Merge pull request #7451 from yanrayw/7376_aes_128bit_only
Introduce config option of 128-bit key only in AES calculation
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 50a4901..a07e8ab 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -4,7 +4,9 @@
-## Gatekeeper checklist
+## PR checklist
+
+Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
- [ ] **changelog** provided, or not required
- [ ] **backport** done, or not required
@@ -16,4 +18,3 @@
Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the
checklist for PR contributors.
-
diff --git a/.gitignore b/.gitignore
index 8824ece..e483bc7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,6 +28,9 @@
.project
/.settings
+# Unix-like build artifacts:
+*.o
+
# MSVC build artifacts:
*.exe
*.pdb
@@ -57,3 +60,6 @@
/TAGS
/cscope*.out
/tags
+
+# Clangd compilation database
+compile_commands.json
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
index cef07bf..72f126f 100644
--- a/.readthedocs.yaml
+++ b/.readthedocs.yaml
@@ -12,8 +12,14 @@
python: "3.9"
jobs:
pre_build:
- - make apidoc
- - breathe-apidoc -o docs/api apidoc/xml
+ - ./scripts/apidoc_full.sh
+ - breathe-apidoc -o docs/api apidoc/xml
+ post_build:
+ - |
+ # Work around Readthedocs bug: Command parsing fails if the 'if' statement is on the first line
+ if [ "$READTHEDOCS_VERSION" = "development" ]; then
+ "$READTHEDOCS_VIRTUALENV_PATH/bin/rtd" projects "Mbed TLS API" redirects sync --wet-run -f docs/redirects.yaml
+ fi
# Build documentation in the docs/ directory with Sphinx
sphinx:
diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt
index e81ff51..67db68d 100644
--- a/3rdparty/CMakeLists.txt
+++ b/3rdparty/CMakeLists.txt
@@ -1,5 +1,10 @@
-execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result)
+execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result)
-if(${result} EQUAL 0)
+if(${everest_result} EQUAL 0)
add_subdirectory(everest)
endif()
+
+if(${p256m_result} EQUAL 0)
+ add_subdirectory(p256-m)
+endif()
diff --git a/3rdparty/Makefile.inc b/3rdparty/Makefile.inc
index 0ed85af..80dc126 100644
--- a/3rdparty/Makefile.inc
+++ b/3rdparty/Makefile.inc
@@ -1,2 +1,3 @@
-THIRDPARTY_DIR = $(dir $(lastword $(MAKEFILE_LIST)))
+THIRDPARTY_DIR = $(dir $(word 2, $(MAKEFILE_LIST)))
include $(THIRDPARTY_DIR)/everest/Makefile.inc
+include $(THIRDPARTY_DIR)/p256-m/Makefile.inc
diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore
index 6eb25f6..f3c7a7c 100644
--- a/3rdparty/everest/.gitignore
+++ b/3rdparty/everest/.gitignore
@@ -1,2 +1 @@
-*.o
Makefile
diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt
new file mode 100644
index 0000000..0001dd2
--- /dev/null
+++ b/3rdparty/p256-m/CMakeLists.txt
@@ -0,0 +1,25 @@
+add_library(p256m
+ p256-m_driver_entrypoints.c
+ p256-m/p256-m.c)
+
+target_include_directories(p256m
+ PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
+ $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<INSTALL_INTERFACE:include>
+ PRIVATE ${MBEDTLS_DIR}/library/)
+
+if(INSTALL_MBEDTLS_HEADERS)
+
+ install(DIRECTORY :${CMAKE_CURRENT_SOURCE_DIR}
+ DESTINATION include
+ FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ
+ DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE
+ FILES_MATCHING PATTERN "*.h")
+
+endif(INSTALL_MBEDTLS_HEADERS)
+
+install(TARGETS p256m
+EXPORT MbedTLSTargets
+DESTINATION ${CMAKE_INSTALL_LIBDIR}
+PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/3rdparty/p256-m/Makefile.inc b/3rdparty/p256-m/Makefile.inc
new file mode 100644
index 0000000..fc8f73b
--- /dev/null
+++ b/3rdparty/p256-m/Makefile.inc
@@ -0,0 +1,5 @@
+THIRDPARTY_INCLUDES+=-I../3rdparty/p256-m/p256-m/include -I../3rdparty/p256-m/p256-m/include/p256-m -I../3rdparty/p256-m/p256-m_driver_interface
+
+THIRDPARTY_CRYPTO_OBJECTS+= \
+ ../3rdparty/p256-m//p256-m_driver_entrypoints.o \
+ ../3rdparty/p256-m//p256-m/p256-m.o
diff --git a/3rdparty/p256-m/README.md b/3rdparty/p256-m/README.md
new file mode 100644
index 0000000..89648d4
--- /dev/null
+++ b/3rdparty/p256-m/README.md
@@ -0,0 +1,4 @@
+The files within the `p256-m/` subdirectory originate from the [p256-m GitHub repository](https://github.com/mpg/p256-m), which is distributed under the Apache 2.0 license. They are authored by Manuel Pégourié-Gonnard. p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256, especially suited to constrained 32-bit environments. Mbed TLS documentation for integrating drivers uses p256-m as an example of a software accelerator, and describes how it can be integrated alongside Mbed TLS. It should be noted that p256-m files in the Mbed TLS repo will not be updated regularly, so they may not have fixes and improvements present in the upstream project.
+
+The files `p256-m.c` and `.h`, along with the license, have been taken from the `p256-m` repository.
+It should be noted that p256-m deliberately does not supply its own cryptographically secure RNG function. As a result, the PSA RNG is used, with `p256_generate_random()` wrapping `psa_generate_random()`.
diff --git a/3rdparty/p256-m/p256-m/LICENSE b/3rdparty/p256-m/p256-m/LICENSE
new file mode 100644
index 0000000..d645695
--- /dev/null
+++ b/3rdparty/p256-m/p256-m/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright [yyyy] [name of copyright owner]
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/3rdparty/p256-m/p256-m/README.md b/3rdparty/p256-m/p256-m/README.md
new file mode 100644
index 0000000..5e88f71
--- /dev/null
+++ b/3rdparty/p256-m/p256-m/README.md
@@ -0,0 +1,544 @@
+*This is the original README for the p256-m repository. Please note that as
+only a subset of p256-m's files are present in Mbed TLS, this README may refer
+to files that are not present/relevant here.*
+
+p256-m is a minimalistic implementation of ECDH and ECDSA on NIST P-256,
+especially suited to constrained 32-bit environments. It's written in standard
+C, with optional bits of assembly for Arm Cortex-M and Cortex-A CPUs.
+
+Its design is guided by the following goals in this order:
+
+1. correctness & security;
+2. low code size & RAM usage;
+3. runtime performance.
+
+Most cryptographic implementations care more about speed than footprint, and
+some might even risk weakening security for more speed. p256-m was written
+because I wanted to see what happened when reversing the usual emphasis.
+
+The result is a full implementation of ECDH and ECDSA in **less than 3KiB of
+code**, using **less than 768 bytes of RAM**, with comparable performance
+to existing implementations (see below) - in less than 700 LOC.
+
+_Contents of this Readme:_
+
+- [Correctness](#correctness)
+- [Security](#security)
+- [Code size](#code-size)
+- [RAM usage](#ram-usage)
+- [Runtime performance](#runtime-performance)
+- [Comparison with other implementations](#comparison-with-other-implementations)
+- [Design overview](#design-overview)
+- [Notes about other curves](#notes-about-other-curves)
+- [Notes about other platforms](#notes-about-other-platforms)
+
+## Correctness
+
+**API design:**
+
+- The API is minimal: only 4 public functions.
+- Each public function fully validates its inputs and returns specific errors.
+- The API uses arrays of octets for all input and output.
+
+**Testing:**
+
+- p256-m is validated against multiple test vectors from various RFCs and
+ NIST.
+- In addition, crafted inputs are used for negative testing and to reach
+ corner cases.
+- Two test suites are provided: one for closed-box testing (using only the
+ public API), one for open-box testing (for unit-testing internal functions,
+and reaching more error cases by exploiting knowledge of how the RNG is used).
+- The resulting branch coverage is maximal: closed-box testing reaches all
+ branches except four; three of them are reached by open-box testing using a
+rigged RNG; the last branch could only be reached by computing a discrete log
+on P-256... See `coverage.sh`.
+- Testing also uses dynamic analysis: valgrind, ASan, MemSan, UBSan.
+
+**Code quality:**
+
+- The code is standard C99; it builds without warnings with `clang
+ -Weverything` and `gcc -Wall -Wextra -pedantic`.
+- The code is small and well documented, including internal APIs: with the
+ header file, it's less than 700 lines of code, and more lines of comments
+than of code.
+- However it _has not been reviewed_ independently so far, as this is a
+ personal project.
+
+**Short Weierstrass pitfalls:**
+
+Its has been [pointed out](https://safecurves.cr.yp.to/) that the NIST curves,
+and indeed all Short Weierstrass curves, have a number of pitfalls including
+risk for the implementation to:
+
+- "produce incorrect results for some rare curve points" - this is avoided by
+ carefully checking the validity domain of formulas used throughout the code;
+- "leak secret data when the input isn't a curve point" - this is avoided by
+ validating that points lie on the curve every time a point is deserialized.
+
+## Security
+
+In addition to the above correctness claims, p256-m has the following
+properties:
+
+- it has no branch depending (even indirectly) on secret data;
+- it has no memory access depending (even indirectly) on secret data.
+
+These properties are checked using valgrind and MemSan with the ideas
+behind [ctgrind](https://github.com/agl/ctgrind), see `consttime.sh`.
+
+In addition to avoiding branches and memory accesses depending on secret data,
+p256-m also avoid instructions (or library functions) whose execution time
+depends on the value of operands on cores of interest. Namely, it never uses
+integer division, and for multiplication by default it only uses 16x16->32 bit
+unsigned multiplication. On cores which have a constant-time 32x32->64 bit
+unsigned multiplication instruction, the symbol `MUL64_IS_CONSTANT_TIME` can
+be defined by the user at compile-time to take advantage of it in order to
+improve performance and code size. (On Cortex-M and Cortex-A cores wtih GCC or
+Clang this is not necessary, since inline assembly is used instead.)
+
+As a result, p256-m should be secure against the following classes of attackers:
+
+1. attackers who can only manipulate the input and observe the output;
+2. attackers who can also measure the total computation time of the operation;
+3. attackers who can also observe and manipulate micro-architectural features
+ such as the cache or branch predictor with arbitrary precision.
+
+However, p256-m makes no attempt to protect against:
+
+4. passive physical attackers who can record traces of physical emissions
+ (power, EM, sound) of the CPU while it manipulates secrets;
+5. active physical attackers who can also inject faults in the computation.
+
+(Note: p256-m should actually be secure against SPA, by virtue of being fully
+constant-flow, but is not expected to resist any other physical attack.)
+
+**Warning:** p256-m requires an externally-provided RNG function. If that
+function is not cryptographically secure, then neither is p256-m's key
+generation or ECDSA signature generation.
+
+_Note:_ p256-m also follows best practices such as securely erasing secret
+data on the stack before returning.
+
+## Code size
+
+Compiled with
+[ARM-GCC 9](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads),
+with `-mthumb -Os`, here are samples of code sizes reached on selected cores:
+
+- Cortex-M0: 2988 bytes
+- Cortex-M4: 2900 bytes
+- Cortex-A7: 2924 bytes
+
+Clang was also tried but tends to generate larger code (by about 10%). For
+details, see `sizes.sh`.
+
+**What's included:**
+
+- Full input validation and (de)serialisation of input/outputs to/from bytes.
+- Cleaning up secret values from the stack before returning from a function.
+- The code has no dependency on libc functions or the toolchain's runtime
+ library (such as helpers for long multiply); this can be checked for the
+Arm-GCC toolchain with the `deps.sh` script.
+
+**What's excluded:**
+
+- A secure RNG function needs to be provided externally, see
+ `p256_generate_random()` in `p256-m.h`.
+
+## RAM usage
+
+p256-m doesn't use any dynamic memory (on the heap), only the stack. Here's
+how much stack is used by each of its 4 public functions on selected cores:
+
+| Function | Cortex-M0 | Cortex-M4 | Cortex-A7 |
+| ------------------------- | --------: | --------: | --------: |
+| `p256_gen_keypair` | 608 | 564 | 564 |
+| `p256_ecdh_shared_secret` | 640 | 596 | 596 |
+| `p256_ecdsa_sign` | 664 | 604 | 604 |
+| `p256_ecdsa_verify` | 752 | 700 | 700 |
+
+For details, see `stack.sh`, `wcs.py` and `libc.msu` (the above figures assume
+that the externally-provided RNG function uses at most 384 bytes of stack).
+
+## Runtime performance
+
+Here are the timings of each public function in milliseconds measured on
+platforms based on a selection of cores:
+
+- Cortex-M0 at 48 MHz: STM32F091 board running Mbed OS 6
+- Cortex-M4 at 100 MHz: STM32F411 board running Mbed OS 6
+- Cortex-A7 at 900 MHz: Raspberry Pi 2B running Raspbian Buster
+
+| Function | Cortex-M0 | Cortex-M4 | Cortex-A7 |
+| ------------------------- | --------: | --------: | --------: |
+| `p256_gen_keypair` | 921 | 145 | 11 |
+| `p256_ecdh_shared_secret` | 922 | 144 | 11 |
+| `p256_ecdsa_sign` | 990 | 155 | 12 |
+| `p256_ecdsa_verify` | 1976 | 309 | 24 |
+| Sum of the above | 4809 | 753 | 59 |
+
+The sum of these operations corresponds to a TLS handshake using ECDHE-ECDSA
+with mutual authentication based on raw public keys or directly-trusted
+certificates (otherwise, add one 'verify' for each link in the peer's
+certificate chain).
+
+_Note_: the above figures where obtained by compiling with GCC, which is able
+to use inline assembly. Without that inline assembly (22 lines for Cortex-M0,
+1 line for Cortex-M4), the code would be roughly 2 times slower on those
+platforms. (The effect is much less important on the Cortex-A7 core.)
+
+For details, see `bench.sh`, `benchmark.c` and `on-target-benchmark/`.
+
+## Comparison with other implementations
+
+The most relevant/convenient implementation for comparisons is
+[TinyCrypt](https://github.com/intel/tinycrypt), as it's also a standalone
+implementation of ECDH and ECDSA on P-256 only, that also targets constrained
+devices. Other implementations tend to implement many curves and build on a
+shared bignum/MPI module (possibly also supporting RSA), which makes fair
+comparisons less convenient.
+
+The scripts used for TinyCrypt measurements are available in [this
+branch](https://github.com/mpg/tinycrypt/tree/measurements), based on version
+0.2.8.
