010000004b"
+
+PSA storage save: alg2: HMAC(SHA_256)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009008003010000004c"
+
+PSA storage save: alg: HMAC(SHA_384)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a00800300000000010000004b"
+
+PSA storage save: alg2: HMAC(SHA_384)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a008003010000004c"
+
+PSA storage save: alg: HMAC(SHA_512)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b00800300000000010000004b"
+
+PSA storage save: alg2: HMAC(SHA_512)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b008003010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000901020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009010209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(FFDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000901010900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(FFDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009010109010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a010209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000902020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009020209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a020209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000903020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009030209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03020900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a030209010000004c"
+
+PSA storage save: alg: KEY_AGREEMENT(FFDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01010900000000010000004b"
+
+PSA storage save: alg2: KEY_AGREEMENT(FFDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a010109010000004c"
+
+PSA storage save: alg: MD2
depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD2:0x0000:"4b":"505341004b455900000000000100000001100800010000000100000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_MD2
+PSA storage save: alg2: MD2
depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD2:"4c":"505341004b455900000000000100000001100800010000000000000001000002010000004c"
-PSA storage save: alg: PSA_ALG_MD4
+PSA storage save: alg: MD4
depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD4:0x0000:"4b":"505341004b455900000000000100000001100800010000000200000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_MD4
+PSA storage save: alg2: MD4
depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD4:"4c":"505341004b455900000000000100000001100800010000000000000002000002010000004c"
-PSA storage save: alg: PSA_ALG_MD5
+PSA storage save: alg: MD5
depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD5:0x0000:"4b":"505341004b455900000000000100000001100800010000000300000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_MD5
+PSA storage save: alg2: MD5
depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD5:"4c":"505341004b455900000000000100000001100800010000000000000003000002010000004c"
-PSA storage save: alg: PSA_ALG_OFB
+PSA storage save: alg: OFB
depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_OFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000012c00400000000010000004b"
-PSA storage save: alg2: PSA_ALG_OFB
+PSA storage save: alg2: OFB
depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c"
-PSA storage save: alg: PSA_ALG_PURE_EDDSA
+PSA storage save: alg: PURE_EDDSA
depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b"
-PSA storage save: alg2: PSA_ALG_PURE_EDDSA
+PSA storage save: alg2: PURE_EDDSA
depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PURE_EDDSA:"4c":"505341004b455900000000000100000001100800010000000000000000080006010000004c"
-PSA storage save: alg: PSA_ALG_RIPEMD160
+PSA storage save: alg: RIPEMD160
depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RIPEMD160:0x0000:"4b":"505341004b455900000000000100000001100800010000000400000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_RIPEMD160
+PSA storage save: alg2: RIPEMD160
depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RIPEMD160:"4c":"505341004b455900000000000100000001100800010000000000000004000002010000004c"
-PSA storage save: alg: PSA_ALG_RSA_PKCS1V15_CRYPT
+PSA storage save: alg: RSA_OAEP(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030007010000004c"
+
+PSA storage save: alg: RSA_OAEP(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000700000000010000004b"
+
+PSA storage save: alg2: RSA_OAEP(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030007010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_CRYPT
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000700000000010000004b"
-PSA storage save: alg2: PSA_ALG_RSA_PKCS1V15_CRYPT
+PSA storage save: alg2: RSA_PKCS1V15_CRYPT
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_CRYPT:"4c":"505341004b455900000000000100000001100800010000000000000000020007010000004c"
-PSA storage save: alg: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+PSA storage save: alg: RSA_PKCS1V15_SIGN(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000102000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000202000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000302000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000402000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000502000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000802000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000902000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b02000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff02000600000000010000004b"
+
+PSA storage save: alg2: RSA_PKCS1V15_SIGN(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff020006010000004c"
+
+PSA storage save: alg: RSA_PKCS1V15_SIGN_RAW
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000600000000010000004b"
-PSA storage save: alg2: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+PSA storage save: alg2: RSA_PKCS1V15_SIGN_RAW
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"4c":"505341004b455900000000000100000001100800010000000000000000020006010000004c"
-PSA storage save: alg: PSA_ALG_SHA3_224
+PSA storage save: alg: RSA_PSS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030006010000004c"
+
+PSA storage save: alg: RSA_PSS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030006010000004c"
+
+PSA storage save: alg: RSA_PSS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030006010000004c"
+
+PSA storage save: alg: RSA_PSS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030006010000004c"
+
+PSA storage save: alg: RSA_PSS(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030006010000004c"
+
+PSA storage save: alg: RSA_PSS(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030006010000004c"
+
+PSA storage save: alg: RSA_PSS(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030006010000004c"
+
+PSA storage save: alg: RSA_PSS(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030006010000004c"
+
+PSA storage save: alg: RSA_PSS(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030006010000004c"
+
+PSA storage save: alg: RSA_PSS(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff03000600000000010000004b"
+
+PSA storage save: alg2: RSA_PSS(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff030006010000004c"
+
+PSA storage save: alg: SHA3_224
depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_224:0x0000:"4b":"505341004b455900000000000100000001100800010000001000000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA3_224
+PSA storage save: alg2: SHA3_224
depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_224:"4c":"505341004b455900000000000100000001100800010000000000000010000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA3_256
+PSA storage save: alg: SHA3_256
depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_256:0x0000:"4b":"505341004b455900000000000100000001100800010000001100000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA3_256
+PSA storage save: alg2: SHA3_256
depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_256:"4c":"505341004b455900000000000100000001100800010000000000000011000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA3_384
+PSA storage save: alg: SHA3_384
depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_384:0x0000:"4b":"505341004b455900000000000100000001100800010000001200000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA3_384
+PSA storage save: alg2: SHA3_384
depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_384:"4c":"505341004b455900000000000100000001100800010000000000000012000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA3_512
+PSA storage save: alg: SHA3_512
depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001300000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA3_512
+PSA storage save: alg2: SHA3_512
depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_512:"4c":"505341004b455900000000000100000001100800010000000000000013000002010000004c"
-PSA storage save: alg: PSA_ALG_SHAKE256_512
+PSA storage save: alg: SHAKE256_512
depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHAKE256_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001500000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHAKE256_512
+PSA storage save: alg2: SHAKE256_512
depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHAKE256_512:"4c":"505341004b455900000000000100000001100800010000000000000015000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_1
+PSA storage save: alg: SHA_1
depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_1:0x0000:"4b":"505341004b455900000000000100000001100800010000000500000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_1
+PSA storage save: alg2: SHA_1
depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_1:"4c":"505341004b455900000000000100000001100800010000000000000005000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_224
+PSA storage save: alg: SHA_224
depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000800000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_224
+PSA storage save: alg2: SHA_224
depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_224:"4c":"505341004b455900000000000100000001100800010000000000000008000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_256
+PSA storage save: alg: SHA_256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000900000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_256
+PSA storage save: alg2: SHA_256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_256:"4c":"505341004b455900000000000100000001100800010000000000000009000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_384
+PSA storage save: alg: SHA_384
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_384:0x0000:"4b":"505341004b455900000000000100000001100800010000000a00000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_384
+PSA storage save: alg2: SHA_384
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_384:"4c":"505341004b45590000000000010000000110080001000000000000000a000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_512
+PSA storage save: alg: SHA_512
depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512:0x0000:"4b":"505341004b455900000000000100000001100800010000000b00000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_512
+PSA storage save: alg2: SHA_512
depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512:"4c":"505341004b45590000000000010000000110080001000000000000000b000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_512_224
+PSA storage save: alg: SHA_512_224
depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000c00000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_512_224
+PSA storage save: alg2: SHA_512_224
depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_224:"4c":"505341004b45590000000000010000000110080001000000000000000c000002010000004c"
-PSA storage save: alg: PSA_ALG_SHA_512_256
+PSA storage save: alg: SHA_512_256
depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000d00000200000000010000004b"
-PSA storage save: alg2: PSA_ALG_SHA_512_256
+PSA storage save: alg2: SHA_512_256
depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_256:"4c":"505341004b45590000000000010000000110080001000000000000000d000002010000004c"
-PSA storage save: alg: PSA_ALG_STREAM_CIPHER
+PSA storage save: alg: STREAM_CIPHER
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_STREAM_CIPHER:0x0000:"4b":"505341004b455900000000000100000001100800010000000001800400000000010000004b"
-PSA storage save: alg2: PSA_ALG_STREAM_CIPHER
+PSA storage save: alg2: STREAM_CIPHER
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_STREAM_CIPHER:"4c":"505341004b455900000000000100000001100800010000000000000000018004010000004c"
-PSA storage save: alg: PSA_ALG_XTS
+PSA storage save: alg: TLS12_PRF(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000102000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000202000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000302000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000402000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000502000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000802000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000902000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a020008010000004c"
+
+PSA storage save: alg: TLS12_PRF(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b02000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PRF(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b020008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030008010000004c"
+
+PSA storage save: alg: TLS12_PSK_TO_MS(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000800000000010000004b"
+
+PSA storage save: alg2: TLS12_PSK_TO_MS(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030008010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000001c10300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000001c103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000002c10300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000002c103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000100810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):"4c":"505341004b455900000000000100000001100800010000000000000001008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000200810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):"4c":"505341004b455900000000000100000001100800010000000000000002008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000300810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):"4c":"505341004b455900000000000100000001100800010000000000000003008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000400810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):"4c":"505341004b455900000000000100000001100800010000000000000004008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000500810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):"4c":"505341004b455900000000000100000001100800010000000000000005008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000800810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):"4c":"505341004b455900000000000100000001100800010000000000000008008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000900810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):"4c":"505341004b455900000000000100000001100800010000000000000009008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000a00810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):"4c":"505341004b45590000000000010000000110080001000000000000000a008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000b00810300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):"4c":"505341004b45590000000000010000000110080001000000000000000b008103010000004c"