+
+**Code size**
+
+| Core | p256-m | TinyCrypt |
+| --------- | -----: | --------: |
+| Cortex-M0 | 2988 | 6134 |
+| Cortex-M4 | 2900 | 5934 |
+| Cortex-A7 | 2924 | 5934 |
+
+**RAM usage**
+
+TinyCrypto also uses no heap, only the stack. Here's the RAM used by each
+operation on a Cortex-M0 core:
+
+| operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| key generation | 608 | 824 |
+| ECDH shared secret | 640 | 728 |
+| ECDSA sign | 664 | 880 |
+| ECDSA verify | 752 | 824 |
+
+On a Cortex-M4 or Cortex-A7 core (identical numbers):
+
+| operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| key generation | 564 | 796 |
+| ECDH shared secret | 596 | 700 |
+| ECDSA sign | 604 | 844 |
+| ECDSA verify | 700 | 808 |
+
+**Runtime performance**
+
+Here are the timings of each operation in milliseconds measured on
+platforms based on a selection of cores:
+
+_Cortex-M0_ at 48 MHz: STM32F091 board running Mbed OS 6
+
+| Operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| Key generation | 921 | 979 |
+| ECDH shared secret | 922 | 975 |
+| ECDSA sign | 990 | 1009 |
+| ECDSA verify | 1976 | 1130 |
+| Sum of those 4 | 4809 | 4093 |
+
+_Cortex-M4_ at 100 MHz: STM32F411 board running Mbed OS 6
+
+| Operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| Key generation | 145 | 178 |
+| ECDH shared secret | 144 | 177 |
+| ECDSA sign | 155 | 188 |
+| ECDSA verify | 309 | 210 |
+| Sum of those 4 | 753 | 753 |
+
+_Cortex-A7_ at 900 MHz: Raspberry Pi 2B running Raspbian Buster
+
+| Operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| Key generation | 11 | 13 |
+| ECDH shared secret | 11 | 13 |
+| ECDSA sign | 12 | 14 |
+| ECDSA verify | 24 | 15 |
+| Sum of those 4 | 59 | 55 |
+
+_64-bit Intel_ (i7-6500U at 2.50GHz) laptop running Ubuntu 20.04
+
+Note: results in microseconds (previous benchmarks in milliseconds)
+
+| Operation | p256-m | TinyCrypt |
+| ------------------ | -----: | --------: |
+| Key generation | 1060 | 1627 |
+| ECDH shared secret | 1060 | 1611 |
+| ECDSA sign | 1136 | 1712 |
+| ECDSA verify | 2279 | 1888 |
+| Sum of those 4 | 5535 | 6838 |
+
+**Other differences**
+
+- While p256-m fully validates all inputs, Tinycrypt's ECDH shared secret
+ function doesn't include validation of the peer's public key, which should be
+done separately by the user for static ECDH (there are attacks [when users
+forget](https://link.springer.com/chapter/10.1007/978-3-319-24174-6_21)).
+- The two implementations have slightly different security characteristics:
+ p256-m is fully constant-time from the ground up so should be more robust
+than TinyCrypt against powerful local attackers (such as an untrusted OS
+attacking a secure enclave); on the other hand TinyCrypt includes coordinate
+randomisation which protects against some passive physical attacks (such as
+DPA, see Table 3, column C9 of [this
+paper](https://www.esat.kuleuven.be/cosic/publications/article-2293.pdf#page=12)),
+which p256-m completely ignores.
+- TinyCrypt's code looks like it could easily be expanded to support other
+ curves, while p256-m has much more hard-coded to minimize code size (see
+"Notes about other curves" below).
+- TinyCrypt uses a specialised routine for reduction modulo the curve prime,
+ exploiting its structure as a Solinas prime, which should be faster than the
+generic Montgomery reduction used by p256-m, but other factors appear to
+compensate for that.
+- TinyCrypt uses Co-Z Jacobian formulas for point operation, which should be
+ faster (though a bit larger) than the mixed affine-Jacobian formulas
+used by p256-m, but again other factors appear to compensate for that.
+- p256-m uses bits of inline assembly for 64-bit multiplication on the
+ platforms used for benchmarking, while TinyCrypt uses only C (and the
+compiler's runtime library).
+- TinyCrypt uses a specialised routine based on Shamir's trick for
+ ECDSA verification, which gives much better performance than the generic
+code that p256-m uses in order to minimize code size.
+
+## Design overview
+
+The implementation is contained in a single file to keep most functions static
+and allow for more optimisations. It is organized in multiple layers:
+
+- Fixed-width multi-precision arithmetic
+- Fixed-width modular arithmetic
+- Operations on curve points
+- Operations with scalars
+- The public API
+
+**Multi-precision arithmetic.**
+
+Large integers are represented as arrays of `uint32_t` limbs. When carries may
+occur, casts to `uint64_t` are used to nudge the compiler towards using the
+CPU's carry flag. When overflow may occur, functions return a carry flag.
+
+This layer contains optional assembly for Cortex-M and Cortex-A cores, for the
+internal `u32_muladd64()` function, as well as two pure C versions of this
+function, depending on whether `MUL64_IS_CONSTANT_TIME`.
+
+This layer's API consists of:
+
+- addition, subtraction;
+- multiply-and-add, shift by one limb (for Montgomery multiplication);
+- conditional assignment, assignment of a small value;
+- comparison of two values for equality, comparison to 0 for equality;
+- (de)serialization as big-endian arrays of bytes.
+
+**Modular arithmetic.**
+
+All modular operations are done in the Montgomery domain, that is x is
+represented by `x * 2^256 mod m`; integers need to be converted to that domain
+before computations, and back from it afterwards. Montgomery constants
+associated to the curve's p and n are pre-computed and stored in static
+structures.
+
+Modular inversion is computed using Fermat's little theorem to get
+constant-time behaviour with respect to the value being inverted.
+
+This layer's API consists of:
+
+- the curve's constants p and n (and associated Montgomery constants);
+- modular addition, subtraction, multiplication, and inversion;
+- assignment of a small value;
+- conversion to/from Montgomery domain;
+- (de)serialization to/from bytes with integrated range checking and
+ Montgomery domain conversion.
+
+**Operations on curve points.**
+
+Curve points are represented using either affine or Jacobian coordinates;
+affine coordinates are extended to represent 0 as (0,0). Individual
+coordinates are always in the Montgomery domain.
+
+Not all formulas associated with affine or Jacobian coordinates are complete;
+great care is taken to document and satisfy each function's pre-conditions.
+
+This layer's API consists of:
+
+- curve constants: b from the equation, the base point's coordinates;
+- point validity check (on the curve and not 0);
+- Jacobian to affine coordinate conversion;
+- point doubling in Jacobian coordinates (complete formulas);
+- point addition in mixed affine-Jacobian coordinates (P not in {0, Q, -Q});
+- point addition-or-doubling in affine coordinates (leaky version, only used
+ for ECDSA verify where all data is public);
+- (de)serialization to/from bytes with integrated validity checking
+
+**Scalar operations.**
+
+The crucial function here is scalar multiplication. It uses a signed binary
+ladder, which is a variant of the good old double-and-add algorithm where an
+addition/subtraction is performed at each step. Again, care is taken to make
+sure the pre-conditions for the addition formulas are always satisfied. The
+signed binary ladder only works if the scalar is odd; this is ensured by
+negating both the scalar (mod n) and the input point if necessary.
+
+This layer's API consists of:
+
+- scalar multiplication
+- de-serialization from bytes with integrated range checking
+- generation of a scalar and its associated public key
+
+**Public API.**
+
+This layer builds on the others, but unlike them, all inputs and outputs are
+byte arrays. Key generation and ECDH shared secret computation are thin
+wrappers around internal functions, just taking care of format conversions and
+errors. The ECDSA functions have more non-trivial logic.
+
+This layer's API consists of:
+
+- key-pair generation
+- ECDH shared secret computation
+- ECDSA signature creation
+- ECDSA signature verification
+
+**Testing.**
+
+A self-contained, straightforward, pure-Python implementation was first
+produced as a warm-up and to help check intermediate values. Test vectors from
+various sources are embedded and used to validate the implementation.
+
+This implementation, `p256.py`, is used by a second Python script,
+`gen-test-data.py`, to generate additional data for both positive and negative
+testing, available from a C header file, that is then used by the closed-box
+and open-box test programs.
+
+p256-m can be compiled with extra instrumentation to mark secret data and
+allow either valgrind or MemSan to check that no branch or memory access
+depends on it (even indirectly). Macros are defined for this purpose near the
+top of the file.
+
+**Tested platforms.**
+
+There are 4 versions of the internal function `u32_muladd64`: two assembly
+versions, for Cortex-M/A cores with or without the DSP extension, and two
+pure-C versions, depending on whether `MUL64_IS_CONSTANT_TIME`.
+
+Tests are run on the following platforms:
+
+- `make` on x64 tests the pure-C version without `MUL64_IS_CONSTANT_TIME`
+ (with Clang).
+- `./consttime.sh` on x64 tests both pure-C versions (with Clang).
+- `make` on Arm v7-A (Raspberry Pi 2) tests the Arm-DSP assembly version (with
+ Clang).
+- `on-target-*box` on boards based on Cortex-M0 and M4 cores test both
+ assembly versions (with GCC).
+
+In addition:
+
+- `sizes.sh` builds the code for three Arm cores with GCC and Clang.
+- `deps.sh` checks for external dependencies with GCC.
+
+## Notes about other curves
+
+It should be clear that minimal code size can only be reached by specializing
+the implementation to the curve at hand. Here's a list of things in the
+implementation that are specific to the NIST P-256 curve, and how the
+implementation could be changed to expand to other curves, layer by layer (see
+"Design Overview" above).
+
+**Fixed-width multi-precision arithmetic:**
+
+- The number of limbs is hard-coded to 8. For other 256-bit curves, nothing to
+ change. For a curve of another size, hard-code to another value. For multiple
+curves of various sizes, add a parameter to each function specifying the
+number of limbs; when declaring arrays, always use the maximum number of
+limbs.
+
+**Fixed-width modular arithmetic:**
+
+- The values of the curve's constant p and n, and their associated Montgomery
+ constants, are hard-coded. For another curve, just hard-code the new constants.
+For multiple other curves, define all the constants, and from this layer's API
+only keep the functions that already accept a `mod` parameter (that is, remove
+convenience functions `m256_xxx_p()`).
+- The number of limbs is again hard-coded to 8. See above, but it order to
+ support multiple sizes there is no need to add a new parameter to functions
+in this layer: the existing `mod` parameter can include the number of limbs as
+well.
+
+**Operations on curve points:**
+
+- The values of the curve's constants b (constant term from the equation) and
+ gx, gy (coordinates of the base point) are hard-coded. For another curve,
+ hard-code the other values. For multiple curves, define each curve's value and
+add a "curve id" parameter to all functions in this layer.
+- The value of the curve's constant a is implicitly hard-coded to `-3` by using
+ a standard optimisation to save one multiplication in the first step of
+`point_double()`. For curves that don't have a == -3, replace that with the
+normal computation.
+- The fact that b != 0 in the curve equation is used indirectly, to ensure
+ that (0, 0) is not a point on the curve and re-use that value to represent
+the point 0. As far as I know, all Short Weierstrass curves standardized so
+far have b != 0.
+- The shape of the curve is assumed to be Short Weierstrass. For other curve
+ shapes (Montgomery, (twisted) Edwards), this layer would probably look very
+different (both implementation and API).
+
+**Scalar operations:**
+
+- If multiple curves are to be supported, all function in this layer need to
+ gain a new "curve id" parameter.
+- This layer assumes that the bit size of the curve's order n is the same as
+ that of the modulus p. This is true of most curves standardized so far, the
+only exception being secp224k1. If that curve were to be supported, the
+representation of `n` and scalars would need adapting to allow for an extra
+limb.
+- The bit size of the curve's order is hard-coded in `scalar_mult()`. For
+ multiple curves, this should be deduced from the "curve id" parameter.
+- The `scalar_mult()` function exploits the fact that the second least
+ significant bit of the curve's order n is set in order to avoid a special
+case. For curve orders that don't meet this criterion, we can just handle that
+special case (multiplication by +-2) separately (always compute that and
+conditionally assign it to the result).
+- The shape of the curve is again assumed to be Short Weierstrass. For other curve
+ shapes (Montgomery, (twisted) Edwards), this layer would probably have a
+very different implementation.
+
+**Public API:**
+
+- For multiple curves, all functions in this layer would need to gain a "curve
+ id" parameter and handle variable-sized input/output.
+- The shape of the curve is again assumed to be Short Weierstrass. For other curve
+ shapes (Montgomery, (twisted) Edwards), the ECDH API would probably look
+quite similar (with differences in the size of public keys), but the ECDSA API
+wouldn't apply and an EdDSA API would look pretty different.
+
+## Notes about other platforms
+
+While p256-m is standard C99, it is written with constrained 32-bit platforms
+in mind and makes a few assumptions about the platform:
+
+- The types `uint8_t`, `uint16_t`, `uint32_t` and `uint64_t` exist.
+- 32-bit unsigned addition and subtraction with carry are constant time.
+- 16x16->32-bit unsigned multiplication is available and constant time.
+
+Also, on platforms on which 64-bit addition and subtraction with carry, or
+even 64x64->128-bit multiplication, are available, p256-m makes no use of
+them, though they could significantly improve performance.
+
+This could be improved by replacing uses of arrays of `uint32_t` with a
+defined type throughout the internal APIs, and then on 64-bit platforms define
+that type to be an array of `uint64_t` instead, and making the obvious
+adaptations in the multi-precision arithmetic layer.
+
+Finally, the optional assembly code (which boosts performance by a factor 2 on
+tested Cortex-M CPUs, while slightly reducing code size and stack usage) is
+currently only available with compilers that support GCC's extended asm
+syntax (which includes GCC and Clang).
diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c
new file mode 100644
index 0000000..abb9ab4
--- /dev/null
+++ b/3rdparty/p256-m/p256-m/p256-m.c
@@ -0,0 +1,1470 @@
+/*
+ * Implementation of curve P-256 (ECDH and ECDSA)
+ *
+ * Author: Manuel Pégourié-Gonnard.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "p256-m.h"
+#include "psa/crypto.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+
+/*
+ * Zeroize memory - this should not be optimized away
+ */
+static void zeroize(void *d, size_t n)
+{
+ volatile char *p = d;
+ while( n-- )
+ *p++ = 0;
+}
+
+/*
+ * Helpers to test constant-time behaviour with valgrind or MemSan.
+ *
+ * CT_POISON() is used for secret data. It marks the memory area as
+ * uninitialised, so that any branch or pointer dereference that depends on it
+ * (even indirectly) triggers a warning.
+ * CT_UNPOISON() is used for public data; it marks the area as initialised.
+ *
+ * These are macros in order to avoid interfering with origin tracking.
+ */
+#if defined(CT_MEMSAN)
+
+#include <sanitizer/msan_interface.h>
+#define CT_POISON __msan_allocated_memory
+// void __msan_allocated_memory(const volatile void* data, size_t size);
+#define CT_UNPOISON __msan_unpoison
+// void __msan_unpoison(const volatile void *a, size_t size);
+
+#elif defined(CT_VALGRIND)
+
+#include <valgrind/memcheck.h>
+#define CT_POISON VALGRIND_MAKE_MEM_UNDEFINED
+// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr,_qzz_len)
+#define CT_UNPOISON VALGRIND_MAKE_MEM_DEFINED
+// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr,_qzz_len)
+
+#else
+#define CT_POISON(p, sz)
+#define CT_UNPOISON(p, sz)
+#endif
+
+/**********************************************************************
+ *
+ * Operations on fixed-width unsigned integers
+ *
+ * Represented using 32-bit limbs, least significant limb first.
+ * That is: x = x[0] + 2^32 x[1] + ... + 2^224 x[7] for 256-bit.
+ *
+ **********************************************************************/
+
+/*
+ * 256-bit set to 32-bit value
+ *
+ * in: x in [0, 2^32)
+ * out: z = x
+ */
+static void u256_set32(uint32_t z[8], uint32_t x)
+{
+ z[0] = x;
+ for (unsigned i = 1; i < 8; i++) {
+ z[i] = 0;
+ }
+}
+
+/*
+ * 256-bit addition
+ *
+ * in: x, y in [0, 2^256)
+ * out: z = (x + y) mod 2^256
+ * c = (x + y) div 2^256
+ * That is, z + c * 2^256 = x + y
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static uint32_t u256_add(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ uint32_t carry = 0;
+
+ for (unsigned i = 0; i < 8; i++) {
+ uint64_t sum = (uint64_t) carry + x[i] + y[i];
+ z[i] = (uint32_t) sum;
+ carry = (uint32_t) (sum >> 32);
+ }
+
+ return carry;
+}
+
+/*
+ * 256-bit subtraction
+ *
+ * in: x, y in [0, 2^256)
+ * out: z = (x - y) mod 2^256
+ * c = 0 if x >=y, 1 otherwise
+ * That is, z = c * 2^256 + x - y
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static uint32_t u256_sub(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ uint32_t carry = 0;
+
+ for (unsigned i = 0; i < 8; i++) {
+ uint64_t diff = (uint64_t) x[i] - y[i] - carry;
+ z[i] = (uint32_t) diff;
+ carry = -(uint32_t) (diff >> 32);
+ }
+
+ return carry;
+}
+
+/*
+ * 256-bit conditional assignment
+ *
+ * in: x in [0, 2^256)
+ * c in [0, 1]
+ * out: z = x if c == 1, z unchanged otherwise
+ *
+ * Note: as a memory area, z must be either equal to x, or not overlap.
+ */
+static void u256_cmov(uint32_t z[8], const uint32_t x[8], uint32_t c)
+{
+ const uint32_t x_mask = -c;
+ for (unsigned i = 0; i < 8; i++) {
+ z[i] = (z[i] & ~x_mask) | (x[i] & x_mask);
+ }
+}
+
+/*
+ * 256-bit compare for equality
+ *
+ * in: x in [0, 2^256)
+ * y in [0, 2^256)
+ * out: 0 if x == y, unspecified non-zero otherwise
+ */
+static uint32_t u256_diff(const uint32_t x[8], const uint32_t y[8])
+{
+ uint32_t diff = 0;
+ for (unsigned i = 0; i < 8; i++) {
+ diff |= x[i] ^ y[i];
+ }
+ return diff;
+}
+
+/*
+ * 256-bit compare to zero
+ *
+ * in: x in [0, 2^256)
+ * out: 0 if x == 0, unspecified non-zero otherwise
+ */
+static uint32_t u256_diff0(const uint32_t x[8])
+{
+ uint32_t diff = 0;
+ for (unsigned i = 0; i < 8; i++) {
+ diff |= x[i];
+ }
+ return diff;
+}
+
+/*
+ * 32 x 32 -> 64-bit multiply-and-accumulate
+ *
+ * in: x, y, z, t in [0, 2^32)
+ * out: x * y + z + t in [0, 2^64)
+ *
+ * Note: this computation cannot overflow.
+ *
+ * Note: this function has two pure-C implementations (depending on whether
+ * MUL64_IS_CONSTANT_TIME), and possibly optimised asm implementations.
+ * Start with the potential asm definitions, and use the C definition only if
+ * we no have no asm for the current toolchain & CPU.
+ */
+static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t);
+
+/* This macro is used to mark whether an asm implentation is found */
+#undef MULADD64_ASM
+/* This macro is used to mark whether the implementation has a small
+ * code size (ie, it can be inlined even in an unrolled loop) */
+#undef MULADD64_SMALL
+
+/*
+ * Currently assembly optimisations are only supported with GCC/Clang for
+ * Arm's Cortex-A and Cortex-M lines of CPUs, which start with the v6-M and
+ * v7-M architectures. __ARM_ARCH_PROFILE is not defined for v6 and earlier.
+ */
+#if defined(__GNUC__) &&\
+ defined(__ARM_ARCH) && __ARM_ARCH >= 6 && defined(__ARM_ARCH_PROFILE) && \
+ ( __ARM_ARCH_PROFILE == 77 || __ARM_ARCH_PROFILE == 65 ) /* 'M' or 'A' */
+
+/*
+ * This set of CPUs is conveniently partitioned as follows:
+ *
+ * 1. Cores that have the DSP extension, which includes a 1-cycle UMAAL
+ * instruction: M4, M7, M33, all A-class cores.
+ * 2. Cores that don't have the DSP extension, and also lack a constant-time
+ * 64-bit multiplication instruction:
+ * - M0, M0+, M23: 32-bit multiplication only;
+ * - M3: 64-bit multiplication is not constant-time.
+ */
+#if defined(__ARM_FEATURE_DSP)
+
+static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t)
+{
+ __asm__(
+ /* UMAAL <RdLo>, <RdHi>, <Rn>, <Rm> */
+ "umaal %[z], %[t], %[x], %[y]"
+ : [z] "+l" (z), [t] "+l" (t)
+ : [x] "l" (x), [y] "l" (y)
+ );
+ return ((uint64_t) t << 32) | z;
+}
+#define MULADD64_ASM
+#define MULADD64_SMALL
+
+#else /* __ARM_FEATURE_DSP */
+
+/*
+ * This implementation only uses 16x16->32 bit multiplication.
+ *
+ * It decomposes the multiplicands as:
+ * x = xh:xl = 2^16 * xh + xl
+ * y = yh:yl = 2^16 * yh + yl
+ * and computes their product as:
+ * x*y = xl*yl + 2**16 (xh*yl + yl*yh) + 2**32 xh*yh
+ * then adds z and t to the result.
+ */
+static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t)
+{
+ /* First compute x*y, using 3 temporary registers */
+ uint32_t tmp1, tmp2, tmp3;
+ __asm__(
+ ".syntax unified\n\t"
+ /* start by splitting the inputs into halves */
+ "lsrs %[u], %[x], #16\n\t"
+ "lsrs %[v], %[y], #16\n\t"
+ "uxth %[x], %[x]\n\t"
+ "uxth %[y], %[y]\n\t"
+ /* now we have %[x], %[y], %[u], %[v] = xl, yl, xh, yh */
+ /* let's compute the 4 products we can form with those */
+ "movs %[w], %[v]\n\t"
+ "muls %[w], %[u]\n\t"
+ "muls %[v], %[x]\n\t"
+ "muls %[x], %[y]\n\t"
+ "muls %[y], %[u]\n\t"
+ /* now we have %[x], %[y], %[v], %[w] = xl*yl, xh*yl, xl*yh, xh*yh */
+ /* let's split and add the first middle product */
+ "lsls %[u], %[y], #16\n\t"
+ "lsrs %[y], %[y], #16\n\t"
+ "adds %[x], %[u]\n\t"
+ "adcs %[y], %[w]\n\t"
+ /* let's finish with the second middle product */
+ "lsls %[u], %[v], #16\n\t"
+ "lsrs %[v], %[v], #16\n\t"
+ "adds %[x], %[u]\n\t"
+ "adcs %[y], %[v]\n\t"
+ : [x] "+l" (x), [y] "+l" (y),
+ [u] "=&l" (tmp1), [v] "=&l" (tmp2), [w] "=&l" (tmp3)
+ : /* no read-only inputs */
+ : "cc"
+ );
+ (void) tmp1;
+ (void) tmp2;
+ (void) tmp3;
+
+ /* Add z and t, using one temporary register */
+ __asm__(
+ ".syntax unified\n\t"
+ "movs %[u], #0\n\t"
+ "adds %[x], %[z]\n\t"
+ "adcs %[y], %[u]\n\t"
+ "adds %[x], %[t]\n\t"
+ "adcs %[y], %[u]\n\t"
+ : [x] "+l" (x), [y] "+l" (y), [u] "=&l" (tmp1)
+ : [z] "l" (z), [t] "l" (t)
+ : "cc"
+ );
+ (void) tmp1;
+
+ return ((uint64_t) y << 32) | x;
+}
+#define MULADD64_ASM
+
+#endif /* __ARM_FEATURE_DSP */
+
+#endif /* GCC/Clang with Cortex-M/A CPU */
+
+#if !defined(MULADD64_ASM)
+#if defined(MUL64_IS_CONSTANT_TIME)
+static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t)
+{
+ return (uint64_t) x * y + z + t;
+}
+#define MULADD64_SMALL
+#else
+static uint64_t u32_muladd64(uint32_t x, uint32_t y, uint32_t z, uint32_t t)
+{
+ /* x = xl + 2**16 xh, y = yl + 2**16 yh */
+ const uint16_t xl = (uint16_t) x;
+ const uint16_t yl = (uint16_t) y;
+ const uint16_t xh = x >> 16;
+ const uint16_t yh = y >> 16;
+
+ /* x*y = xl*yl + 2**16 (xh*yl + yl*yh) + 2**32 xh*yh
+ * = lo + 2**16 (m1 + m2 ) + 2**32 hi */
+ const uint32_t lo = (uint32_t) xl * yl;
+ const uint32_t m1 = (uint32_t) xh * yl;
+ const uint32_t m2 = (uint32_t) xl * yh;
+ const uint32_t hi = (uint32_t) xh * yh;
+
+ uint64_t acc = lo + ((uint64_t) (hi + (m1 >> 16) + (m2 >> 16)) << 32);
+ acc += m1 << 16;
+ acc += m2 << 16;
+ acc += z;
+ acc += t;
+
+ return acc;
+}
+#endif /* MUL64_IS_CONSTANT_TIME */
+#endif /* MULADD64_ASM */
+
+/*
+ * 288 + 32 x 256 -> 288-bit multiply and add
+ *
+ * in: x in [0, 2^32)
+ * y in [0, 2^256)
+ * z in [0, 2^288)
+ * out: z_out = z_in + x * y mod 2^288
+ * c = z_in + x * y div 2^288
+ * That is, z_out + c * 2^288 = z_in + x * y
+ *
+ * Note: as a memory area, z must be either equal to y, or not overlap.
+ *
+ * This is a helper for Montgomery multiplication.
+ */
+static uint32_t u288_muladd(uint32_t z[9], uint32_t x, const uint32_t y[8])
+{
+ uint32_t carry = 0;
+
+#define U288_MULADD_STEP(i) \
+ do { \
+ uint64_t prod = u32_muladd64(x, y[i], z[i], carry); \
+ z[i] = (uint32_t) prod; \
+ carry = (uint32_t) (prod >> 32); \
+ } while( 0 )
+
+#if defined(MULADD64_SMALL)
+ U288_MULADD_STEP(0);
+ U288_MULADD_STEP(1);
+ U288_MULADD_STEP(2);
+ U288_MULADD_STEP(3);
+ U288_MULADD_STEP(4);
+ U288_MULADD_STEP(5);
+ U288_MULADD_STEP(6);
+ U288_MULADD_STEP(7);
+#else
+ for (unsigned i = 0; i < 8; i++) {
+ U288_MULADD_STEP(i);
+ }
+#endif
+
+ uint64_t sum = (uint64_t) z[8] + carry;
+ z[8] = (uint32_t) sum;
+ carry = (uint32_t) (sum >> 32);
+
+ return carry;
+}
+
+/*
+ * 288-bit in-place right shift by 32 bits
+ *
+ * in: z in [0, 2^288)
+ * c in [0, 2^32)
+ * out: z_out = z_in div 2^32 + c * 2^256
+ * = (z_in + c * 2^288) div 2^32
+ *
+ * This is a helper for Montgomery multiplication.
+ */
+static void u288_rshift32(uint32_t z[9], uint32_t c)
+{
+ for (unsigned i = 0; i < 8; i++) {
+ z[i] = z[i + 1];
+ }
+ z[8] = c;
+}
+
+/*
+ * 256-bit import from big-endian bytes
+ *
+ * in: p = p0, ..., p31
+ * out: z = p0 * 2^248 + p1 * 2^240 + ... + p30 * 2^8 + p31
+ */
+static void u256_from_bytes(uint32_t z[8], const uint8_t p[32])
+{
+ for (unsigned i = 0; i < 8; i++) {
+ unsigned j = 4 * (7 - i);
+ z[i] = ((uint32_t) p[j + 0] << 24) |
+ ((uint32_t) p[j + 1] << 16) |
+ ((uint32_t) p[j + 2] << 8) |
+ ((uint32_t) p[j + 3] << 0);
+ }
+}
+
+/*
+ * 256-bit export to big-endian bytes
+ *
+ * in: z in [0, 2^256)
+ * out: p = p0, ..., p31 such that
+ * z = p0 * 2^248 + p1 * 2^240 + ... + p30 * 2^8 + p31
+ */
+static void u256_to_bytes(uint8_t p[32], const uint32_t z[8])
+{
+ for (unsigned i = 0; i < 8; i++) {
+ unsigned j = 4 * (7 - i);
+ p[j + 0] = (uint8_t) (z[i] >> 24);
+ p[j + 1] = (uint8_t) (z[i] >> 16);
+ p[j + 2] = (uint8_t) (z[i] >> 8);
+ p[j + 3] = (uint8_t) (z[i] >> 0);
+ }
+}
+
+/**********************************************************************
+ *
+ * Operations modulo a 256-bit prime m
+ *
+ * These are done in the Montgomery domain, that is x is represented by
+ * x * 2^256 mod m
+ * Numbers need to be converted to that domain before computations,
+ * and back from it afterwards.
+ *
+ * Inversion is computed using Fermat's little theorem.
+ *
+ * Assumptions on m:
+ * - Montgomery operations require that m is odd.
+ * - Fermat's little theorem require it to be a prime.
+ * - m256_inv() further requires that m % 2^32 >= 2.
+ * - m256_inv() also assumes that the value of m is not a secret.
+ *
+ * In practice operations are done modulo the curve's p and n,
+ * both of which satisfy those assumptions.
+ *
+ **********************************************************************/
+
+/*
+ * Data associated to a modulus for Montgomery operations.