+
+PSA storage save: alg: TRUNCATED_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 63):0x0000:"4b":"505341004b455900000000000100000001100800010000000001ff0300000000010000004b"
+
+PSA storage save: alg2: TRUNCATED_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 63):"4c":"505341004b45590000000000010000000110080001000000000000000001ff03010000004c"
+
+PSA storage save: alg: XTS
depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_XTS:0x0000:"4b":"505341004b4559000000000001000000011008000100000000ff400400000000010000004b"
-PSA storage save: alg2: PSA_ALG_XTS
+PSA storage save: alg2: XTS
depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_XTS:"4c":"505341004b455900000000000100000001100800010000000000000000ff4004010000004c"
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index 76cfe57..b90ef6e 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -7,6 +7,9 @@
#include <psa_crypto_its.h>
+#define TEST_FLAG_EXERCISE 0x00000001
+#define TEST_FLAG_READ_ONLY 0x00000002
+
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
*
@@ -67,7 +70,7 @@
const data_t *expected_material,
psa_storage_uid_t uid,
const data_t *representation,
- int exercise )
+ int flags )
{
psa_key_attributes_t actual_attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = psa_get_key_id( expected_attributes );
@@ -105,7 +108,7 @@
exported_material, length );
}
- if( exercise )
+ if( flags & TEST_FLAG_EXERCISE )
{
TEST_ASSERT( mbedtls_test_psa_exercise_key(
key_id,
@@ -113,10 +116,20 @@
psa_get_key_algorithm( expected_attributes ) ) );
}
- /* Destroy the key. Confirm through direct access to the storage. */
- PSA_ASSERT( psa_destroy_key( key_id ) );
- TEST_EQUAL( PSA_ERROR_DOES_NOT_EXIST,
- psa_its_get_info( uid, &storage_info ) );
+
+ if( flags & TEST_FLAG_READ_ONLY )
+ {
+ /* Read-only keys cannot be removed through the API.
+ * The key will be removed through ITS in the cleanup code below. */
+ TEST_EQUAL( PSA_ERROR_NOT_PERMITTED, psa_destroy_key( key_id ) );
+ }
+ else
+ {
+ /* Destroy the key. Confirm through direct access to the storage. */
+ PSA_ASSERT( psa_destroy_key( key_id ) );
+ TEST_EQUAL( PSA_ERROR_DOES_NOT_EXIST,
+ psa_its_get_info( uid, &storage_info ) );
+ }
ok = 1;
@@ -183,7 +196,7 @@
void key_storage_read( int lifetime_arg, int type_arg, int bits_arg,
int usage_arg, int alg_arg, int alg2_arg,
data_t *material,
- data_t *representation, int exercise )
+ data_t *representation, int flags )
{
/* Backward compatibility: read a key in the format of a past version
* and check that this version can use it. */
@@ -213,11 +226,10 @@
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
TEST_ASSERT( test_read_key( &attributes, material,
- uid, representation, exercise ) );
+ uid, representation, flags ) );
exit:
psa_reset_key_attributes( &attributes );
- psa_destroy_key( key_id );
PSA_DONE( );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.v0.data b/tests/suites/test_suite_psa_crypto_storage_format.v0.data
index 2b2f1b7..3dedaf1 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.v0.data
+++ b/tests/suites/test_suite_psa_crypto_storage_format.v0.data
@@ -1,152 +1,512 @@
# Automatically generated by generate_psa_tests.py. Do not edit!
-PSA storage read: usage: 0
+PSA storage read: lifetime: (DEFAULT, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c":0
+
+PSA storage read: lifetime: (READ_ONLY, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_READ_ONLY, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b45590000000000ff00000001100800010000000000000000000000010000004c":TEST_FLAG_READ_ONLY
+
+PSA storage read: lifetime: (2, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(2, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000200000001100800010000000000000000000000010000004c":0
+
+PSA storage read: lifetime: (254, LOCAL_STORAGE)
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(254, PSA_KEY_LOCATION_LOCAL_STORAGE):PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b45590000000000fe00000001100800010000000000000000000000010000004c":0
+
+PSA storage read: lifetime: PERSISTENT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4c":"505341004b455900000000000100000001100800010000000000000000000000010000004c":0
+
+PSA storage read: usage with implication: 0
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0
-PSA storage read: usage: COPY
+PSA storage read: usage without implication: 0
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0
+
+PSA storage read: usage with implication: COPY
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0
-PSA storage read: usage: DECRYPT
+PSA storage read: usage without implication: COPY
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0
+
+PSA storage read: usage with implication: DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0
-PSA storage read: usage: DERIVE
+PSA storage read: usage without implication: DECRYPT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0
+
+PSA storage read: usage with implication: DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0
-PSA storage read: usage: ENCRYPT
+PSA storage read: usage without implication: DERIVE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0
+
+PSA storage read: usage with implication: ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0
-PSA storage read: usage: EXPORT
+PSA storage read: usage without implication: ENCRYPT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0
+
+PSA storage read: usage with implication: EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0
-PSA storage read: usage: SIGN_HASH
+PSA storage read: usage without implication: EXPORT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0
+
+PSA storage read: usage with implication: SIGN_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
+
+PSA storage read: usage without implication: SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b":0
-PSA storage read: usage: VERIFY_HASH
+PSA storage read: usage with implication: SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b":0
+
+PSA storage read: usage without implication: SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000400000000000000000000010000004b":0
+
+PSA storage read: usage with implication: VERIFY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
+
+PSA storage read: usage without implication: VERIFY_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b":0
-PSA storage read: usage: COPY | DECRYPT
+PSA storage read: usage with implication: VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b":0
+
+PSA storage read: usage without implication: VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000800000000000000000000010000004b":0
+
+PSA storage read: usage with implication: COPY | DECRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0
-PSA storage read: usage: DECRYPT | DERIVE
+PSA storage read: usage without implication: COPY | DECRYPT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0
+
+PSA storage read: usage with implication: DECRYPT | DERIVE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0
-PSA storage read: usage: DERIVE | ENCRYPT
+PSA storage read: usage without implication: DECRYPT | DERIVE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0
+
+PSA storage read: usage with implication: DERIVE | ENCRYPT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0
-PSA storage read: usage: ENCRYPT | EXPORT
+PSA storage read: usage without implication: DERIVE | ENCRYPT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0
+
+PSA storage read: usage with implication: ENCRYPT | EXPORT
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0
-PSA storage read: usage: EXPORT | SIGN_HASH
+PSA storage read: usage without implication: ENCRYPT | EXPORT
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0
+
+PSA storage read: usage with implication: EXPORT | SIGN_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011400000000000000000000010000004b":0
+
+PSA storage read: usage without implication: EXPORT | SIGN_HASH
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b":0
-PSA storage read: usage: SIGN_HASH | VERIFY_HASH
+PSA storage read: usage with implication: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800003000000000000000000000010000004b":0
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
-PSA storage read: usage: VERIFY_HASH | COPY
+PSA storage read: usage without implication: SIGN_HASH | SIGN_MESSAGE
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800022000000000000000000000010000004b":0
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001400000000000000000000010000004b":0
+
+PSA storage read: usage with implication: SIGN_MESSAGE | VERIFY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002c00000000000000000000010000004b":0
+
+PSA storage read: usage without implication: SIGN_MESSAGE | VERIFY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002400000000000000000000010000004b":0
+
+PSA storage read: usage with implication: VERIFY_HASH | VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
+
+PSA storage read: usage without implication: VERIFY_HASH | VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002800000000000000000000010000004b":0
+
+PSA storage read: usage with implication: VERIFY_MESSAGE | COPY
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b":0
+
+PSA storage read: usage without implication: VERIFY_MESSAGE | COPY
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020800000000000000000000010000004b":0
PSA storage read: usage: all known
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
-key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037300000000000000000000010000004b":0
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037f00000000000000000000010000004b":0
PSA storage read: type: AES 128-bit
depends_on:PSA_WANT_KEY_TYPE_AES
-key_storage_read:0x0001:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000002480000100000000000000000000001000000048657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000002480000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: AES 192-bit
depends_on:PSA_WANT_KEY_TYPE_AES
-key_storage_read:0x0001:PSA_KEY_TYPE_AES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000024c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":1
+key_storage_read:0x0001:PSA_KEY_TYPE_AES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000024c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":TEST_FLAG_EXERCISE
PSA storage read: type: AES 256-bit
depends_on:PSA_WANT_KEY_TYPE_AES
-key_storage_read:0x0001:PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000002400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000002400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: ARC4 8-bit
depends_on:PSA_WANT_KEY_TYPE_ARC4
-key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000022008000100000000000000000000000100000048":1
+key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000022008000100000000000000000000000100000048":TEST_FLAG_EXERCISE
PSA storage read: type: ARC4 128-bit
depends_on:PSA_WANT_KEY_TYPE_ARC4
-key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000022080000100000000000000000000001000000048657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000022080000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: ARC4 2048-bit
depends_on:PSA_WANT_KEY_TYPE_ARC4
-key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:2048:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000022000080100000000000000000000000001000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:2048:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000022000080100000000000000000000000001000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: CAMELLIA 128-bit
depends_on:PSA_WANT_KEY_TYPE_CAMELLIA
-key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000032480000100000000000000000000001000000048657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000032480000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: CAMELLIA 192-bit
depends_on:PSA_WANT_KEY_TYPE_CAMELLIA
-key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000324c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":1
+key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000324c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":TEST_FLAG_EXERCISE
PSA storage read: type: CAMELLIA 256-bit
depends_on:PSA_WANT_KEY_TYPE_CAMELLIA
-key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000032400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000032400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: CHACHA20 256-bit
depends_on:PSA_WANT_KEY_TYPE_CHACHA20
-key_storage_read:0x0001:PSA_KEY_TYPE_CHACHA20:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000042000010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_CHACHA20:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000042000010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: DERIVE 120-bit
depends_on:PSA_WANT_KEY_TYPE_DERIVE
-key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:120:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174":"505341004b4559000000000001000000001278000100000000000000000000000f00000048657265006973206b6579a0646174":1
+key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:120:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174":"505341004b4559000000000001000000001278000100000000000000000000000f00000048657265006973206b6579a0646174":TEST_FLAG_EXERCISE
PSA storage read: type: DERIVE 128-bit
depends_on:PSA_WANT_KEY_TYPE_DERIVE
-key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001280000100000000000000000000001000000048657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001280000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: DES 64-bit
depends_on:PSA_WANT_KEY_TYPE_DES
-key_storage_read:0x0001:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901":"505341004b45590000000000010000000123400001000000000000000000000008000000644573206b457901":1
+key_storage_read:0x0001:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901":"505341004b45590000000000010000000123400001000000000000000000000008000000644573206b457901":TEST_FLAG_EXERCISE