+ *
+ * m in [0, 2^256) - the modulus itself, must be odd
+ * R2 = 2^512 mod m
+ * ni = -m^-1 mod 2^32
+ */
+typedef struct {
+ uint32_t m[8];
+ uint32_t R2[8];
+ uint32_t ni;
+}
+m256_mod;
+
+/*
+ * Data for Montgomery operations modulo the curve's p
+ */
+static const m256_mod p256_p = {
+ { /* the curve's p */
+ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+ 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF,
+ },
+ { /* 2^512 mod p */
+ 0x00000003, 0x00000000, 0xffffffff, 0xfffffffb,
+ 0xfffffffe, 0xffffffff, 0xfffffffd, 0x00000004,
+ },
+ 0x00000001, /* -p^-1 mod 2^32 */
+};
+
+/*
+ * Data for Montgomery operations modulo the curve's n
+ */
+static const m256_mod p256_n = {
+ { /* the curve's n */
+ 0xFC632551, 0xF3B9CAC2, 0xA7179E84, 0xBCE6FAAD,
+ 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0xFFFFFFFF,
+ },
+ { /* 2^512 mod n */
+ 0xbe79eea2, 0x83244c95, 0x49bd6fa6, 0x4699799c,
+ 0x2b6bec59, 0x2845b239, 0xf3d95620, 0x66e12d94,
+ },
+ 0xee00bc4f, /* -n^-1 mod 2^32 */
+};
+
+/*
+ * Modular addition
+ *
+ * in: x, y in [0, m)
+ * mod must point to a valid m256_mod structure
+ * out: z = (x + y) mod m, in [0, m)
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static void m256_add(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8],
+ const m256_mod *mod)
+{
+ uint32_t r[8];
+ uint32_t carry_add = u256_add(z, x, y);
+ uint32_t carry_sub = u256_sub(r, z, mod->m);
+ /* Need to subract m if:
+ * x+y >= 2^256 > m (that is, carry_add == 1)
+ * OR z >= m (that is, carry_sub == 0) */
+ uint32_t use_sub = carry_add | (1 - carry_sub);
+ u256_cmov(z, r, use_sub);
+}
+
+/*
+ * Modular addition mod p
+ *
+ * in: x, y in [0, p)
+ * out: z = (x + y) mod p, in [0, p)
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static void m256_add_p(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ m256_add(z, x, y, &p256_p);
+}
+
+/*
+ * Modular subtraction
+ *
+ * in: x, y in [0, m)
+ * mod must point to a valid m256_mod structure
+ * out: z = (x - y) mod m, in [0, m)
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static void m256_sub(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8],
+ const m256_mod *mod)
+{
+ uint32_t r[8];
+ uint32_t carry = u256_sub(z, x, y);
+ (void) u256_add(r, z, mod->m);
+ /* Need to add m if and only if x < y, that is carry == 1.
+ * In that case z is in [2^256 - m + 1, 2^256 - 1], so the
+ * addition will have a carry as well, which cancels out. */
+ u256_cmov(z, r, carry);
+}
+
+/*
+ * Modular subtraction mod p
+ *
+ * in: x, y in [0, p)
+ * out: z = (x + y) mod p, in [0, p)
+ *
+ * Note: as a memory area, z must be either equal to x or y, or not overlap.
+ */
+static void m256_sub_p(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ m256_sub(z, x, y, &p256_p);
+}
+
+/*
+ * Montgomery modular multiplication
+ *
+ * in: x, y in [0, m)
+ * mod must point to a valid m256_mod structure
+ * out: z = (x * y) / 2^256 mod m, in [0, m)
+ *
+ * Note: as a memory area, z may overlap with x or y.
+ */
+static void m256_mul(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8],
+ const m256_mod *mod)
+{
+ /*
+ * Algorithm 14.36 in Handbook of Applied Cryptography with:
+ * b = 2^32, n = 8, R = 2^256
+ */
+ uint32_t m_prime = mod->ni;
+ uint32_t a[9];
+
+ for (unsigned i = 0; i < 9; i++) {
+ a[i] = 0;
+ }
+
+ for (unsigned i = 0; i < 8; i++) {
+ /* the "mod 2^32" is implicit from the type */
+ uint32_t u = (a[0] + x[i] * y[0]) * m_prime;
+
+ /* a = (a + x[i] * y + u * m) div b */
+ uint32_t c = u288_muladd(a, x[i], y);
+ c += u288_muladd(a, u, mod->m);
+ u288_rshift32(a, c);
+ }
+
+ /* a = a > m ? a - m : a */
+ uint32_t carry_add = a[8]; // 0 or 1 since a < 2m, see HAC Note 14.37
+ uint32_t carry_sub = u256_sub(z, a, mod->m);
+ uint32_t use_sub = carry_add | (1 - carry_sub); // see m256_add()
+ u256_cmov(z, a, 1 - use_sub);
+}
+
+/*
+ * Montgomery modular multiplication modulo p.
+ *
+ * in: x, y in [0, p)
+ * out: z = (x * y) / 2^256 mod p, in [0, p)
+ *
+ * Note: as a memory area, z may overlap with x or y.
+ */
+static void m256_mul_p(uint32_t z[8],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ m256_mul(z, x, y, &p256_p);
+}
+
+/*
+ * In-place conversion to Montgomery form
+ *
+ * in: z in [0, m)
+ * mod must point to a valid m256_mod structure
+ * out: z_out = z_in * 2^256 mod m, in [0, m)
+ */
+static void m256_prep(uint32_t z[8], const m256_mod *mod)
+{
+ m256_mul(z, z, mod->R2, mod);
+}
+
+/*
+ * In-place conversion from Montgomery form
+ *
+ * in: z in [0, m)
+ * mod must point to a valid m256_mod structure
+ * out: z_out = z_in / 2^256 mod m, in [0, m)
+ * That is, z_in was z_actual * 2^256 mod m, and z_out is z_actual
+ */
+static void m256_done(uint32_t z[8], const m256_mod *mod)
+{
+ uint32_t one[8];
+ u256_set32(one, 1);
+ m256_mul(z, z, one, mod);
+}
+
+/*
+ * Set to 32-bit value
+ *
+ * in: x in [0, 2^32)
+ * mod must point to a valid m256_mod structure
+ * out: z = x * 2^256 mod m, in [0, m)
+ * That is, z is set to the image of x in the Montgomery domain.
+ */
+static void m256_set32(uint32_t z[8], uint32_t x, const m256_mod *mod)
+{
+ u256_set32(z, x);
+ m256_prep(z, mod);
+}
+
+/*
+ * Modular inversion in Montgomery form
+ *
+ * in: x in [0, m)
+ * mod must point to a valid m256_mod structure
+ * such that mod->m % 2^32 >= 2, assumed to be public.
+ * out: z = x^-1 * 2^512 mod m if x != 0,
+ * z = 0 if x == 0
+ * That is, if x = x_actual * 2^256 mod m, then
+ * z = x_actual^-1 * 2^256 mod m
+ *
+ * Note: as a memory area, z may overlap with x.
+ */
+static void m256_inv(uint32_t z[8], const uint32_t x[8],
+ const m256_mod *mod)
+{
+ /*
+ * Use Fermat's little theorem to compute x^-1 as x^(m-2).
+ *
+ * Take advantage of the fact that both p's and n's least significant limb
+ * is at least 2 to perform the subtraction on the flight (no carry).
+ *
+ * Use plain right-to-left binary exponentiation;
+ * branches are OK as the exponent is not a secret.
+ */
+ uint32_t bitval[8];
+ u256_cmov(bitval, x, 1); /* copy x before writing to z */
+
+ m256_set32(z, 1, mod);
+
+ unsigned i = 0;
+ uint32_t limb = mod->m[i] - 2;
+ while (1) {
+ for (unsigned j = 0; j < 32; j++) {
+ if ((limb & 1) != 0) {
+ m256_mul(z, z, bitval, mod);
+ }
+ m256_mul(bitval, bitval, bitval, mod);
+ limb >>= 1;
+ }
+
+ if (i == 7)
+ break;
+
+ i++;
+ limb = mod->m[i];
+ }
+}
+
+/*
+ * Import modular integer from bytes to Montgomery domain
+ *
+ * in: p = p0, ..., p32
+ * mod must point to a valid m256_mod structure
+ * out: z = (p0 * 2^248 + ... + p31) * 2^256 mod m, in [0, m)
+ * return 0 if the number was already in [0, m), or -1.
+ * z may be incorrect and must be discared when -1 is returned.
+ */
+static int m256_from_bytes(uint32_t z[8],
+ const uint8_t p[32], const m256_mod *mod)
+{
+ u256_from_bytes(z, p);
+
+ uint32_t t[8];
+ uint32_t lt_m = u256_sub(t, z, mod->m);
+ if (lt_m != 1)
+ return -1;
+
+ m256_prep(z, mod);
+ return 0;
+}
+
+/*
+ * Export modular integer from Montgomery domain to bytes
+ *
+ * in: z in [0, 2^256)
+ * mod must point to a valid m256_mod structure
+ * out: p = p0, ..., p31 such that
+ * z = (p0 * 2^248 + ... + p31) * 2^256 mod m
+ */
+static void m256_to_bytes(uint8_t p[32],
+ const uint32_t z[8], const m256_mod *mod)
+{
+ uint32_t zi[8];
+ u256_cmov(zi, z, 1);
+ m256_done(zi, mod);
+
+ u256_to_bytes(p, zi);
+}
+
+/**********************************************************************
+ *
+ * Operations on curve points
+ *
+ * Points are represented in two coordinates system:
+ * - affine (x, y) - extended to represent 0 (see below)
+ * - jacobian (x:y:z)
+ * In either case, coordinates are integers modulo p256_p and
+ * are always represented in the Montgomery domain.
+ *
+ * For background on jacobian coordinates, see for example [GECC] 3.2.2:
+ * - conversions go (x, y) -> (x:y:1) and (x:y:z) -> (x/z^2, y/z^3)
+ * - the curve equation becomes y^2 = x^3 - 3 x z^4 + b z^6
+ * - 0 (aka the origin aka point at infinity) is (x:y:0) with y^2 = x^3.
+ * - point negation goes -(x:y:z) = (x:-y:z)
+ *
+ * Normally 0 (the point at infinity) can't be represented in affine
+ * coordinates. However we extend affine coordinates with the convention that
+ * (0, 0) (which is normally not a point on the curve) is interpreted as 0.
+ *
+ * References:
+ * - [GECC]: Guide to Elliptic Curve Cryptography; Hankerson, Menezes,
+ * Vanstone; Springer, 2004.
+ * - [CMO98]: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates;
+ * Cohen, Miyaji, Ono; Springer, ASIACRYPT 1998.
+ * https://link.springer.com/content/pdf/10.1007/3-540-49649-1_6.pdf
+ * - [RCB15]: Complete addition formulas for prime order elliptic curves;
+ * Renes, Costello, Batina; IACR e-print 2015-1060.
+ * https://eprint.iacr.org/2015/1060.pdf
+ *
+ **********************************************************************/
+
+/*
+ * The curve's b parameter in the Short Weierstrass equation
+ * y^2 = x^3 - 3*x + b
+ * Compared to the standard, this is converted to the Montgomery domain.
+ */
+static const uint32_t p256_b[8] = { /* b * 2^256 mod p */
+ 0x29c4bddf, 0xd89cdf62, 0x78843090, 0xacf005cd,
+ 0xf7212ed6, 0xe5a220ab, 0x04874834, 0xdc30061d,
+};
+
+/*
+ * The curve's conventional base point G.
+ * Compared to the standard, coordinates converted to the Montgomery domain.
+ */
+static const uint32_t p256_gx[8] = { /* G_x * 2^256 mod p */
+ 0x18a9143c, 0x79e730d4, 0x5fedb601, 0x75ba95fc,
+ 0x77622510, 0x79fb732b, 0xa53755c6, 0x18905f76,
+};
+static const uint32_t p256_gy[8] = { /* G_y * 2^256 mod p */
+ 0xce95560a, 0xddf25357, 0xba19e45c, 0x8b4ab8e4,
+ 0xdd21f325, 0xd2e88688, 0x25885d85, 0x8571ff18,
+};
+
+/*
+ * Point-on-curve check - do the coordinates satisfy the curve's equation?
+ *
+ * in: x, y in [0, p) (Montgomery domain)
+ * out: 0 if the point lies on the curve and is not 0,
+ * unspecified non-zero otherwise
+ */
+static uint32_t point_check(const uint32_t x[8], const uint32_t y[8])
+{
+ uint32_t lhs[8], rhs[8];
+
+ /* lhs = y^2 */
+ m256_mul_p(lhs, y, y);
+
+ /* rhs = x^3 - 3x + b */
+ m256_mul_p(rhs, x, x); /* x^2 */
+ m256_mul_p(rhs, rhs, x); /* x^3 */
+ for (unsigned i = 0; i < 3; i++)
+ m256_sub_p(rhs, rhs, x); /* x^3 - 3x */
+ m256_add_p(rhs, rhs, p256_b); /* x^3 - 3x + b */
+
+ return u256_diff(lhs, rhs);
+}
+
+/*
+ * In-place jacobian to affine coordinate conversion
+ *
+ * in: (x:y:z) must be on the curve (coordinates in Montegomery domain)
+ * out: x_out = x_in / z_in^2 (Montgomery domain)
+ * y_out = y_in / z_in^3 (Montgomery domain)
+ * z_out unspecified, must be disregarded
+ *
+ * Note: if z is 0 (that is, the input point is 0), x_out = y_out = 0.
+ */
+static void point_to_affine(uint32_t x[8], uint32_t y[8], uint32_t z[8])
+{
+ uint32_t t[8];
+
+ m256_inv(z, z, &p256_p); /* z = z^-1 */
+
+ m256_mul_p(t, z, z); /* t = z^-2 */
+ m256_mul_p(x, x, t); /* x = x * z^-2 */
+
+ m256_mul_p(t, t, z); /* t = z^-3 */
+ m256_mul_p(y, y, t); /* y = y * z^-3 */
+}
+
+/*
+ * In-place point doubling in jacobian coordinates (Montgomery domain)
+ *
+ * in: P_in = (x:y:z), must be on the curve
+ * out: (x:y:z) = P_out = 2 * P_in
+ */
+static void point_double(uint32_t x[8], uint32_t y[8], uint32_t z[8])
+{
+ /*
+ * This is formula 6 from [CMO98], cited as complete in [RCB15] (table 1).
+ * Notations as in the paper, except u added and t ommited (it's x3).
+ */
+ uint32_t m[8], s[8], u[8];
+
+ /* m = 3 * x^2 + a * z^4 = 3 * (x + z^2) * (x - z^2) */
+ m256_mul_p(s, z, z);
+ m256_add_p(m, x, s);
+ m256_sub_p(u, x, s);
+ m256_mul_p(s, m, u);
+ m256_add_p(m, s, s);
+ m256_add_p(m, m, s);
+
+ /* s = 4 * x * y^2 */
+ m256_mul_p(u, y, y);
+ m256_add_p(u, u, u); /* u = 2 * y^2 (used below) */
+ m256_mul_p(s, x, u);
+ m256_add_p(s, s, s);
+
+ /* u = 8 * y^4 (not named in the paper, first term of y3) */
+ m256_mul_p(u, u, u);
+ m256_add_p(u, u, u);
+
+ /* x3 = t = m^2 - 2 * s */
+ m256_mul_p(x, m, m);
+ m256_sub_p(x, x, s);
+ m256_sub_p(x, x, s);
+
+ /* z3 = 2 * y * z */
+ m256_mul_p(z, y, z);
+ m256_add_p(z, z, z);
+
+ /* y3 = -u + m * (s - t) */
+ m256_sub_p(y, s, x);
+ m256_mul_p(y, y, m);
+ m256_sub_p(y, y, u);
+}
+
+/*
+ * In-place point addition in jacobian-affine coordinates (Montgomery domain)
+ *
+ * in: P_in = (x1:y1:z1), must be on the curve and not 0
+ * Q = (x2, y2), must be on the curve and not P_in or -P_in or 0
+ * out: P_out = (x1:y1:z1) = P_in + Q
+ */
+static void point_add(uint32_t x1[8], uint32_t y1[8], uint32_t z1[8],
+ const uint32_t x2[8], const uint32_t y2[8])
+{
+ /*
+ * This is formula 5 from [CMO98], with z2 == 1 substituted. We use
+ * intermediates with neutral names, and names from the paper in comments.