PSA storage read: type: DES 128-bit
depends_on:PSA_WANT_KEY_TYPE_DES
-key_storage_read:0x0001:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902":"505341004b45590000000000010000000123800001000000000000000000000010000000644573206b457901644573206b457902":1
+key_storage_read:0x0001:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902":"505341004b45590000000000010000000123800001000000000000000000000010000000644573206b457901644573206b457902":TEST_FLAG_EXERCISE
PSA storage read: type: DES 192-bit
depends_on:PSA_WANT_KEY_TYPE_DES
-key_storage_read:0x0001:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902644573206b457904":"505341004b45590000000000010000000123c00001000000000000000000000018000000644573206b457901644573206b457902644573206b457904":1
+key_storage_read:0x0001:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902644573206b457904":"505341004b45590000000000010000000123c00001000000000000000000000018000000644573206b457901644573206b457902644573206b457904":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000100000000000000000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":"505341004b45590000000000010000003071c000010000000000000000000000180000001688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":"505341004b45590000000000010000003071e0000100000000000000000000001c000000a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":"505341004b455900000000000100000030710001010000000000000000000000200000002161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":"505341004b4559000000000001000000307140010100000000000000000000002800000061b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":"505341004b455900000000000100000030718001010000000000000000000000300000003dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":"505341004b45590000000000010000003071000201000000000000000000000040000000372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 255-bit
+depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":"505341004b45590000000000010000004171ff000100000000000000000000002000000070076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 448-bit
+depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":"505341004b45590000000000010000004171c00101000000000000000000000038000000e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 192-bit
+depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001000000000000000000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 224-bit
+depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":"505341004b45590000000000010000001771e0000100000000000000000000001d0000000024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 256-bit
+depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":"505341004b455900000000000100000017710001010000000000000000000000200000007fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 225-bit
+depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000100000000000000000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 256-bit
+depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"505341004b4559000000000001000000127100010100000000000000000000002000000049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 384-bit
+depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":"505341004b455900000000000100000012718001010000000000000000000000300000003f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 521-bit
+depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":"505341004b4559000000000001000000127109020100000000000000000000004200000001b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECP_R2) 160-bit
+depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000100000000000000000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 163-bit
+depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000100000000000000000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 233-bit
+depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":"505341004b45590000000000010000002771e9000100000000000000000000001d00000041f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 239-bit
+depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":"505341004b45590000000000010000002771ef000100000000000000000000001e0000001a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 283-bit
+depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":"505341004b455900000000000100000027711b0101000000000000000000000024000000006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 409-bit
+depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":"505341004b455900000000000100000027719901010000000000000000000000330000003ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 571-bit
+depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":"505341004b455900000000000100000027713b0201000000000000000000000048000000005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 163-bit
+depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001000000000000000000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 233-bit
+depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":"505341004b45590000000000010000002271e9000100000000000000000000001e00000000e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 283-bit
+depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":"505341004b455900000000000100000022711b0101000000000000000000000024000000004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 409-bit
+depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":"505341004b4559000000000001000000227199010100000000000000000000003400000000c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 571-bit
+depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":"505341004b455900000000000100000022713b0201000000000000000000000048000000026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(SECT_R2) 163-bit
+depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300010000000000000000000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00010000000000000000000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
+depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":"505341004b45590000000000010000004271c001010000000000000000000000390000006c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000100000000000000000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":"505341004b45590000000000010000003041c00001000000000000000000000031000000043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":"505341004b45590000000000010000003041e00001000000000000000000000039000000045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":"505341004b4559000000000001000000304100010100000000000000000000004100000004768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":"505341004b45590000000000010000003041400101000000000000000000000051000000049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":"505341004b4559000000000001000000304180010100000000000000000000006100000004719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit
+depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":"505341004b455900000000000100000030410002010000000000000000000000810000000438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 255-bit
+depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"505341004b45590000000000010000004141ff00010000000000000000000000200000008520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 448-bit
+depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":"505341004b45590000000000010000004141c00101000000000000000000000038000000c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 192-bit
+depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000010000000000000000000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 224-bit
+depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":"505341004b45590000000000010000001741e00001000000000000000000000039000000042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 256-bit
+depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":"505341004b45590000000000010000001741000101000000000000000000000041000000045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 225-bit
+depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001000000000000000000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 256-bit
+depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":"505341004b45590000000000010000001241000101000000000000000000000041000000047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 384-bit
+depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":"505341004b4559000000000001000000124180010100000000000000000000006100000004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 521-bit
+depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":"505341004b4559000000000001000000124109020100000000000000000000008500000004001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECP_R2) 160-bit
+depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001000000000000000000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 163-bit
+depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000100000000000000000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 233-bit
+depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":"505341004b45590000000000010000002741e9000100000000000000000000003d0000000401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 239-bit
+depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":"505341004b45590000000000010000002741ef000100000000000000000000003d00000004068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 283-bit
+depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":"505341004b455900000000000100000027411b01010000000000000000000000490000000405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 409-bit
+depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":"505341004b4559000000000001000000274199010100000000000000000000006900000004012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 571-bit
+depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":"505341004b455900000000000100000027413b020100000000000000000000009100000004050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 163-bit
+depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000100000000000000000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 233-bit
+depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":"505341004b45590000000000010000002241e9000100000000000000000000003d0000000400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 283-bit
+depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":"505341004b455900000000000100000022411b010100000000000000000000004900000004052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 409-bit
+depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":"505341004b455900000000000100000022419901010000000000000000000000690000000401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 571-bit
+depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":"505341004b455900000000000100000022413b0201000000000000000000000091000000040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(SECT_R2) 163-bit
+depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000100000000000000000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff0001000000000000000000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":TEST_FLAG_EXERCISE
+
+PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
+depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":"505341004b45590000000000010000004241c001010000000000000000000000390000005fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 128-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 160-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 224-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 256-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 384-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: HMAC 512-bit
depends_on:PSA_WANT_KEY_TYPE_HMAC
-key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":TEST_FLAG_EXERCISE
PSA storage read: type: RAW_DATA 8-bit
depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
@@ -162,570 +522,1718 @@
PSA storage read: type: RSA_KEY_PAIR 1024-bit
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE
PSA storage read: type: RSA_KEY_PAIR 1536-bit
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":1
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":TEST_FLAG_EXERCISE
PSA storage read: type: RSA_PUBLIC_KEY 1024-bit
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":1
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":TEST_FLAG_EXERCISE
PSA storage read: type: RSA_PUBLIC_KEY 1536-bit
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":1
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":TEST_FLAG_EXERCISE
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000100000000000000000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":1
+PSA storage read: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000081410500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":"505341004b45590000000000010000003071c000010000000000000000000000180000001688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":1
+PSA storage read: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000814105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":"505341004b45590000000000010000003071e0000100000000000000000000001c000000a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":1
+PSA storage read: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CHACHA20_POLY1305, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000085010500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":"505341004b455900000000000100000030710001010000000000000000000000200000002161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":1
+PSA storage read: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CHACHA20_POLY1305, 1):"4c":"505341004b455900000000000100000001100800010000000000000000850105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":"505341004b4559000000000001000000307140010100000000000000000000002800000061b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":1
+PSA storage read: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000082410500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":"505341004b455900000000000100000030718001010000000000000000000000300000003dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":1
+PSA storage read: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_GCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000824105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":"505341004b45590000000000010000003071000201000000000000000000000040000000372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":1
+PSA storage read: alg: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 63):0x0000:"4b":"505341004b4559000000000001000000011008000100000000817f0500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 255-bit
-depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":"505341004b45590000000000010000004171ff000100000000000000000000002000000070076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":1
+PSA storage read: alg2: AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 63):"4c":"505341004b455900000000000100000001100800010000000000000000817f05010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 448-bit
-depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":"505341004b45590000000000010000004171c00101000000000000000000000038000000e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":1
+PSA storage read: alg: AEAD_WITH_SHORTENED_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000001410500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 192-bit
-depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001000000000000000000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":1
+PSA storage read: alg2: AEAD_WITH_SHORTENED_TAG(CCM, 1)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000014105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 224-bit
-depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":"505341004b45590000000000010000001771e0000100000000000000000000001d0000000024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":1
+PSA storage read: alg: AEAD_WITH_SHORTENED_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000005010500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 256-bit
-depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":"505341004b455900000000000100000017710001010000000000000000000000200000007fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":1
+PSA storage read: alg2: AEAD_WITH_SHORTENED_TAG(CHACHA20_POLY1305, 1)
+depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 1):"4c":"505341004b455900000000000100000001100800010000000000000000050105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 225-bit
-depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000100000000000000000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":1
+PSA storage read: alg: AEAD_WITH_SHORTENED_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000002410500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 256-bit
-depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"505341004b4559000000000001000000127100010100000000000000000000002000000049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":1
+PSA storage read: alg2: AEAD_WITH_SHORTENED_TAG(GCM, 1)
+depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 1):"4c":"505341004b455900000000000100000001100800010000000000000000024105010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 384-bit
-depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":"505341004b455900000000000100000012718001010000000000000000000000300000003f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":1
+PSA storage read: alg: AEAD_WITH_SHORTENED_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 63):0x0000:"4b":"505341004b4559000000000001000000011008000100000000017f0500000000010000004b":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 521-bit
-depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":"505341004b4559000000000001000000127109020100000000000000000000004200000001b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":1
+PSA storage read: alg2: AEAD_WITH_SHORTENED_TAG(CCM, 63)
+depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 63):"4c":"505341004b455900000000000100000001100800010000000000000000017f05010000004c":0
-PSA storage read: type: ECC_KEY_PAIR(SECP_R2) 160-bit
-depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000100000000000000000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 163-bit
-depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000100000000000000000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 233-bit
-depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":"505341004b45590000000000010000002771e9000100000000000000000000001d00000041f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 239-bit
-depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":"505341004b45590000000000010000002771ef000100000000000000000000001e0000001a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 283-bit
-depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":"505341004b455900000000000100000027711b0101000000000000000000000024000000006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 409-bit
-depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":"505341004b455900000000000100000027719901010000000000000000000000330000003ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 571-bit
-depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":"505341004b455900000000000100000027713b0201000000000000000000000048000000005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 163-bit
-depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001000000000000000000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 233-bit
-depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":"505341004b45590000000000010000002271e9000100000000000000000000001e00000000e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 283-bit
-depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":"505341004b455900000000000100000022711b0101000000000000000000000024000000004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 409-bit
-depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":"505341004b4559000000000001000000227199010100000000000000000000003400000000c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 571-bit
-depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":"505341004b455900000000000100000022713b0201000000000000000000000048000000026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":1
-
-PSA storage read: type: ECC_KEY_PAIR(SECT_R2) 163-bit
-depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300010000000000000000000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":1
-
-PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
-depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00010000000000000000000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":1
-
-PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit
-depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":"505341004b45590000000000010000004271c001010000000000000000000000390000006c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000100000000000000000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":"505341004b45590000000000010000003041c00001000000000000000000000031000000043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":"505341004b45590000000000010000003041e00001000000000000000000000039000000045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":"505341004b4559000000000001000000304100010100000000000000000000004100000004768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":"505341004b45590000000000010000003041400101000000000000000000000051000000049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":"505341004b4559000000000001000000304180010100000000000000000000006100000004719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit
-depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":"505341004b455900000000000100000030410002010000000000000000000000810000000438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 255-bit
-depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"505341004b45590000000000010000004141ff00010000000000000000000000200000008520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 448-bit
-depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":"505341004b45590000000000010000004141c00101000000000000000000000038000000c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 192-bit
-depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000010000000000000000000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 224-bit
-depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":"505341004b45590000000000010000001741e00001000000000000000000000039000000042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 256-bit
-depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":"505341004b45590000000000010000001741000101000000000000000000000041000000045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 225-bit
-depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001000000000000000000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 256-bit
-depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":"505341004b45590000000000010000001241000101000000000000000000000041000000047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 384-bit
-depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":"505341004b4559000000000001000000124180010100000000000000000000006100000004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 521-bit
-depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":"505341004b4559000000000001000000124109020100000000000000000000008500000004001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECP_R2) 160-bit
-depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001000000000000000000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 163-bit
-depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000100000000000000000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 233-bit
-depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":"505341004b45590000000000010000002741e9000100000000000000000000003d0000000401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 239-bit
-depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":"505341004b45590000000000010000002741ef000100000000000000000000003d00000004068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 283-bit
-depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":"505341004b455900000000000100000027411b01010000000000000000000000490000000405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 409-bit
-depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":"505341004b4559000000000001000000274199010100000000000000000000006900000004012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 571-bit
-depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":"505341004b455900000000000100000027413b020100000000000000000000009100000004050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 163-bit
-depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000100000000000000000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 233-bit
-depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":"505341004b45590000000000010000002241e9000100000000000000000000003d0000000400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 283-bit
-depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":"505341004b455900000000000100000022411b010100000000000000000000004900000004052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 409-bit
-depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":"505341004b455900000000000100000022419901010000000000000000000000690000000401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 571-bit
-depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":"505341004b455900000000000100000022413b0201000000000000000000000091000000040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(SECT_R2) 163-bit
-depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000100000000000000000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
-depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff0001000000000000000000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":1
-
-PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit
-depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
-key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":"505341004b45590000000000010000004241c001010000000000000000000000390000005fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":1
-
-PSA storage read: alg: PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA
+PSA storage read: alg: ANY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ANY_HASH:0x0000:"4b":"505341004b45590000000000010000000110080001000000ff00000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA
+PSA storage read: alg2: ANY_HASH
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ANY_HASH:"4c":"505341004b4559000000000001000000011008000100000000000000ff000002010000004c":0
-PSA storage read: alg: PSA_ALG_CBC_MAC
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000081c10300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000081c103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000082c10300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CMAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000082c103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000180810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):"4c":"505341004b455900000000000100000001100800010000000000000001808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000280810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):"4c":"505341004b455900000000000100000001100800010000000000000002808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000380810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):"4c":"505341004b455900000000000100000001100800010000000000000003808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000480810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):"4c":"505341004b455900000000000100000001100800010000000000000004808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000580810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):"4c":"505341004b455900000000000100000001100800010000000000000005808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000880810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):"4c":"505341004b455900000000000100000001100800010000000000000008808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000980810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):"4c":"505341004b455900000000000100000001100800010000000000000009808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000a80810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):"4c":"505341004b45590000000000010000000110080001000000000000000a808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000b80810300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):"4c":"505341004b45590000000000010000000110080001000000000000000b808103010000004c":0
+
+PSA storage read: alg: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 63):0x0000:"4b":"505341004b455900000000000100000001100800010000000081ff0300000000010000004b":0
+
+PSA storage read: alg2: AT_LEAST_THIS_LENGTH_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(PSA_ALG_CBC_MAC, 63):"4c":"505341004b45590000000000010000000110080001000000000000000081ff03010000004c":0
+
+PSA storage read: alg: CBC_MAC
depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_MAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000001c00300000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CBC_MAC
+PSA storage read: alg2: CBC_MAC
depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_MAC:"4c":"505341004b45590000000000010000000110080001000000000000000001c003010000004c":0
-PSA storage read: alg: PSA_ALG_CBC_NO_PADDING
+PSA storage read: alg: CBC_NO_PADDING
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000040400400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CBC_NO_PADDING
+PSA storage read: alg2: CBC_NO_PADDING
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000404004010000004c":0
-PSA storage read: alg: PSA_ALG_CBC_PKCS7
+PSA storage read: alg: CBC_PKCS7
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_PKCS7:0x0000:"4b":"505341004b455900000000000100000001100800010000000041400400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CBC_PKCS7
+PSA storage read: alg2: CBC_PKCS7
depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_PKCS7:"4c":"505341004b455900000000000100000001100800010000000000000000414004010000004c":0
-PSA storage read: alg: PSA_ALG_CCM
+PSA storage read: alg: CCM
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000001500500000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CCM
+PSA storage read: alg2: CCM
depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CCM:"4c":"505341004b455900000000000100000001100800010000000000000000015005010000004c":0
-PSA storage read: alg: PSA_ALG_CFB
+PSA storage read: alg: CFB
depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000011c00400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CFB
+PSA storage read: alg2: CFB
depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CFB:"4c":"505341004b45590000000000010000000110080001000000000000000011c004010000004c":0
-PSA storage read: alg: PSA_ALG_CHACHA20_POLY1305
+PSA storage read: alg: CHACHA20_POLY1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CHACHA20_POLY1305:0x0000:"4b":"505341004b455900000000000100000001100800010000000005100500000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CHACHA20_POLY1305
+PSA storage read: alg2: CHACHA20_POLY1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CHACHA20_POLY1305:"4c":"505341004b455900000000000100000001100800010000000000000000051005010000004c":0
-PSA storage read: alg: PSA_ALG_CMAC
+PSA storage read: alg: CMAC
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CMAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000002c00300000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CMAC
+PSA storage read: alg2: CMAC
depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CMAC:"4c":"505341004b45590000000000010000000110080001000000000000000002c003010000004c":0
-PSA storage read: alg: PSA_ALG_CTR
+PSA storage read: alg: CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0x0000:"4b":"505341004b455900000000000100000001100800010000000010c00400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_CTR
+PSA storage read: alg2: CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CTR:"4c":"505341004b45590000000000010000000110080001000000000000000010c004010000004c":0
-PSA storage read: alg: PSA_ALG_ECB_NO_PADDING
+PSA storage read: alg: DETERMINISTIC_DSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000105000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000205000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000305000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000405000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000505000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000805000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000905000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a05000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b05000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_DSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b050006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000107000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(MD2)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000207000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(MD4)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000307000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(MD5)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000407000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000507000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000807000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000907000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a07000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b07000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b070006010000004c":0
+
+PSA storage read: alg: DETERMINISTIC_ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff07000600000000010000004b":0
+
+PSA storage read: alg2: DETERMINISTIC_ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff070006010000004c":0
+
+PSA storage read: alg: DSA(MD2)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000104000600000000010000004b":0
+
+PSA storage read: alg2: DSA(MD2)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001040006010000004c":0
+
+PSA storage read: alg: DSA(MD4)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000204000600000000010000004b":0
+
+PSA storage read: alg2: DSA(MD4)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002040006010000004c":0
+
+PSA storage read: alg: DSA(MD5)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000304000600000000010000004b":0
+
+PSA storage read: alg2: DSA(MD5)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003040006010000004c":0
+
+PSA storage read: alg: DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000404000600000000010000004b":0
+
+PSA storage read: alg2: DSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004040006010000004c":0
+
+PSA storage read: alg: DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000504000600000000010000004b":0
+
+PSA storage read: alg2: DSA(SHA_1)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005040006010000004c":0
+
+PSA storage read: alg: DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000804000600000000010000004b":0
+
+PSA storage read: alg2: DSA(SHA_224)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008040006010000004c":0
+
+PSA storage read: alg: DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000904000600000000010000004b":0
+
+PSA storage read: alg2: DSA(SHA_256)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009040006010000004c":0
+
+PSA storage read: alg: DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a04000600000000010000004b":0
+
+PSA storage read: alg2: DSA(SHA_384)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a040006010000004c":0
+
+PSA storage read: alg: DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_DSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b04000600000000010000004b":0
+
+PSA storage read: alg2: DSA(SHA_512)
+depends_on:PSA_WANT_ALG_DSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_DSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b040006010000004c":0
+
+PSA storage read: alg: ECB_NO_PADDING
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECB_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000044400400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ECB_NO_PADDING
+PSA storage read: alg2: ECB_NO_PADDING
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECB_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000444004010000004c":0
-PSA storage read: alg: PSA_ALG_ECDH
+PSA storage read: alg: ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000020900000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ECDH
+PSA storage read: alg2: ECDH
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDH:"4c":"505341004b455900000000000100000001100800010000000000000000000209010000004c":0
-PSA storage read: alg: PSA_ALG_ECDSA_ANY
+PSA storage read: alg: ECDSA(MD2)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000106000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(MD2)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001060006010000004c":0
+
+PSA storage read: alg: ECDSA(MD4)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000206000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(MD4)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002060006010000004c":0
+
+PSA storage read: alg: ECDSA(MD5)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000306000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(MD5)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003060006010000004c":0
+
+PSA storage read: alg: ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000406000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(RIPEMD160)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004060006010000004c":0
+
+PSA storage read: alg: ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000506000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(SHA_1)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005060006010000004c":0
+
+PSA storage read: alg: ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000806000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(SHA_224)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008060006010000004c":0
+
+PSA storage read: alg: ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000906000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(SHA_256)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009060006010000004c":0
+
+PSA storage read: alg: ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a06000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(SHA_384)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a060006010000004c":0
+
+PSA storage read: alg: ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b06000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(SHA_512)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b060006010000004c":0
+
+PSA storage read: alg: ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff06000600000000010000004b":0
+
+PSA storage read: alg2: ECDSA(ANY_HASH)
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff060006010000004c":0
+
+PSA storage read: alg: ECDSA_ANY
depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0x0000:"4b":"505341004b455900000000000100000001100800010000000006000600000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ECDSA_ANY
+PSA storage read: alg2: ECDSA_ANY
depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA_ANY:"4c":"505341004b455900000000000100000001100800010000000000000000060006010000004c":0
-PSA storage read: alg: PSA_ALG_ED25519PH
+PSA storage read: alg: ED25519PH
depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED25519PH:0x0000:"4b":"505341004b455900000000000100000001100800010000000b09000600000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ED25519PH
+PSA storage read: alg2: ED25519PH
depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED25519PH:"4c":"505341004b45590000000000010000000110080001000000000000000b090006010000004c":0
-PSA storage read: alg: PSA_ALG_ED448PH
+PSA storage read: alg: ED448PH
depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED448PH:0x0000:"4b":"505341004b455900000000000100000001100800010000001509000600000000010000004b":0
-PSA storage read: alg2: PSA_ALG_ED448PH
+PSA storage read: alg2: ED448PH
depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED448PH:"4c":"505341004b455900000000000100000001100800010000000000000015090006010000004c":0
-PSA storage read: alg: PSA_ALG_FFDH
+PSA storage read: alg: FFDH
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000010900000000010000004b":0
-PSA storage read: alg2: PSA_ALG_FFDH
+PSA storage read: alg2: FFDH
depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_FFDH:"4c":"505341004b455900000000000100000001100800010000000000000000000109010000004c":0
-PSA storage read: alg: PSA_ALG_GCM
+PSA storage read: alg: GCM
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_GCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000002500500000000010000004b":0
-PSA storage read: alg2: PSA_ALG_GCM
+PSA storage read: alg2: GCM
depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_GCM:"4c":"505341004b455900000000000100000001100800010000000000000000025005010000004c":0
-PSA storage read: alg: PSA_ALG_MD2
+PSA storage read: alg: HKDF(MD2)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000101000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(MD2)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001010008010000004c":0
+
+PSA storage read: alg: HKDF(MD4)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000201000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(MD4)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002010008010000004c":0
+
+PSA storage read: alg: HKDF(MD5)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000301000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(MD5)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003010008010000004c":0
+
+PSA storage read: alg: HKDF(RIPEMD160)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000401000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(RIPEMD160)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004010008010000004c":0
+
+PSA storage read: alg: HKDF(SHA_1)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000501000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(SHA_1)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005010008010000004c":0
+
+PSA storage read: alg: HKDF(SHA_224)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000801000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(SHA_224)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008010008010000004c":0
+
+PSA storage read: alg: HKDF(SHA_256)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000901000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(SHA_256)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009010008010000004c":0
+
+PSA storage read: alg: HKDF(SHA_384)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(SHA_384)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a010008010000004c":0
+
+PSA storage read: alg: HKDF(SHA_512)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HKDF(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b01000800000000010000004b":0
+
+PSA storage read: alg2: HKDF(SHA_512)
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HKDF(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b010008010000004c":0
+
+PSA storage read: alg: HMAC(MD2)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000100800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(MD2)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001008003010000004c":0
+