+ */
+ uint32_t t1[8], t2[8], t3[8];
+
+ /* u1 = x1 and s1 = y1 (no computations) */
+
+ /* t1 = u2 = x2 z1^2 */
+ m256_mul_p(t1, z1, z1);
+ m256_mul_p(t2, t1, z1);
+ m256_mul_p(t1, t1, x2);
+
+ /* t2 = s2 = y2 z1^3 */
+ m256_mul_p(t2, t2, y2);
+
+ /* t1 = h = u2 - u1 */
+ m256_sub_p(t1, t1, x1); /* t1 = x2 * z1^2 - x1 */
+
+ /* t2 = r = s2 - s1 */
+ m256_sub_p(t2, t2, y1);
+
+ /* z3 = z1 * h */
+ m256_mul_p(z1, z1, t1);
+
+ /* t1 = h^3 */
+ m256_mul_p(t3, t1, t1);
+ m256_mul_p(t1, t3, t1);
+
+ /* t3 = x1 * h^2 */
+ m256_mul_p(t3, t3, x1);
+
+ /* x3 = r^2 - 2 * x1 * h^2 - h^3 */
+ m256_mul_p(x1, t2, t2);
+ m256_sub_p(x1, x1, t3);
+ m256_sub_p(x1, x1, t3);
+ m256_sub_p(x1, x1, t1);
+
+ /* y3 = r * (x1 * h^2 - x3) - y1 h^3 */
+ m256_sub_p(t3, t3, x1);
+ m256_mul_p(t3, t3, t2);
+ m256_mul_p(t1, t1, y1);
+ m256_sub_p(y1, t3, t1);
+}
+
+/*
+ * Point addition or doubling (affine to jacobian, Montgomery domain)
+ *
+ * in: P = (x1, y1) - must be on the curve and not 0
+ * Q = (x2, y2) - must be on the curve and not 0
+ * out: (x3, y3) = R = P + Q
+ *
+ * Note: unlike point_add(), this function works if P = +- Q;
+ * however it leaks information on its input through timing,
+ * branches taken and memory access patterns (if observable).
+ */
+static void point_add_or_double_leaky(
+ uint32_t x3[8], uint32_t y3[8],
+ const uint32_t x1[8], const uint32_t y1[8],
+ const uint32_t x2[8], const uint32_t y2[8])
+{
+
+ uint32_t z3[8];
+ u256_cmov(x3, x1, 1);
+ u256_cmov(y3, y1, 1);
+ m256_set32(z3, 1, &p256_p);
+
+ if (u256_diff(x1, x2) != 0) {
+ // P != +- Q -> generic addition
+ point_add(x3, y3, z3, x2, y2);
+ point_to_affine(x3, y3, z3);
+ }
+ else if (u256_diff(y1, y2) == 0) {
+ // P == Q -> double
+ point_double(x3, y3, z3);
+ point_to_affine(x3, y3, z3);
+ } else {
+ // P == -Q -> zero
+ m256_set32(x3, 0, &p256_p);
+ m256_set32(y3, 0, &p256_p);
+ }
+}
+
+/*
+ * Import curve point from bytes
+ *
+ * in: p = (x, y) concatenated, fixed-width 256-bit big-endian integers
+ * out: x, y in Mongomery domain
+ * return 0 if x and y are both in [0, p)
+ * and (x, y) is on the curve and not 0
+ * unspecified non-zero otherwise.
+ * x and y are unspecified and must be discarded if returning non-zero.
+ */
+static int point_from_bytes(uint32_t x[8], uint32_t y[8], const uint8_t p[64])
+{
+ int ret;
+
+ ret = m256_from_bytes(x, p, &p256_p);
+ if (ret != 0)
+ return ret;
+
+ ret = m256_from_bytes(y, p + 32, &p256_p);
+ if (ret != 0)
+ return ret;
+
+ return (int) point_check(x, y);
+}
+
+/*
+ * Export curve point to bytes
+ *
+ * in: x, y affine coordinates of a point (Montgomery domain)
+ * must be on the curve and not 0
+ * out: p = (x, y) concatenated, fixed-width 256-bit big-endian integers
+ */
+static void point_to_bytes(uint8_t p[64],
+ const uint32_t x[8], const uint32_t y[8])
+{
+ m256_to_bytes(p, x, &p256_p);
+ m256_to_bytes(p + 32, y, &p256_p);
+}
+
+/**********************************************************************
+ *
+ * Scalar multiplication and other scalar-related operations
+ *
+ **********************************************************************/
+
+/*
+ * Scalar multiplication
+ *
+ * in: P = (px, py), affine (Montgomery), must be on the curve and not 0
+ * s in [1, n-1]
+ * out: R = s * P = (rx, ry), affine coordinates (Montgomery).
+ *
+ * Note: as memory areas, none of the parameters may overlap.
+ */
+static void scalar_mult(uint32_t rx[8], uint32_t ry[8],
+ const uint32_t px[8], const uint32_t py[8],
+ const uint32_t s[8])
+{
+ /*
+ * We use a signed binary ladder, see for example slides 10-14 of
+ * http://ecc2015.math.u-bordeaux1.fr/documents/hamburg.pdf but with
+ * implicit recoding, and a different loop initialisation to avoid feeding
+ * 0 to our addition formulas, as they don't support it.
+ */
+ uint32_t s_odd[8], py_neg[8], py_use[8], rz[8];
+
+ /*
+ * Make s odd by replacing it with n - s if necessary.
+ *
+ * If s was odd, we'll have s_odd = s, and define P' = P.
+ * Otherwise, we'll have s_odd = n - s and define P' = -P.
+ *
+ * Either way, we can compute s * P as s_odd * P'.
+ */
+ u256_sub(s_odd, p256_n.m, s); /* no carry, result still in [1, n-1] */
+ uint32_t negate = ~s[0] & 1;
+ u256_cmov(s_odd, s, 1 - negate);
+
+ /* Compute py_neg = - py mod p (that's the y coordinate of -P) */
+ u256_set32(py_use, 0);
+ m256_sub_p(py_neg, py_use, py);
+
+ /* Initialize R = P' = (x:(-1)^negate * y:1) */
+ u256_cmov(rx, px, 1);
+ u256_cmov(ry, py, 1);
+ m256_set32(rz, 1, &p256_p);
+ u256_cmov(ry, py_neg, negate);
+
+ /*
+ * For any odd number s_odd = b255 ... b1 1, we have
+ * s_odd = 2^255 + 2^254 sbit(b255) + ... + 2 sbit(b2) + sbit(b1)
+ * writing
+ * sbit(b) = 2 * b - 1 = b ? 1 : -1
+ *
+ * Use that to compute s_odd * P' by repeating R = 2 * R +- P':
+ * s_odd * P' = 2 * ( ... (2 * P' + sbit(b255) P') ... ) + sbit(b1) P'
+ *
+ * The loop invariant is that when beginning an iteration we have
+ * R = s_i P'
+ * with
+ * s_i = 2^(255-i) + 2^(254-i) sbit(b_255) + ...
+ * where the sum has 256 - i terms.
+ *
+ * When updating R we need to make sure the input to point_add() is
+ * neither 0 not +-P'. Since that input is 2 s_i P', it is sufficient to
+ * see that 1 < 2 s_i < n-1. The lower bound is obvious since s_i is a
+ * positive integer, and for the upper bound we distinguish three cases.
+ *
+ * If i > 1, then s_i < 2^254, so 2 s_i < 2^255 < n-1.
+ * Otherwise, i == 1 and we have 2 s_i = s_odd - sbit(b1).
+ * If s_odd <= n-4, then 2 s_1 <= n-3.
+ * Otherwise, s_odd = n-2, and for this curve's value of n,
+ * we have b1 == 1, so sbit(b1) = 1 and 2 s_1 <= n-3.
+ */
+ for (unsigned i = 255; i > 0; i--) {
+ uint32_t bit = (s_odd[i / 32] >> i % 32) & 1;
+
+ /* set (px, py_use) = sbit(bit) P' = sbit(bit) * (-1)^negate P */
+ u256_cmov(py_use, py, bit ^ negate);
+ u256_cmov(py_use, py_neg, (1 - bit) ^ negate);
+
+ /* Update R = 2 * R +- P' */
+ point_double(rx, ry, rz);
+ point_add(rx, ry, rz, px, py_use);
+ }
+
+ point_to_affine(rx, ry, rz);
+}
+
+/*
+ * Scalar import from big-endian bytes
+ *
+ * in: p = p0, ..., p31
+ * out: s = p0 * 2^248 + p1 * 2^240 + ... + p30 * 2^8 + p31
+ * return 0 if s in [1, n-1],
+ * -1 otherwise.
+ */
+static int scalar_from_bytes(uint32_t s[8], const uint8_t p[32])
+{
+ u256_from_bytes(s, p);
+
+ uint32_t r[8];
+ uint32_t lt_n = u256_sub(r, s, p256_n.m);
+
+ u256_set32(r, 1);
+ uint32_t lt_1 = u256_sub(r, s, r);
+
+ if (lt_n && !lt_1)
+ return 0;
+
+ return -1;
+}
+
+/* Using RNG functions from Mbed TLS as p256-m does not come with a
+ * cryptographically secure RNG function.
+ */
+int p256_generate_random(uint8_t *output, unsigned output_size)
+{
+ int ret;
+ ret = psa_generate_random(output, output_size);
+
+ if (ret != 0){
+ return P256_RANDOM_FAILED;
+ }
+ return P256_SUCCESS;
+}
+
+/*
+ * Scalar generation, with public key
+ *
+ * out: sbytes the big-endian bytes representation of the scalar
+ * s its u256 representation
+ * x, y the affine coordinates of s * G (Montgomery domain)
+ * return 0 if OK, -1 on failure
+ * sbytes, s, x, y must be discarded when returning non-zero.
+ */
+static int scalar_gen_with_pub(uint8_t sbytes[32], uint32_t s[8],
+ uint32_t x[8], uint32_t y[8])
+{
+ /* generate a random valid scalar */
+ int ret;
+ unsigned nb_tried = 0;
+ do {
+ if (nb_tried++ >= 4)
+ return -1;
+
+ ret = p256_generate_random(sbytes, 32);
+ CT_POISON(sbytes, 32);
+ if (ret != 0)
+ return -1;
+
+ ret = scalar_from_bytes(s, sbytes);
+ CT_UNPOISON(&ret, sizeof ret);
+ }
+ while (ret != 0);
+
+ /* compute and ouput the associated public key */
+ scalar_mult(x, y, p256_gx, p256_gy, s);
+
+ /* the associated public key is not a secret */
+ CT_UNPOISON(x, 32);
+ CT_UNPOISON(y, 32);
+
+ return 0;
+}
+
+/*
+ * ECDH/ECDSA generate pair
+ */
+int p256_gen_keypair(uint8_t priv[32], uint8_t pub[64])
+{
+ uint32_t s[8], x[8], y[8];
+ int ret = scalar_gen_with_pub(priv, s, x, y);
+ zeroize(s, sizeof s);
+ if (ret != 0)
+ return P256_RANDOM_FAILED;
+
+ point_to_bytes(pub, x, y);
+ return 0;
+}
+
+/**********************************************************************
+ *
+ * ECDH
+ *
+ **********************************************************************/
+
+/*
+ * ECDH compute shared secret
+ */
+int p256_ecdh_shared_secret(uint8_t secret[32],
+ const uint8_t priv[32], const uint8_t peer[64])
+{
+ CT_POISON(priv, 32);
+
+ uint32_t s[8], px[8], py[8], x[8], y[8];
+ int ret;
+
+ ret = scalar_from_bytes(s, priv);
+ CT_UNPOISON(&ret, sizeof ret);
+ if (ret != 0) {
+ ret = P256_INVALID_PRIVKEY;
+ goto cleanup;
+ }
+
+ ret = point_from_bytes(px, py, peer);
+ if (ret != 0) {
+ ret = P256_INVALID_PUBKEY;
+ goto cleanup;
+ }
+
+ scalar_mult(x, y, px, py, s);
+
+ m256_to_bytes(secret, x, &p256_p);
+ CT_UNPOISON(secret, 32);
+
+cleanup:
+ zeroize(s, sizeof s);
+ return ret;
+}
+
+/**********************************************************************
+ *
+ * ECDSA
+ *
+ * Reference:
+ * [SEC1] SEC 1: Elliptic Curve Cryptography, Certicom research, 2009.
+ * http://www.secg.org/sec1-v2.pdf
+ **********************************************************************/
+
+/*
+ * Reduction mod n of a small number
+ *
+ * in: x in [0, 2^256)
+ * out: x_out = x_in mod n in [0, n)
+ */
+static void ecdsa_m256_mod_n(uint32_t x[8])
+{
+ uint32_t t[8];
+ uint32_t c = u256_sub(t, x, p256_n.m);
+ u256_cmov(x, t, 1 - c);
+}
+
+/*
+ * Import integer mod n (Montgomery domain) from hash
+ *
+ * in: h = h0, ..., h_hlen
+ * hlen the length of h in bytes
+ * out: z = (h0 * 2^l-8 + ... + h_l) * 2^256 mod n
+ * with l = min(32, hlen)
+ *
+ * Note: in [SEC1] this is step 5 of 4.1.3 (sign) or step 3 or 4.1.4 (verify),
+ * with obvious simplications since n's bit-length is a multiple of 8.
+ */
+static void ecdsa_m256_from_hash(uint32_t z[8],
+ const uint8_t *h, size_t hlen)
+{
+ /* convert from h (big-endian) */
+ /* hlen is public data so it's OK to branch on it */
+ if (hlen < 32) {
+ uint8_t p[32];
+ for (unsigned i = 0; i < 32; i++)
+ p[i] = 0;
+ for (unsigned i = 0; i < hlen; i++)
+ p[32 - hlen + i] = h[i];
+ u256_from_bytes(z, p);
+ } else {
+ u256_from_bytes(z, h);
+ }
+
+ /* ensure the result is in [0, n) */
+ ecdsa_m256_mod_n(z);
+
+ /* map to Montgomery domain */
+ m256_prep(z, &p256_n);
+}
+
+/*
+ * ECDSA sign
+ */
+int p256_ecdsa_sign(uint8_t sig[64], const uint8_t priv[32],
+ const uint8_t *hash, size_t hlen)
+{
+ CT_POISON(priv, 32);
+
+ /*
+ * Steps and notations from [SEC1] 4.1.3
+ *
+ * Instead of retrying on r == 0 or s == 0, just abort,
+ * as those events have negligible probability.
+ */
+ int ret;
+
+ /* Temporary buffers - the first two are mostly stable, so have names */
+ uint32_t xr[8], k[8], t3[8], t4[8];
+
+ /* 1. Set ephemeral keypair */
+ uint8_t *kb = (uint8_t *) t4;
+ /* kb will be erased by re-using t4 for dU - if we exit before that, we
+ * haven't read the private key yet so we kb isn't sensitive yet */
+ ret = scalar_gen_with_pub(kb, k, xr, t3); /* xr = x_coord(k * G) */
+ if (ret != 0)
+ return P256_RANDOM_FAILED;
+ m256_prep(k, &p256_n);
+
+ /* 2. Convert xr to an integer */
+ m256_done(xr, &p256_p);
+
+ /* 3. Reduce xr mod n (extra: output it while at it) */
+ ecdsa_m256_mod_n(xr); /* xr = int(xr) mod n */
+
+ /* xr is public data so it's OK to use a branch */
+ if (u256_diff0(xr) == 0)
+ return P256_RANDOM_FAILED;
+
+ u256_to_bytes(sig, xr);
+
+ m256_prep(xr, &p256_n);
+
+ /* 4. Skipped - we take the hash as an input, not the message */
+
+ /* 5. Derive an integer from the hash */
+ ecdsa_m256_from_hash(t3, hash, hlen); /* t3 = e */
+
+ /* 6. Compute s = k^-1 * (e + r * dU) */
+
+ /* Note: dU will be erased by re-using t4 for the value of s (public) */
+ ret = scalar_from_bytes(t4, priv); /* t4 = dU (integer domain) */
+ CT_UNPOISON(&ret, sizeof ret); /* Result of input validation */
+ if (ret != 0)
+ return P256_INVALID_PRIVKEY;
+ m256_prep(t4, &p256_n); /* t4 = dU (Montgomery domain) */
+
+ m256_inv(k, k, &p256_n); /* k^-1 */
+ m256_mul(t4, xr, t4, &p256_n); /* t4 = r * dU */
+ m256_add(t4, t3, t4, &p256_n); /* t4 = e + r * dU */
+ m256_mul(t4, k, t4, &p256_n); /* t4 = s = k^-1 * (e + r * dU) */
+ zeroize(k, sizeof k);
+
+ /* 7. Output s (r already outputed at step 3) */
+ CT_UNPOISON(t4, 32);
+ if (u256_diff0(t4) == 0) {
+ /* undo early output of r */
+ u256_to_bytes(sig, t4);
+ return P256_RANDOM_FAILED;
+ }
+ m256_to_bytes(sig + 32, t4, &p256_n);
+
+ return P256_SUCCESS;
+}
+
+/*
+ * ECDSA verify
+ */
+int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64],
+ const uint8_t *hash, size_t hlen)
+{
+ /*
+ * Steps and notations from [SEC1] 4.1.3
+ *
+ * Note: we're using public data only, so branches are OK
+ */
+ int ret;
+
+ /* 1. Validate range of r and s : [1, n-1] */
+ uint32_t r[8], s[8];
+ ret = scalar_from_bytes(r, sig);
+ if (ret != 0)
+ return P256_INVALID_SIGNATURE;
+ ret = scalar_from_bytes(s, sig + 32);
+ if (ret != 0)
+ return P256_INVALID_SIGNATURE;
+
+ /* 2. Skipped - we take the hash as an input, not the message */
+
+ /* 3. Derive an integer from the hash */
+ uint32_t e[8];
+ ecdsa_m256_from_hash(e, hash, hlen);
+
+ /* 4. Compute u1 = e * s^-1 and u2 = r * s^-1 */
+ uint32_t u1[8], u2[8];
+ m256_prep(s, &p256_n); /* s in Montgomery domain */
+ m256_inv(s, s, &p256_n); /* s = s^-1 mod n */
+ m256_mul(u1, e, s, &p256_n); /* u1 = e * s^-1 mod n */
+ m256_done(u1, &p256_n); /* u1 out of Montgomery domain */
+
+ u256_cmov(u2, r, 1);
+ m256_prep(u2, &p256_n); /* r in Montgomery domain */
+ m256_mul(u2, u2, s, &p256_n); /* u2 = r * s^-1 mod n */
+ m256_done(u2, &p256_n); /* u2 out of Montgomery domain */
+
+ /* 5. Compute R (and re-use (u1, u2) to store its coordinates */
+ uint32_t px[8], py[8];
+ ret = point_from_bytes(px, py, pub);
+ if (ret != 0)
+ return P256_INVALID_PUBKEY;
+
+ scalar_mult(e, s, px, py, u2); /* (e, s) = R2 = u2 * Qu */
+
+ if (u256_diff0(u1) == 0) {
+ /* u1 out of range for scalar_mult() - just skip it */
+ u256_cmov(u1, e, 1);
+ /* we don't care about the y coordinate */
+ } else {
+ scalar_mult(px, py, p256_gx, p256_gy, u1); /* (px, py) = R1 = u1 * G */
+
+ /* (u1, u2) = R = R1 + R2 */
+ point_add_or_double_leaky(u1, u2, px, py, e, s);
+ /* No need to check if R == 0 here: if that's the case, it will be
+ * caught when comparating rx (which will be 0) to r (which isn't). */
+ }
+
+ /* 6. Convert xR to an integer */
+ m256_done(u1, &p256_p);
+
+ /* 7. Reduce xR mod n */
+ ecdsa_m256_mod_n(u1);
+
+ /* 8. Compare xR mod n to r */
+ uint32_t diff = u256_diff(u1, r);
+ if (diff == 0)
+ return P256_SUCCESS;
+
+ return P256_INVALID_SIGNATURE;
+}
+
+#endif
diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h
new file mode 100644
index 0000000..f455cf1
--- /dev/null
+++ b/3rdparty/p256-m/p256-m/p256-m.h
@@ -0,0 +1,95 @@
+/*
+ * Interface of curve P-256 (ECDH and ECDSA)
+ *
+ * Author: Manuel Pégourié-Gonnard.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+#ifndef P256_M_H
+#define P256_M_H
+
+#include <stdint.h>
+#include <stddef.h>
+
+/* Status codes */
+#define P256_SUCCESS 0
+#define P256_RANDOM_FAILED -1
+#define P256_INVALID_PUBKEY -2
+#define P256_INVALID_PRIVKEY -3
+#define P256_INVALID_SIGNATURE -4
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * RNG function - must be provided externally and be cryptographically secure.
+ *
+ * in: output - must point to a writable buffer of at least output_size bytes.
+ * output_size - the number of random bytes to write to output.
+ * out: output is filled with output_size random bytes.
+ * return 0 on success, non-zero on errors.
+ */
+extern int p256_generate_random(uint8_t * output, unsigned output_size);
+
+/*
+ * ECDH/ECDSA generate key pair
+ *
+ * [in] draws from p256_generate_random()
+ * [out] priv: on success, holds the private key, as a big-endian integer
+ * [out] pub: on success, holds the public key, as two big-endian integers
+ *
+ * return: P256_SUCCESS on success
+ * P256_RANDOM_FAILED on failure
+ */
+int p256_gen_keypair(uint8_t priv[32], uint8_t pub[64]);
+
+/*
+ * ECDH compute shared secret
+ *
+ * [out] secret: on success, holds the shared secret, as a big-endian integer
+ * [in] priv: our private key as a big-endian integer
+ * [in] pub: the peer's public key, as two big-endian integers
+ *
+ * return: P256_SUCCESS on success
+ * P256_INVALID_PRIVKEY if priv is invalid
+ * P256_INVALID_PUBKEY if pub is invalid
+ */
+int p256_ecdh_shared_secret(uint8_t secret[32],
+ const uint8_t priv[32], const uint8_t pub[64]);
+
+/*
+ * ECDSA sign
+ *
+ * [in] draws from p256_generate_random()
+ * [out] sig: on success, holds the signature, as two big-endian integers
+ * [in] priv: our private key as a big-endian integer
+ * [in] hash: the hash of the message to be signed
+ * [in] hlen: the size of hash in bytes
+ *
+ * return: P256_SUCCESS on success
+ * P256_RANDOM_FAILED on failure
+ * P256_INVALID_PRIVKEY if priv is invalid
+ */
+int p256_ecdsa_sign(uint8_t sig[64], const uint8_t priv[32],
+ const uint8_t *hash, size_t hlen);
+
+/*
+ * ECDSA verify
+ *
+ * [in] sig: the signature to be verified, as two big-endian integers
+ * [in] pub: the associated public key, as two big-endian integers
+ * [in] hash: the hash of the message that was signed
+ * [in] hlen: the size of hash in bytes
+ *
+ * return: P256_SUCCESS on success - the signature was verified as valid
+ * P256_INVALID_PUBKEY if pub is invalid
+ * P256_INVALID_SIGNATURE if the signature was found to be invalid
+ */
+int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64],
+ const uint8_t *hash, size_t hlen);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* P256_M_H */
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c
new file mode 100644
index 0000000..8828909
--- /dev/null
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c
@@ -0,0 +1,242 @@
+/*
+ * Driver entry points for p256-m
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mbedtls/platform.h"
+#include "p256-m_driver_entrypoints.h"
+#include "p256-m/p256-m.h"
+#include "psa/crypto.h"
+#include "psa_crypto_driver_wrappers.h"
+#include <stddef.h>
+
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+
+/* INFORMATION ON PSA KEY EXPORT FORMATS:
+ *
+ * PSA exports SECP256R1 keys in two formats:
+ * 1. Keypair format: 32 byte string which is just the private key (public key
+ * can be calculated from the private key)
+ * 2. Public Key format: A leading byte 0x04 (indicating uncompressed format),
+ * followed by the 64 byte public key. This results in a
+ * total of 65 bytes.
+ *
+ * p256-m's internal format for private keys matches PSA. Its format for public
+ * keys is only 64 bytes; the same as PSA but without the leading byte (0x04).
+ * Hence, when passing public keys from PSA to p256-m, the leading byte is
+ * removed.
+ */
+
+/* Convert between p256-m and PSA error codes */
+static psa_status_t p256_to_psa_error(int ret)
+{
+ switch (ret) {
+ case P256_SUCCESS:
+ return PSA_SUCCESS;
+ case P256_INVALID_PUBKEY:
+ case P256_INVALID_PRIVKEY:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ case P256_INVALID_SIGNATURE:
+ return PSA_ERROR_INVALID_SIGNATURE;
+ case P256_RANDOM_FAILED:
+ default:
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+}
+
+psa_status_t p256_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length)
+{
+ /* We don't use this argument, but the specification mandates the signature
+ * of driver entry-points. (void) used to avoid compiler warning. */
+ (void) attributes;
+
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+
+ /*
+ * p256-m generates a 32 byte private key, and expects to write to a buffer
+ * that is of that size. */
+ if (key_buffer_size != 32) {
+ return status;
+ }
+
+ /*
+ * p256-m's keypair generation function outputs both public and private
+ * keys. Allocate a buffer to which the public key will be written. The
+ * private key will be written to key_buffer, which is passed to this
+ * function as an argument. */
+ uint8_t public_key_buffer[64];
+
+ status = p256_to_psa_error(
+ p256_gen_keypair(key_buffer, public_key_buffer));
+ if (status == PSA_SUCCESS) {
+ *key_buffer_length = 32;
+ }
+
+ return status;
+}
+
+psa_status_t p256_transparent_key_agreement(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length)
+{
+ /* We don't use these arguments, but the specification mandates the
+ * sginature of driver entry-points. (void) used to avoid compiler
+ * warning. */
+ (void) attributes;
+ (void) alg;
+
+ /*
+ * Check that private key = 32 bytes, peer public key = 65 bytes,
+ * and that the shared secret buffer is big enough. */
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+ if (key_buffer_size != 32 || shared_secret_size < 32 ||
+ peer_key_length != 65) {
+ return status;
+ }
+
+ /* We add 1 to peer_key pointer to omit the leading byte of the public key
+ * representation (0x04). See information about PSA key formats at the top
+ * of the file. */
+ status = p256_to_psa_error(
+ p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key+1));
+ if (status == PSA_SUCCESS) {
+ *shared_secret_length = 32;
+ }
+
+ return status;
+}
+
+psa_status_t p256_transparent_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length)
+{
+ /* We don't use these arguments, but the specification mandates the
+ * sginature of driver entry-points. (void) used to avoid compiler
+ * warning. */
+ (void) attributes;
+ (void) alg;
+
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+ if (key_buffer_size != 32 || signature_size != 64) {
+ return status;
+ }
+
+ status = p256_to_psa_error(
+ p256_ecdsa_sign(signature, key_buffer, hash, hash_length));
+ if (status == PSA_SUCCESS) {
+ *signature_length = 64;
+ }
+
+ return status;
+}
+
+/* This function expects the key buffer to contain a 65 byte public key,
+ * as exported by psa_export_public_key() */
+static psa_status_t p256_verify_hash_with_public_key(
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+ psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
+ if (key_buffer_size != 65 || signature_length != 64 || *key_buffer != 0x04) {
+ return status;
+ }
+
+ /* We add 1 to public_key_buffer pointer to omit the leading byte of the
+ * public key representation (0x04). See information about PSA key formats
+ * at the top of the file. */
+ const uint8_t *public_key_buffer = key_buffer + 1;
+ status = p256_to_psa_error(
+ p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length));
+
+ return status;
+}
+
+psa_status_t p256_transparent_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length)
+{
+ /* We don't use this argument, but the specification mandates the signature
+ * of driver entry-points. (void) used to avoid compiler warning. */
+ (void) alg;
+
+ psa_status_t status;
+ uint8_t public_key_buffer[65];
+ size_t public_key_buffer_size = 65;
+
+ size_t public_key_length = 65;
+ /* As p256-m doesn't require dynamic allocation, we want to avoid it in
+ * the entrypoint functions as well. psa_driver_wrapper_export_public_key()
+ * requires size_t*, so we use a pointer to a stack variable. */
+ size_t *public_key_length_ptr = &public_key_length;
+
+ /* The contents of key_buffer may either be the 32 byte private key
+ * (keypair format), or 0x04 followed by the 64 byte public key (public
+ * key format). To ensure the key is in the latter format, the public key
+ * is exported. */
+ status = psa_driver_wrapper_export_public_key(
+ attributes,
+ key_buffer,
+ key_buffer_size,
+ public_key_buffer,
+ public_key_buffer_size,
+ public_key_length_ptr);
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+
+ status = p256_verify_hash_with_public_key(
+ public_key_buffer,
+ public_key_buffer_size,
+ hash,
+ hash_length,
+ signature,
+ signature_length);
+
+exit:
+ return status;
+}
+
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h
new file mode 100644
index 0000000..18c677a
--- /dev/null
+++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h
@@ -0,0 +1,162 @@
+/*
+ * Driver entry points for p256-m
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef P256M_DRIVER_ENTRYPOINTS_H
+#define P256M_DRIVER_ENTRYPOINTS_H
+
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+
+#include "psa/crypto_types.h"
+
+/** Generate SECP256R1 ECC Key Pair.
+ * Interface function which calls the p256-m key generation function and
+ * places it in the key buffer provided by the caller (mbed TLS) in the
+ * correct format. For a SECP256R1 curve this is the 32 bit private key.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[out] key_buffer The buffer to contain the key data in
+ * output format upon successful return.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[out] key_buffer_length The length of the data written in \p
+ * key_buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Keypair generated and stored in buffer.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \retval #PSA_ERROR_GENERIC_ERROR
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ */
+psa_status_t p256_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length);
+
+/** Perform raw key agreement using p256-m's ECDH implementation
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the private key
+ * in the format specified by PSA.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A key agreement algorithm that is
+ * compatible with the type of the key.
+ * \param[in] peer_key The buffer containing the peer's public
+ * key in format specified by PSA.
+ * \param[in] peer_key_length Size of the \p peer_key buffer in
+ * bytes.
+ * \param[out] shared_secret The buffer to which the shared secret
+ * is to be written.