+PSA storage read: alg: HMAC(MD4)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000200800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(MD4)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002008003010000004c":0
+
+PSA storage read: alg: HMAC(MD5)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000300800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(MD5)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003008003010000004c":0
+
+PSA storage read: alg: HMAC(RIPEMD160)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000400800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(RIPEMD160)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004008003010000004c":0
+
+PSA storage read: alg: HMAC(SHA_1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000500800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(SHA_1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005008003010000004c":0
+
+PSA storage read: alg: HMAC(SHA_224)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000800800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(SHA_224)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008008003010000004c":0
+
+PSA storage read: alg: HMAC(SHA_256)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000900800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(SHA_256)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009008003010000004c":0
+
+PSA storage read: alg: HMAC(SHA_384)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a00800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(SHA_384)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a008003010000004c":0
+
+PSA storage read: alg: HMAC(SHA_512)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_HMAC(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b00800300000000010000004b":0
+
+PSA storage read: alg2: HMAC(SHA_512)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_HMAC(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b008003010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000901020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009010209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(FFDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000901010900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(FFDH, HKDF(SHA_256))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009010109010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a010209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000902020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009020209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, TLS12_PRF(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a020209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):0x0000:"4b":"505341004b455900000000000100000001100800010000000903020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_256))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):"4c":"505341004b455900000000000100000001100800010000000000000009030209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03020900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(ECDH, TLS12_PSK_TO_MS(SHA_384))
+depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a030209010000004c":0
+
+PSA storage read: alg: KEY_AGREEMENT(FFDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):0x0000:"4b":"505341004b455900000000000100000001100800010000000a01010900000000010000004b":0
+
+PSA storage read: alg2: KEY_AGREEMENT(FFDH, HKDF(SHA_384))
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_384)):"4c":"505341004b45590000000000010000000110080001000000000000000a010109010000004c":0
+
+PSA storage read: alg: MD2
depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD2:0x0000:"4b":"505341004b455900000000000100000001100800010000000100000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_MD2
+PSA storage read: alg2: MD2
depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD2:"4c":"505341004b455900000000000100000001100800010000000000000001000002010000004c":0
-PSA storage read: alg: PSA_ALG_MD4
+PSA storage read: alg: MD4
depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD4:0x0000:"4b":"505341004b455900000000000100000001100800010000000200000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_MD4
+PSA storage read: alg2: MD4
depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD4:"4c":"505341004b455900000000000100000001100800010000000000000002000002010000004c":0
-PSA storage read: alg: PSA_ALG_MD5
+PSA storage read: alg: MD5
depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD5:0x0000:"4b":"505341004b455900000000000100000001100800010000000300000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_MD5
+PSA storage read: alg2: MD5
depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD5:"4c":"505341004b455900000000000100000001100800010000000000000003000002010000004c":0
-PSA storage read: alg: PSA_ALG_OFB
+PSA storage read: alg: OFB
depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_OFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000012c00400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_OFB
+PSA storage read: alg2: OFB
depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c":0
-PSA storage read: alg: PSA_ALG_PURE_EDDSA
+PSA storage read: alg: PURE_EDDSA
depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b":0
-PSA storage read: alg2: PSA_ALG_PURE_EDDSA
+PSA storage read: alg2: PURE_EDDSA
depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PURE_EDDSA:"4c":"505341004b455900000000000100000001100800010000000000000000080006010000004c":0
-PSA storage read: alg: PSA_ALG_RIPEMD160
+PSA storage read: alg: RIPEMD160
depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RIPEMD160:0x0000:"4b":"505341004b455900000000000100000001100800010000000400000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_RIPEMD160
+PSA storage read: alg2: RIPEMD160
depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RIPEMD160:"4c":"505341004b455900000000000100000001100800010000000000000004000002010000004c":0
-PSA storage read: alg: PSA_ALG_RSA_PKCS1V15_CRYPT
+PSA storage read: alg: RSA_OAEP(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030007010000004c":0
+
+PSA storage read: alg: RSA_OAEP(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000700000000010000004b":0
+
+PSA storage read: alg2: RSA_OAEP(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030007010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_CRYPT
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000700000000010000004b":0
-PSA storage read: alg2: PSA_ALG_RSA_PKCS1V15_CRYPT
+PSA storage read: alg2: RSA_PKCS1V15_CRYPT
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_CRYPT:"4c":"505341004b455900000000000100000001100800010000000000000000020007010000004c":0
-PSA storage read: alg: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+PSA storage read: alg: RSA_PKCS1V15_SIGN(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000102000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000202000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000302000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000402000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000502000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000802000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000902000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b02000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff02000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PKCS1V15_SIGN(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff020006010000004c":0
+
+PSA storage read: alg: RSA_PKCS1V15_SIGN_RAW
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000600000000010000004b":0
-PSA storage read: alg2: PSA_ALG_RSA_PKCS1V15_SIGN_RAW
+PSA storage read: alg2: RSA_PKCS1V15_SIGN_RAW
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"4c":"505341004b455900000000000100000001100800010000000000000000020006010000004c":0
-PSA storage read: alg: PSA_ALG_SHA3_224
+PSA storage read: alg: RSA_PSS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(SHA_1)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(SHA_224)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(SHA_256)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(SHA_384)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(SHA_512)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030006010000004c":0
+
+PSA storage read: alg: RSA_PSS(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0x0000:"4b":"505341004b45590000000000010000000110080001000000ff03000600000000010000004b":0
+
+PSA storage read: alg2: RSA_PSS(ANY_HASH)
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):"4c":"505341004b4559000000000001000000011008000100000000000000ff030006010000004c":0
+
+PSA storage read: alg: SHA3_224
depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_224:0x0000:"4b":"505341004b455900000000000100000001100800010000001000000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA3_224
+PSA storage read: alg2: SHA3_224
depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_224:"4c":"505341004b455900000000000100000001100800010000000000000010000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA3_256
+PSA storage read: alg: SHA3_256
depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_256:0x0000:"4b":"505341004b455900000000000100000001100800010000001100000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA3_256
+PSA storage read: alg2: SHA3_256
depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_256:"4c":"505341004b455900000000000100000001100800010000000000000011000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA3_384
+PSA storage read: alg: SHA3_384
depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_384:0x0000:"4b":"505341004b455900000000000100000001100800010000001200000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA3_384
+PSA storage read: alg2: SHA3_384
depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_384:"4c":"505341004b455900000000000100000001100800010000000000000012000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA3_512
+PSA storage read: alg: SHA3_512
depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001300000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA3_512
+PSA storage read: alg2: SHA3_512
depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_512:"4c":"505341004b455900000000000100000001100800010000000000000013000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHAKE256_512
+PSA storage read: alg: SHAKE256_512
depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHAKE256_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001500000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHAKE256_512
+PSA storage read: alg2: SHAKE256_512
depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHAKE256_512:"4c":"505341004b455900000000000100000001100800010000000000000015000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_1
+PSA storage read: alg: SHA_1
depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_1:0x0000:"4b":"505341004b455900000000000100000001100800010000000500000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_1
+PSA storage read: alg2: SHA_1
depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_1:"4c":"505341004b455900000000000100000001100800010000000000000005000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_224
+PSA storage read: alg: SHA_224
depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000800000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_224
+PSA storage read: alg2: SHA_224
depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_224:"4c":"505341004b455900000000000100000001100800010000000000000008000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_256
+PSA storage read: alg: SHA_256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000900000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_256
+PSA storage read: alg2: SHA_256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_256:"4c":"505341004b455900000000000100000001100800010000000000000009000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_384
+PSA storage read: alg: SHA_384
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_384:0x0000:"4b":"505341004b455900000000000100000001100800010000000a00000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_384
+PSA storage read: alg2: SHA_384
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_384:"4c":"505341004b45590000000000010000000110080001000000000000000a000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_512
+PSA storage read: alg: SHA_512
depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512:0x0000:"4b":"505341004b455900000000000100000001100800010000000b00000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_512
+PSA storage read: alg2: SHA_512
depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512:"4c":"505341004b45590000000000010000000110080001000000000000000b000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_512_224
+PSA storage read: alg: SHA_512_224
depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000c00000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_512_224
+PSA storage read: alg2: SHA_512_224
depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_224:"4c":"505341004b45590000000000010000000110080001000000000000000c000002010000004c":0
-PSA storage read: alg: PSA_ALG_SHA_512_256
+PSA storage read: alg: SHA_512_256
depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000d00000200000000010000004b":0
-PSA storage read: alg2: PSA_ALG_SHA_512_256
+PSA storage read: alg2: SHA_512_256
depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_256:"4c":"505341004b45590000000000010000000110080001000000000000000d000002010000004c":0
-PSA storage read: alg: PSA_ALG_STREAM_CIPHER
+PSA storage read: alg: STREAM_CIPHER
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_STREAM_CIPHER:0x0000:"4b":"505341004b455900000000000100000001100800010000000001800400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_STREAM_CIPHER
+PSA storage read: alg2: STREAM_CIPHER
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_STREAM_CIPHER:"4c":"505341004b455900000000000100000001100800010000000000000000018004010000004c":0
-PSA storage read: alg: PSA_ALG_XTS
+PSA storage read: alg: TLS12_PRF(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000102000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000202000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000302000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000402000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000502000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000802000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000902000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a02000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a020008010000004c":0
+