+ * \param[in] shared_secret_size Size of the \p shared_secret buffer in
+ * bytes.
+ * \param[out] shared_secret_length On success, the number of bytes that
+ * make up the returned shared secret.
+ * \retval #PSA_SUCCESS
+ * Success. Shared secret successfully calculated.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ */
+psa_status_t p256_transparent_key_agreement(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length);
+
+/** Sign an already-calculated hash with a private key using p256-m's ECDSA
+ * implementation
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] key_buffer The buffer containing the private key
+ * in the format specified by PSA.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible
+ * with the type of the key.
+ * \param[in] hash The hash to sign.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS
+ * Success. Hash was signed successfully.
+ * respectively of the key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ */
+psa_status_t p256_transparent_sign_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
+
+/** Verify the signature of a hash using a SECP256R1 public key using p256-m's
+ * ECDSA implementation.
+ *
+ * \note p256-m expects a 64 byte public key, but the contents of the key
+ buffer may be the 32 byte keypair representation or the 65 byte
+ public key representation. As a result, this function calls
+ psa_driver_wrapper_export_public_key() to ensure the public key
+ can be passed to p256-m.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ *
+ * \param[in] key_buffer The buffer containing the key
+ * in the format specified by PSA.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[in] alg A signature algorithm that is compatible with
+ * the type of the key.
+ * \param[in] hash The hash whose signature is to be
+ * verified.
+ * \param[in] hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ */
+psa_status_t p256_transparent_verify_hash(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length);
+
+#endif /* P256M_DRIVER_ENTRYPOINTS_H */
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8d27a82..6840295 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,9 +34,9 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" C CXX)
+ project("mbed TLS" LANGUAGES C CXX)
else()
- project("mbed TLS" C)
+ project("mbed TLS" LANGUAGES C)
endif()
include(GNUInstallDirs)
diff --git a/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
new file mode 100644
index 0000000..9aa3ff9
--- /dev/null
+++ b/ChangeLog.d/X509Parse_SignatureKeyId_AuthorityKeyId.txt
@@ -0,0 +1,3 @@
+Features
+ * When parsing X.509 certificates, support the extensions
+ SignatureKeyIdentifier and AuthorityKeyIdentifier.
diff --git a/ChangeLog.d/add-psa_want_alg_some_pake.txt b/ChangeLog.d/add-psa_want_alg_some_pake.txt
new file mode 100644
index 0000000..00b3002
--- /dev/null
+++ b/ChangeLog.d/add-psa_want_alg_some_pake.txt
@@ -0,0 +1,3 @@
+Features
+ * Don't include the PSA dispatch functions for PAKEs (psa_pake_setup() etc)
+ if no PAKE algorithms are requested
diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt
new file mode 100644
index 0000000..487e5c6
--- /dev/null
+++ b/ChangeLog.d/add-subjectAltName-certs.txt
@@ -0,0 +1,6 @@
+Features
+ * It is now possible to generate certificates with SubjectAltNames.
+ Currently supported subtypes: DnsName, UniformResourceIdentifier,
+ IP address, OtherName, and DirectoryName, as defined in RFC 5280.
+ See mbedtls_x509write_crt_set_subject_alternative_name for
+ more information.
diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt
new file mode 100644
index 0000000..59ae1cd
--- /dev/null
+++ b/ChangeLog.d/armclang-compile-fix.txt
@@ -0,0 +1,7 @@
+Bugfix
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+Changes
+ * Enable Arm / Thumb bignum assembly for most Arm platforms when
+ compiling with gcc, clang or armclang and -O0.
diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt
new file mode 100644
index 0000000..aa039ea
--- /dev/null
+++ b/ChangeLog.d/basic-uri-verification.txt
@@ -0,0 +1,4 @@
+Features
+ * X.509 hostname verification now partially supports URI Subject Alternate
+ Names. Only exact matching, without any normalization procedures
+ described in 7.4 of RFC5280, will result in a positive URI verification.
diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt
new file mode 100644
index 0000000..1185133
--- /dev/null
+++ b/ChangeLog.d/driver-ffdh.txt
@@ -0,0 +1,3 @@
+Features
+ * Add a driver dispatch layer for FFDH keys, enabling alternative
+ implementations of FFDH through the driver entry points.
diff --git a/ChangeLog.d/ec_jpake_user_peer_2.txt b/ChangeLog.d/ec_jpake_user_peer_2.txt
new file mode 100644
index 0000000..9572ac7
--- /dev/null
+++ b/ChangeLog.d/ec_jpake_user_peer_2.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the J-PAKE driver interface for user and peer to accept any values
+ (previously accepted values were limited to "client" or "server").
diff --git a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
new file mode 100644
index 0000000..7fcb5ec
--- /dev/null
+++ b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when
+ built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a
+ way to detect the crypto extensions required. A warning is still issued.
diff --git a/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
new file mode 100644
index 0000000..22e8adb
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ecdsa_can_do-unconditional-define.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
+ MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes #7498.
diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt
new file mode 100644
index 0000000..82ed2fd
--- /dev/null
+++ b/ChangeLog.d/oid-parse-from-numeric-string.txt
@@ -0,0 +1,3 @@
+Features
+ * Add function mbedtls_oid_from_numeric_string() to parse an OID from a
+ string to a DER-encoded mbedtls_asn1_buf.
diff --git a/ChangeLog.d/programs_psa_fix.txt b/ChangeLog.d/programs_psa_fix.txt
new file mode 100644
index 0000000..fe2099e
--- /dev/null
+++ b/ChangeLog.d/programs_psa_fix.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
diff --git a/ChangeLog.d/rfc8410.txt b/ChangeLog.d/rfc8410.txt
new file mode 100644
index 0000000..e2984ee
--- /dev/null
+++ b/ChangeLog.d/rfc8410.txt
@@ -0,0 +1,3 @@
+Features
+ * Add support for reading and writing X25519 and X448
+ public and private keys in RFC 8410 format using the existing PK APIs.
diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt
new file mode 100644
index 0000000..9426f87
--- /dev/null
+++ b/ChangeLog.d/sha3.txt
@@ -0,0 +1,3 @@
+Features
+ * Add SHA-3 family hash functions.
+
diff --git a/README.md b/README.md
index 288e692..fea73fc 100644
--- a/README.md
+++ b/README.md
@@ -307,6 +307,12 @@
Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
+### Third-party code included in Mbed TLS
+This project contains code from other projects. This code is located within the `3rdparty/` directory. The original license text is included within project subdirectories, and in source files. The projects are listed below:
+
+* `3rdparty/everest/`: Files stem from [Project Everest](https://project-everest.github.io/) and are distributed under the Apache 2.0 license.
+* `3rdparty/p256-m/p256-m/`: Files have been taken from the [p256-m](https://github.com/mpg/p256-m) repository. The code in the original repository is distributed under the Apache 2.0 license. It is also used by the project under the Apache 2.0 license. We do not plan to regularly update these files, so they may not contain fixes and improvements present in the upstream project.
+
Contributing
------------
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index 6aff42f..a014b52 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -25,7 +25,7 @@
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
-/* Mbed Crypto feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
@@ -42,7 +42,7 @@
#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_VERSION_FEATURES
-/* Mbed Crypto modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h
new file mode 100644
index 0000000..939e2a3
--- /dev/null
+++ b/configs/crypto_config_profile_medium.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2018-2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+/**
+ * \file psa/crypto_config.h
+ * \brief PSA crypto configuration options (set of defines)
+ *
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+/**
+ * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h,
+ * this file determines which cryptographic mechanisms are enabled
+ * through the PSA Cryptography API (\c psa_xxx() functions).
+ *
+ * To enable a cryptographic mechanism, uncomment the definition of
+ * the corresponding \c PSA_WANT_xxx preprocessor symbol.
+ * To disable a cryptographic mechanism, comment out the definition of
+ * the corresponding \c PSA_WANT_xxx preprocessor symbol.
+ * The names of cryptographic mechanisms correspond to values
+ * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead
+ * of \c PSA_.
+ *
+ * Note that many cryptographic mechanisms involve two symbols: one for
+ * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm
+ * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve
+ * additional symbols.
+ */
+#else
+/**
+ * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h,
+ * this file is not used, and cryptographic mechanisms are supported
+ * through the PSA API if and only if they are supported through the
+ * mbedtls_xxx API.
+ */
+#endif
+
+#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H
+#define PROFILE_M_PSA_CRYPTO_CONFIG_H
+
+/*
+ * CBC-MAC is not yet supported via the PSA API in Mbed TLS.
+ */
+//#define PSA_WANT_ALG_CBC_MAC 1
+//#define PSA_WANT_ALG_CBC_NO_PADDING 1
+//#define PSA_WANT_ALG_CBC_PKCS7 1
+#define PSA_WANT_ALG_CCM 1
+//#define PSA_WANT_ALG_CMAC 1
+//#define PSA_WANT_ALG_CFB 1
+//#define PSA_WANT_ALG_CHACHA20_POLY1305 1
+//#define PSA_WANT_ALG_CTR 1
+#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
+//#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_ALG_ECDH 1
+#define PSA_WANT_ALG_ECDSA 1
+//#define PSA_WANT_ALG_GCM 1
+#define PSA_WANT_ALG_HKDF 1
+#define PSA_WANT_ALG_HMAC 1
+//#define PSA_WANT_ALG_MD5 1
+//#define PSA_WANT_ALG_OFB 1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_PBKDF2_HMAC 1
+//#define PSA_WANT_ALG_RIPEMD160 1
+//#define PSA_WANT_ALG_RSA_OAEP 1
+//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
+//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
+//#define PSA_WANT_ALG_RSA_PSS 1
+//#define PSA_WANT_ALG_SHA_1 1
+#define PSA_WANT_ALG_SHA_224 1
+#define PSA_WANT_ALG_SHA_256 1
+//#define PSA_WANT_ALG_SHA_384 1
+//#define PSA_WANT_ALG_SHA_512 1
+//#define PSA_WANT_ALG_STREAM_CIPHER 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
+ * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+//#define PSA_WANT_ALG_XTS 1
+
+//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
+//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
+//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
+//#define PSA_WANT_ECC_MONTGOMERY_255 1
+//#define PSA_WANT_ECC_MONTGOMERY_448 1
+//#define PSA_WANT_ECC_SECP_K1_192 1
+/*
+ * SECP224K1 is buggy via the PSA API in Mbed TLS
+ * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
+ * default.
+ */
+//#define PSA_WANT_ECC_SECP_K1_224 1
+//#define PSA_WANT_ECC_SECP_K1_256 1
+//#define PSA_WANT_ECC_SECP_R1_192 1
+//#define PSA_WANT_ECC_SECP_R1_224 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+//#define PSA_WANT_ECC_SECP_R1_384 1
+//#define PSA_WANT_ECC_SECP_R1_521 1
+
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#define PSA_WANT_KEY_TYPE_AES 1
+//#define PSA_WANT_KEY_TYPE_ARIA 1
+//#define PSA_WANT_KEY_TYPE_CAMELLIA 1
+//#define PSA_WANT_KEY_TYPE_CHACHA20 1
+//#define PSA_WANT_KEY_TYPE_DES 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
+#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
+//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
+
+#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */
diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h
new file mode 100644
index 0000000..b581f1f
--- /dev/null
+++ b/configs/tfm_mbedcrypto_config_profile_medium.h
@@ -0,0 +1,629 @@
+/**
+ * \file config.h
+ *
+ * \brief Configuration options (set of defines)
+ *
+ * This set of compile-time options may be used to enable
+ * or disable features selectively, and reduce the global
+ * memory footprint.
+ */
+/*
+ * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef PROFILE_M_MBEDTLS_CONFIG_H
+#define PROFILE_M_MBEDTLS_CONFIG_H
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+/**
+ * \name SECTION: System support
+ *
+ * This section sets system specific settings.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_HAVE_ASM
+ *
+ * The compiler has support for asm().
+ *
+ * Requires support for asm() in compiler.
+ *
+ * Used in:
+ * library/aria.c
+ * library/timing.c
+ * include/mbedtls/bn_mul.h
+ *
+ * Required by:
+ * MBEDTLS_AESNI_C
+ * MBEDTLS_PADLOCK_C
+ *
+ * Comment to disable the use of assembly code.
+ */
+#define MBEDTLS_HAVE_ASM
+
+/**
+ * \def MBEDTLS_PLATFORM_MEMORY
+ *
+ * Enable the memory allocation layer.
+ *
+ * By default mbed TLS uses the system-provided calloc() and free().
+ * This allows different allocators (self-implemented or provided) to be
+ * provided to the platform abstraction layer.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
+ * free() function pointer at runtime.
+ *
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
+ * alternate function at compile time.
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ *
+ * Enable this layer to allow use of alternative memory allocators.
+ */
+#define MBEDTLS_PLATFORM_MEMORY
+
+/* \} name SECTION: System support */
+
+/**
+ * \name SECTION: mbed TLS feature support
+ *
+ * This section sets support for features that are or are not needed
+ * within the modules that are enabled.
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_MD2_PROCESS_ALT
+ *
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * alternate core implementation of symmetric crypto or hash function. Keep in
+ * mind that function prototypes should remain the same.
+ *
+ * This replaces only one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
+ *
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
+ * with this definition.
+ *
+ * \note Because of a signature change, the core AES encryption and decryption routines are
+ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
+ * respectively. When setting up alternative implementations, these functions should
+ * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ * must stay untouched.
+ *
+ * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
+ * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
+ * tables.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ *
+ * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
+ * constitutes a security risk. If possible, we recommend avoiding
+ * dependencies on them, and considering stronger message digests
+ * and ciphers instead.
+ *
+ */
+#define MBEDTLS_AES_SETKEY_DEC_ALT
+#define MBEDTLS_AES_DECRYPT_ALT
+
+/**
+ * \def MBEDTLS_AES_ROM_TABLES
+ *
+ * Use precomputed AES tables stored in ROM.
+ *
+ * Uncomment this macro to use precomputed AES tables stored in ROM.
+ * Comment this macro to generate AES tables in RAM at runtime.
+ *
+ * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb
+ * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the
+ * initialization time before the first AES operation can be performed.
+ * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c
+ * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded
+ * performance if ROM access is slower than RAM access.
+ *
+ * This option is independent of \c MBEDTLS_AES_FEWER_TABLES.
+ *
+ */
+#define MBEDTLS_AES_ROM_TABLES
+
+/**
+ * \def MBEDTLS_AES_FEWER_TABLES
+ *
+ * Use less ROM/RAM for AES tables.
+ *
+ * Uncommenting this macro omits 75% of the AES tables from
+ * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES)
+ * by computing their values on the fly during operations
+ * (the tables are entry-wise rotations of one another).
+ *
+ * Tradeoff: Uncommenting this reduces the RAM / ROM footprint
+ * by ~6kb but at the cost of more arithmetic operations during
+ * runtime. Specifically, one has to compare 4 accesses within
+ * different tables to 4 accesses with additional arithmetic
+ * operations within the same table. The performance gain/loss
+ * depends on the system and memory details.
+ *
+ * This option is independent of \c MBEDTLS_AES_ROM_TABLES.
+ *
+ */
+#define MBEDTLS_AES_FEWER_TABLES
+
+/**
+ * \def MBEDTLS_ECP_NIST_OPTIM
+ *
+ * Enable specific 'modulo p' routines for each NIST prime.