+PSA storage read: alg: TLS12_PRF(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b02000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PRF(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b020008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD2):0x0000:"4b":"505341004b455900000000000100000001100800010000000103000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(MD2)
+depends_on:PSA_WANT_ALG_MD2:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD2):"4c":"505341004b455900000000000100000001100800010000000000000001030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD4):0x0000:"4b":"505341004b455900000000000100000001100800010000000203000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(MD4)
+depends_on:PSA_WANT_ALG_MD4:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD4):"4c":"505341004b455900000000000100000001100800010000000000000002030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD5):0x0000:"4b":"505341004b455900000000000100000001100800010000000303000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(MD5)
+depends_on:PSA_WANT_ALG_MD5:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_MD5):"4c":"505341004b455900000000000100000001100800010000000000000003030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_RIPEMD160):0x0000:"4b":"505341004b455900000000000100000001100800010000000403000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(RIPEMD160)
+depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_RIPEMD160):"4c":"505341004b455900000000000100000001100800010000000000000004030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_1):0x0000:"4b":"505341004b455900000000000100000001100800010000000503000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(SHA_1)
+depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_1):"4c":"505341004b455900000000000100000001100800010000000000000005030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_224):0x0000:"4b":"505341004b455900000000000100000001100800010000000803000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(SHA_224)
+depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_224):"4c":"505341004b455900000000000100000001100800010000000000000008030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):0x0000:"4b":"505341004b455900000000000100000001100800010000000903000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(SHA_256)
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"4c":"505341004b455900000000000100000001100800010000000000000009030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):0x0000:"4b":"505341004b455900000000000100000001100800010000000a03000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(SHA_384)
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"4c":"505341004b45590000000000010000000110080001000000000000000a030008010000004c":0
+
+PSA storage read: alg: TLS12_PSK_TO_MS(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_512):0x0000:"4b":"505341004b455900000000000100000001100800010000000b03000800000000010000004b":0
+
+PSA storage read: alg2: TLS12_PSK_TO_MS(SHA_512)
+depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_512):"4c":"505341004b45590000000000010000000110080001000000000000000b030008010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000001c10300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(CBC_MAC, 1)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000001c103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000002c10300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(CMAC, 1)
+depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CMAC, 1):"4c":"505341004b45590000000000010000000110080001000000000000000002c103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000100810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(MD2), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD2), 1):"4c":"505341004b455900000000000100000001100800010000000000000001008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000200810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(MD4), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD4), 1):"4c":"505341004b455900000000000100000001100800010000000000000002008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000300810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(MD5), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_MD5), 1):"4c":"505341004b455900000000000100000001100800010000000000000003008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000400810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(RIPEMD160), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_RIPEMD160), 1):"4c":"505341004b455900000000000100000001100800010000000000000004008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000500810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(SHA_1), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_1), 1):"4c":"505341004b455900000000000100000001100800010000000000000005008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000800810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(SHA_224), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_224), 1):"4c":"505341004b455900000000000100000001100800010000000000000008008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000900810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(SHA_256), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_256), 1):"4c":"505341004b455900000000000100000001100800010000000000000009008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000a00810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(SHA_384), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_384), 1):"4c":"505341004b45590000000000010000000110080001000000000000000a008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):0x0000:"4b":"505341004b455900000000000100000001100800010000000b00810300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(HMAC(SHA_512), 1)
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 1):"4c":"505341004b45590000000000010000000110080001000000000000000b008103010000004c":0
+
+PSA storage read: alg: TRUNCATED_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 63):0x0000:"4b":"505341004b455900000000000100000001100800010000000001ff0300000000010000004b":0
+
+PSA storage read: alg2: TRUNCATED_MAC(CBC_MAC, 63)
+depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA
+key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_TRUNCATED_MAC(PSA_ALG_CBC_MAC, 63):"4c":"505341004b45590000000000010000000110080001000000000000000001ff03010000004c":0
+
+PSA storage read: alg: XTS
depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_XTS:0x0000:"4b":"505341004b4559000000000001000000011008000100000000ff400400000000010000004b":0
-PSA storage read: alg2: PSA_ALG_XTS
+PSA storage read: alg2: XTS
depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA
key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_XTS:"4c":"505341004b455900000000000100000001100800010000000000000000ff4004010000004c":0
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000110000009070006000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001100000090700060000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000110000009070006000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000110000009070006000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000110000009070006000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001100000090700060000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300011000000907000600000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000110000009060006000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001100000090600060000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000110000009060006000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000110000009060006000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000110000009060006000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001100000090600060000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300011000000906000600000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ED25519PH ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ED25519PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00011000000b09000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: ED448PH ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ED448PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00011000001509000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: RSA_PKCS1V15_SIGN(SHA_256) RSA_KEY_PAIR 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004011000000902000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by SIGN_HASH: RSA_PSS(SHA_256) RSA_KEY_PAIR 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004011000000903000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000120000009070006000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001200000090700060000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000120000009070006000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000120000009070006000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000120000009070006000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001200000090700060000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300012000000907000600000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000120000009070006000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000012000000907000600000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001200000090700060000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001200000090700060000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000120000009070006000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000120000009070006000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: DETERMINISTIC_ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000120000009070006000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000120000009060006000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001200000090600060000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000120000009060006000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000120000009060006000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000120000009060006000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001200000090600060000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_KEY_PAIR(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300012000000906000600000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000120000009060006000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_K1) 192-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000012000000906000600000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_R1) 225-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001200000090600060000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECP_R2) 160-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001200000090600060000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_K1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000120000009060006000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_R1) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000120000009060006000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ECDSA(SHA_256) ECC_PUBLIC_KEY(SECT_R2) 163-bit
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000120000009060006000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ED25519PH ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ED25519PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00012000000b09000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ED25519PH ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ED25519PH:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff00012000000b0900060000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ED448PH ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ED448PH:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00012000001509000600000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: ED448PH ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit
+depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ED448PH:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff0001200000150900060000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(MD2) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD2):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000001008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(MD4) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD4):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000002008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(MD5) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_MD5):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000003008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(RIPEMD160) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_RIPEMD160):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000004008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(SHA_1) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_1):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000005008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(SHA_224) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_224):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000008008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(SHA_256) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_256):0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000120000009008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(SHA_384) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_384):0x0000:"48657265006973206b6579a064617461":"505341004b455900000000000100000000118000012000000a008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: HMAC(SHA_512) HMAC 128-bit
+depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC
+key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_HMAC(PSA_ALG_SHA_512):0x0000:"48657265006973206b6579a064617461":"505341004b455900000000000100000000118000012000000b008003000000001000000048657265006973206b6579a064617461":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: RSA_PKCS1V15_SIGN(SHA_256) RSA_KEY_PAIR 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004012000000902000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: RSA_PKCS1V15_SIGN(SHA_256) RSA_PUBLIC_KEY 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040120000009020006000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: RSA_PSS(SHA_256) RSA_KEY_PAIR 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004012000000903000600000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":TEST_FLAG_EXERCISE
+
+PSA storage read: implied by VERIFY_HASH: RSA_PSS(SHA_256) RSA_PUBLIC_KEY 1024-bit
+depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
+key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040120000009030006000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":TEST_FLAG_EXERCISE
+
# End of automatically generated file.
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 6f9406c..2da814d 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -389,12 +389,18 @@
RSA Private (Data larger than N)
mbedtls_rsa_private:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PRIVATE_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+RSA Private (Data = 0 )
+mbedtls_rsa_private:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
+
RSA Public (Correct)
mbedtls_rsa_public:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f8700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"1f5e927c13ff231090b0f18c8c3526428ed0f4a7561457ee5afe4d22d5d9220c34ef5b9a34d0c07f7248a1f3d57f95d10f7936b3063e40660b3a7ca3e73608b013f85a6e778ac7c60d576e9d9c0c5a79ad84ceea74e4722eb3553bdb0c2d7783dac050520cb27ca73478b509873cb0dcbd1d51dd8fccb96c29ad314f36d67cc57835d92d94defa0399feb095fd41b9f0b2be10f6041079ed4290040449f8a79aba50b0a1f8cf83c9fb8772b0686ec1b29cb1814bb06f9c024857db54d395a8da9a2c6f9f53b94bec612a0cb306a3eaa9fc80992e85d9d232e37a50cabe48c9343f039601ff7d95d60025e582aec475d031888310e8ec3833b394a5cf0599101e":0
RSA Public (Data larger than N)
mbedtls_rsa_public:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_PUBLIC_FAILED + MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+RSA Public (Data = 0)
+mbedtls_rsa_public:"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":0
+
RSA Generate Key - 128bit key
mbedtls_rsa_gen_key:128:3:0
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index d3d016d..2d7fb8e 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -532,10 +532,10 @@
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -578,8 +578,8 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( hash_result, 0x00, sizeof( hash_result ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
@@ -616,10 +616,10 @@
memset( output, 0x00, sizeof( output ) );
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -687,8 +687,8 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -751,8 +751,8 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -792,8 +792,8 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -840,10 +840,10 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
@@ -886,14 +886,16 @@
mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
+
+ /* Check test data consistency */
+ TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
-
TEST_ASSERT( mbedtls_rsa_public( &ctx, message_str->x, output ) == result );
if( result == 0 )
{
@@ -945,17 +947,19 @@
memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 );
+
+ /* Check test data consistency */
+ TEST_ASSERT( message_str->len == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) );
TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 );
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
-
/* repeat three times to test updating of blinding values */
for( i = 0; i < 3; i++ )
{
@@ -1021,11 +1025,11 @@
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
}
TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 );
@@ -1053,36 +1057,36 @@
ctx.len = mod / 8;
if( strlen( input_P ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.P, radix_P, input_P ) == 0 );
}
if( strlen( input_Q ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.Q, radix_Q, input_Q ) == 0 );
}
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.E, radix_E, input_E ) == 0 );
}
if( strlen( input_D ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.D, radix_D, input_D ) == 0 );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
if( strlen( input_DP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DP, radix_DP, input_DP ) == 0 );
}
if( strlen( input_DQ ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.DQ, radix_DQ, input_DQ ) == 0 );
}
if( strlen( input_QP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &ctx.QP, radix_QP, input_QP ) == 0 );
}
#else
((void) radix_DP); ((void) input_DP);
@@ -1117,45 +1121,45 @@
if( strlen( input_Npub ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &pub.N, radix_Npub, input_Npub ) == 0 );
}
if( strlen( input_Epub ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &pub.E, radix_Epub, input_Epub ) == 0 );
}
if( strlen( input_P ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.P, radix_P, input_P ) == 0 );
}
if( strlen( input_Q ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.Q, radix_Q, input_Q ) == 0 );
}
if( strlen( input_N ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.N, radix_N, input_N ) == 0 );
}
if( strlen( input_E ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.E, radix_E, input_E ) == 0 );
}
if( strlen( input_D ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.D, radix_D, input_D ) == 0 );
}
#if !defined(MBEDTLS_RSA_NO_CRT)
if( strlen( input_DP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.DP, radix_DP, input_DP ) == 0 );
}
if( strlen( input_DQ ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.DQ, radix_DQ, input_DQ ) == 0 );
}
if( strlen( input_QP ) )
{
- TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &prv.QP, radix_QP, input_QP ) == 0 );
}
#else
((void) radix_DP); ((void) input_DP);
@@ -1216,11 +1220,11 @@
mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E );
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Qp, radix_P, output_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Pp, radix_Q, output_Q ) == 0 );
if( corrupt )
TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 );
@@ -1257,10 +1261,10 @@
mbedtls_mpi_init( &E );
mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp );
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
- TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Dp, radix_D, output_D ) == 0 );
if( corrupt )
{
@@ -1343,19 +1347,19 @@
(const unsigned char *) pers, strlen( pers ) ) == 0 );
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
if( !successive )
{
@@ -1487,19 +1491,19 @@
/* Setup RSA context */
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_import( &ctx,
strlen( input_N ) ? &N : NULL,
@@ -1607,19 +1611,19 @@
strlen( pers ) ) == 0 );
if( have_N )
- TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &N, radix_N, input_N ) == 0 );
if( have_P )
- TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &P, radix_P, input_P ) == 0 );
if( have_Q )
- TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &Q, radix_Q, input_Q ) == 0 );
if( have_D )
- TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &D, radix_D, input_D ) == 0 );
if( have_E )
- TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_rsa_validate_params( have_N ? &N : NULL,
have_P ? &P : NULL,
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 6e653ff..e9501e4 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10503,7 +10503,7 @@
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
# Vector from RFC 8448
-ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
+ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
# Vector from RFC 8448
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index b1ebf5b..3eeea44 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2662,7 +2662,7 @@
void ssl_message_mock_uninitialized( )
{
enum { MSGLEN = 10 };
- unsigned char message[MSGLEN], received[MSGLEN];
+ unsigned char message[MSGLEN] = {0}, received[MSGLEN];
mbedtls_mock_socket client, server;
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index e4da3d4..9d4ae17 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.26.0"
+check_compiletime_version:"2.27.0"
Check runtime library version
-check_runtime_version:"2.26.0"
+check_runtime_version:"2.27.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 59ea17b..ce475e6 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -246,7 +246,7 @@
(void) rsa_alt;
#endif
- TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
+ TEST_ASSERT( mbedtls_test_read_mpi( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
mbedtls_x509write_crt_set_version( &crt, ver );
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 5277193..cd68bb0 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -222,11 +222,13 @@
<ClInclude Include="..\..\include\mbedtls\x509_csr.h" />
<ClInclude Include="..\..\include\mbedtls\xtea.h" />
<ClInclude Include="..\..\include\psa\crypto.h" />
- <ClInclude Include="..\..\include\psa\crypto_builtin.h" />
+ <ClInclude Include="..\..\include\psa\crypto_builtin_composites.h" />
+ <ClInclude Include="..\..\include\psa\crypto_builtin_primitives.h" />
<ClInclude Include="..\..\include\psa\crypto_compat.h" />
<ClInclude Include="..\..\include\psa\crypto_config.h" />
<ClInclude Include="..\..\include\psa\crypto_driver_common.h" />
- <ClInclude Include="..\..\include\psa\crypto_driver_contexts.h" />
+ <ClInclude Include="..\..\include\psa\crypto_driver_contexts_composites.h" />
+ <ClInclude Include="..\..\include\psa\crypto_driver_contexts_primitives.h" />
<ClInclude Include="..\..\include\psa\crypto_extra.h" />
<ClInclude Include="..\..\include\psa\crypto_platform.h" />
<ClInclude Include="..\..\include\psa\crypto_se_driver.h" />
@@ -245,7 +247,9 @@
<ClInclude Include="..\..\tests\include\test\random.h" />
<ClInclude Include="..\..\tests\include\test\drivers\aead.h" />
<ClInclude Include="..\..\tests\include\test\drivers\cipher.h" />
+ <ClInclude Include="..\..\tests\include\test\drivers\hash.h" />
<ClInclude Include="..\..\tests\include\test\drivers\key_management.h" />
+ <ClInclude Include="..\..\tests\include\test\drivers\mac.h" />
<ClInclude Include="..\..\tests\include\test\drivers\signature.h" />
<ClInclude Include="..\..\tests\include\test\drivers\size.h" />
<ClInclude Include="..\..\tests\include\test\drivers\test_driver.h" />
@@ -264,10 +268,10 @@
<ClInclude Include="..\..\library\psa_crypto_hash.h" />
<ClInclude Include="..\..\library\psa_crypto_invasive.h" />
<ClInclude Include="..\..\library\psa_crypto_its.h" />
+ <ClInclude Include="..\..\library\psa_crypto_mac.h" />
<ClInclude Include="..\..\library\psa_crypto_random_impl.h" />
<ClInclude Include="..\..\library\psa_crypto_rsa.h" />
<ClInclude Include="..\..\library\psa_crypto_se.h" />
- <ClInclude Include="..\..\library\psa_crypto_service_integration.h" />
<ClInclude Include="..\..\library\psa_crypto_slot_management.h" />
<ClInclude Include="..\..\library\psa_crypto_storage.h" />
<ClInclude Include="..\..\library\ssl_invasive.h" />
@@ -340,6 +344,7 @@
<ClCompile Include="..\..\library\psa_crypto_driver_wrappers.c" />
<ClCompile Include="..\..\library\psa_crypto_ecp.c" />
<ClCompile Include="..\..\library\psa_crypto_hash.c" />
+ <ClCompile Include="..\..\library\psa_crypto_mac.c" />
<ClCompile Include="..\..\library\psa_crypto_rsa.c" />
<ClCompile Include="..\..\library\psa_crypto_se.c" />
<ClCompile Include="..\..\library\psa_crypto_slot_management.c" />
@@ -379,10 +384,12 @@
<ClCompile Include="..\..\tests\src\psa_exercise_key.c" />
<ClCompile Include="..\..\tests\src\random.c" />
<ClCompile Include="..\..\tests\src\threading_helpers.c" />
+ <ClCompile Include="..\..\tests\src\drivers\hash.c" />
<ClCompile Include="..\..\tests\src\drivers\platform_builtin_keys.c" />
<ClCompile Include="..\..\tests\src\drivers\test_driver_aead.c" />
<ClCompile Include="..\..\tests\src\drivers\test_driver_cipher.c" />
<ClCompile Include="..\..\tests\src\drivers\test_driver_key_management.c" />
+ <ClCompile Include="..\..\tests\src\drivers\test_driver_mac.c" />
<ClCompile Include="..\..\tests\src\drivers\test_driver_signature.c" />
<ClCompile Include="..\..\tests\src\drivers\test_driver_size.c" />
<ClCompile Include="..\..\3rdparty\everest\library\everest.c" />