+ * Depending on the prime and architecture, makes operations 4 to 8 times
+ * faster on the corresponding curve.
+ *
+ * Comment this macro to disable NIST curves optimisation.
+ */
+#define MBEDTLS_ECP_NIST_OPTIM
+
+/**
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
+ *
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
+ *
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
+ *
+ * Disable if you run into name conflicts and want to really remove the
+ * mbedtls_strerror()
+ */
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+
+/**
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
+ *
+ * Do not use built-in platform entropy functions.
+ * This is useful if your platform does not support
+ * standards like the /dev/urandom or Windows CryptoAPI.
+ *
+ * Uncomment this macro to disable the built-in platform entropy functions.
+ */
+#define MBEDTLS_NO_PLATFORM_ENTROPY
+
+/**
+ * \def MBEDTLS_ENTROPY_NV_SEED
+ *
+ * Enable the non-volatile (NV) seed file-based entropy source.
+ * (Also enables the NV seed read/write functions in the platform layer)
+ *
+ * This is crucial (if not required) on systems that do not have a
+ * cryptographic entropy source (in hardware or kernel) available.
+ *
+ * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C
+ *
+ * \note The read/write functions that are used by the entropy source are
+ * determined in the platform layer, and can be modified at runtime and/or
+ * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used.
+ *
+ * \note If you use the default implementation functions that read a seedfile
+ * with regular fopen(), please make sure you make a seedfile with the
+ * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at
+ * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from
+ * and written to or you will get an entropy source error! The default
+ * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE
+ * bytes from the file.
+ *
+ * \note The entropy collector will write to the seed file before entropy is
+ * given to an external source, to update it.
+ */
+// This macro is enabled in TFM Medium but is disabled here because it is
+// incompatible with baremetal builds in Mbed TLS.
+//#define MBEDTLS_ENTROPY_NV_SEED
+
+/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ *
+ * Enable key identifiers that encode a key owner identifier.
+ *
+ * This is only meaningful when building the library as part of a
+ * multi-client service. When you activate this option, you must provide an
+ * implementation of the type mbedtls_key_owner_id_t and a translation from
+ * mbedtls_svc_key_id_t to file name in all the storage backends that you
+ * you wish to support.
+ *
+ * Note that while this define has been removed from TF-M's copy of this config
+ * file, TF-M still passes this option to Mbed TLS during the build via CMake.
+ * Therefore we keep it in our copy. See discussion on PR #7426 for more info.
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_SPM
+ *
+ * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure
+ * Partition Manager) integration which separates the code into two parts: a
+ * NSPE (Non-Secure Process Environment) and an SPE (Secure Process
+ * Environment).
+ *
+ * Module: library/psa_crypto.c
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_SPM
+
+/**
+ * \def MBEDTLS_SHA256_SMALLER
+ *
+ * Enable an implementation of SHA-256 that has lower ROM footprint but also
+ * lower performance.
+ *
+ * The default implementation is meant to be a reasonnable compromise between
+ * performance and size. This version optimizes more aggressively for size at
+ * the expense of performance. Eg on Cortex-M4 it reduces the size of
+ * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about
+ * 30%.
+ *
+ * Uncomment to enable the smaller implementation of SHA256.
+ */
+#define MBEDTLS_SHA256_SMALLER
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG
+ *
+ * This setting allows support for cryptographic mechanisms through the PSA
+ * API to be configured separately from support through the mbedtls API.
+ *
+ * When this option is disabled, the PSA API exposes the cryptographic
+ * mechanisms that can be implemented on top of the `mbedtls_xxx` API
+ * configured with `MBEDTLS_XXX` symbols.
+ *
+ * When this option is enabled, the PSA API exposes the cryptographic
+ * mechanisms requested by the `PSA_WANT_XXX` symbols defined in
+ * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are
+ * automatically enabled if required (i.e. if no PSA driver provides the
+ * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols
+ * in mbedtls_config.h.
+ *
+ * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies
+ * an alternative header to include instead of include/psa/crypto_config.h.
+ *
+ * This feature is still experimental and is not ready for production since
+ * it is not completed.
+ */
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+
+/* \} name SECTION: mbed TLS feature support */
+
+/**
+ * \name SECTION: mbed TLS modules
+ *
+ * This section enables or disables entire modules in mbed TLS
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_AES_C
+ *
+ * Enable the AES block cipher.
+ *
+ * Module: library/aes.c
+ * Caller: library/cipher.c
+ * library/pem.c
+ * library/ctr_drbg.c
+ *
+ * This module is required to support the TLS ciphersuites that use the AES
+ * cipher.
+ *
+ * PEM_PARSE uses AES for decrypting encrypted keys.
+ */
+#define MBEDTLS_AES_C
+
+/**
+ * \def MBEDTLS_CIPHER_C
+ *
+ * Enable the generic cipher layer.
+ *
+ * Module: library/cipher.c
+ *
+ * Uncomment to enable generic cipher wrappers.
+ */
+#define MBEDTLS_CIPHER_C
+
+/**
+ * \def MBEDTLS_CTR_DRBG_C
+ *
+ * Enable the CTR_DRBG AES-based random generator.
+ * The CTR_DRBG generator uses AES-256 by default.
+ * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
+ *
+ * Module: library/ctr_drbg.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_AES_C
+ *
+ * This module provides the CTR_DRBG AES random number generator.
+ */
+#define MBEDTLS_CTR_DRBG_C
+
+/**
+ * \def MBEDTLS_ENTROPY_C
+ *
+ * Enable the platform-specific entropy code.
+ *
+ * Module: library/entropy.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
+ *
+ * This module provides a generic entropy pool
+ */
+#define MBEDTLS_ENTROPY_C
+
+/**
+ * \def MBEDTLS_ERROR_C
+ *
+ * Enable error code to error string conversion.
+ *
+ * Module: library/error.c
+ * Caller:
+ *
+ * This module enables mbedtls_strerror().
+ */
+#define MBEDTLS_ERROR_C
+
+/**
+ * \def MBEDTLS_HKDF_C
+ *
+ * Enable the HKDF algorithm (RFC 5869).
+ *
+ * Module: library/hkdf.c
+ * Caller:
+ *
+ * Requires: MBEDTLS_MD_C
+ *
+ * This module adds support for the Hashed Message Authentication Code
+ * (HMAC)-based key derivation function (HKDF).
+ */
+#define MBEDTLS_HKDF_C /* Used for HUK deriviation */
+
+/**
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
+ *
+ * Enable the buffer allocator implementation that makes use of a (stack)
+ * based buffer to 'allocate' dynamic memory. (replaces calloc() and free()
+ * calls)
+ *
+ * Module: library/memory_buffer_alloc.c
+ *
+ * Requires: MBEDTLS_PLATFORM_C
+ * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ *
+ * Enable this module to enable the buffer memory allocator.
+ */
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
+
+/**
+ * \def MBEDTLS_PK_C
+ *
+ * Enable the generic public (asymetric) key layer.
+ *
+ * Module: library/pk.c
+ *
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
+ *
+ * Uncomment to enable generic public key wrappers.
+ */
+#define MBEDTLS_PK_C
+
+/**
+ * \def MBEDTLS_PK_PARSE_C
+ *
+ * Enable the generic public (asymetric) key parser.
+ *
+ * Module: library/pkparse.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key parse functions.
+ */
+#define MBEDTLS_PK_PARSE_C
+
+/**
+ * \def MBEDTLS_PK_WRITE_C
+ *
+ * Enable the generic public (asymetric) key writer.
+ *
+ * Module: library/pkwrite.c
+ *
+ * Requires: MBEDTLS_PK_C
+ *
+ * Uncomment to enable generic public key write functions.
+ */
+#define MBEDTLS_PK_WRITE_C
+
+/**
+ * \def MBEDTLS_PLATFORM_C
+ *
+ * Enable the platform abstraction layer that allows you to re-assign
+ * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit().
+ *
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * above to be specified at runtime or compile time respectively.
+ *
+ * \note This abstraction layer must be enabled on Windows (including MSYS2)
+ * as other module rely on it for a fixed snprintf implementation.
+ *
+ * Module: library/platform.c
+ * Caller: Most other .c files
+ *
+ * This module enables abstraction of common (libc) functions.
+ */
+#define MBEDTLS_PLATFORM_C
+
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_C
+ *
+ * Enable the Platform Security Architecture cryptography API.
+ *
+ * Module: library/psa_crypto.c
+ *
+ * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C
+ *
+ */
+#define MBEDTLS_PSA_CRYPTO_C
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_STORAGE_C
+ *
+ * Enable the Platform Security Architecture persistent key storage.
+ *
+ * Module: library/psa_crypto_storage.c
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C,
+ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of
+ * the PSA ITS interface
+ */
+// This macro is enabled in TFM Medium but is disabled here because it is
+// incompatible with baremetal builds in Mbed TLS.
+//#define MBEDTLS_PSA_CRYPTO_STORAGE_C
+
+/* \} name SECTION: mbed TLS modules */
+
+/**
+ * \name SECTION: General configuration options
+ *
+ * This section contains Mbed TLS build settings that are not associated
+ * with a particular module.
+ *
+ * \{
+ */
+
+/**
+ * \def MBEDTLS_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"mbedtls/mbedtls_config.h"`.
+ * This header file specifies the compile-time configuration of Mbed TLS.
+ * Unlike other configuration options, this one must be defined on the
+ * compiler command line: a definition in `mbedtls_config.h` would have
+ * no effect.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h"
+
+/**
+ * \def MBEDTLS_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_USER_CONFIG_FILE "/dev/null"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included instead of
+ * `"psa/crypto_config.h"`.
+ * This header file specifies which cryptographic mechanisms are available
+ * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and
+ * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h"
+
+/**
+ * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
+ *
+ * If defined, this is a header which will be included after
+ * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE.
+ * This allows you to modify the default configuration, including the ability
+ * to undefine options that are enabled by default.
+ *
+ * This macro is expanded after an <tt>\#include</tt> directive. This is a popular but
+ * non-standard feature of the C language, so this feature is only available
+ * with compilers that perform macro expansion on an <tt>\#include</tt> line.
+ *
+ * The value of this symbol is typically a path in double quotes, either
+ * absolute or relative to a directory on the include search path.
+ */
+//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null"
+
+/** \} name SECTION: General configuration options */
+
+/**
+ * \name SECTION: Module configuration options
+ *
+ * This section allows for the setting of module specific sizes and
+ * configuration options. The default values are already present in the
+ * relevant header files and should suffice for the regular use cases.
+ *
+ * Our advice is to enable options and change their values here
+ * only if you have a good reason and know the consequences.
+ *
+ * Please check the respective header file for documentation on these
+ * parameters (to prevent duplicate documentation).
+ * \{
+ */
+
+/* ECP options */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */
+
+/* \} name SECTION: Customisation configuration options */
+
+#if CRYPTO_NV_SEED
+#include "tfm_mbedcrypto_config_extra_nv_seed.h"
+#endif /* CRYPTO_NV_SEED */
+
+#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED)
+#include "mbedtls_entropy_nv_seed_config.h"
+#endif
+
+#ifdef CRYPTO_HW_ACCELERATOR
+#include "mbedtls_accelerator_config.h"
+#endif
+
+#endif /* PROFILE_M_MBEDTLS_CONFIG_H */
diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile
index d8db2e0..6252ab0 100644
--- a/docs/architecture/Makefile
+++ b/docs/architecture/Makefile
@@ -3,10 +3,18 @@
default: all
all_markdown = \
- mbed-crypto-storage-specification.md \
- testing/driver-interface-test-strategy.md \
- testing/invasive-testing.md \
- testing/test-framework.md \
+ alternative-implementations.md \
+ mbed-crypto-storage-specification.md \
+ psa-crypto-implementation-structure.md \
+ psa-migration/psa-limitations.md \
+ psa-migration/strategy.md \
+ psa-migration/tasks-g2.md \
+ psa-migration/testing.md \
+ testing/driver-interface-test-strategy.md \
+ testing/invasive-testing.md \
+ testing/psa-storage-format-testing.md \
+ testing/test-framework.md \
+ tls13-support.md \
# This line is intentionally left blank
html: $(all_markdown:.md=.html)
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index d461394..3c8370d 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -1,7 +1,9 @@
-Mbed Crypto storage specification
+Mbed TLS storage specification
=================================
-This document specifies how Mbed Crypto uses storage.
+This document specifies how Mbed TLS uses storage.
+Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS.
+This document contains historical information both from before and after this merge.
Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore:
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index 6a0a095..a5aac40 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -71,3 +71,105 @@
A driver of the Mbed TLS PSA Cryptography API implementation (Mbed TLS PSA driver in the following) is a driver in the sense that it is compliant with the PSA driver interface specification. But it is not an actual driver that drives some hardware. It implements cryptographic operations purely in software.
An Mbed TLS PSA driver C file is named psa_crypto_<driver_name>.c and its associated header file psa_crypto_<driver_name>.h. The functions implementing a driver entry point as defined in the PSA driver interface specification are named as mbedtls_psa_<driver name>_<entry point>(). As an example, the psa_crypto_rsa.c and psa_crypto_rsa.h are the files containing the Mbed TLS PSA driver implementing RSA cryptographic operations. This RSA driver implements among other entry points the "import_key" entry point. The function implementing this entry point is named mbedtls_psa_rsa_import_key().
+
+## How to implement a new cryptographic mechanism
+
+Summary of files to modify when adding a new algorithm or key type:
+
+* [ ] PSA Crypto API draft, if not already done — [PSA standardization](#psa-standardization)
+* [ ] `include/psa/crypto_values.h` or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros)
+* [ ] `include/psa/crypto_config.h`, `tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols)
+* Occasionally `library/check_crypto_config.h` — [Preprocessor symbols](#preprocessor-symbols)
+* [ ] `include/mbedtls/config_psa.h` — [Preprocessor symbols](#preprocessor-symbols)
+* [ ] `library/psa_crypto.c`, `library/psa_crypto_*.[hc]` — [Implementation of the mechanisms](#implementation-of-the-mechanisms)
+* [ ] `include/psa/crypto_builtin_*.h` — [Translucent data structures](#translucent-data-structures)
+* [ ] `tests/suites/test_suite_psa_crypto_metadata.data` — [New functions and macros](#new-functions-and-macros)
+* (If adding `PSA_IS_xxx`) `tests/suites/test_suite_psa_crypto_metadata.function` — [New functions and macros](#new-functions-and-macros)
+* [ ] `tests/suites/test_suite_psa_crypto*.data`, `tests/suites/test_suite_psa_crypto*.function` — [Unit tests](#unit-tests)
+* [ ] `scripts/mbedtls_dev/crypto_knowledge.py`, `scripts/mbedtls_dev/asymmetric_key_data.py` — [Unit tests](#unit-tests)
+* [ ] `ChangeLog.d/*.txt` — changelog entry
+
+Summary of files to modify when adding new API functions:
+
+* [ ] `include/psa/crypto.h` and `include/psa/crypto_sizes.h`, or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros)
+* [ ] `library/psa_crypto.c`, `scripts/data_files/driver_templates/*.jinja` — [Implementation of the mechanisms](#implementation-of-the-mechanisms)
+* [ ] If adding stateful functions: `include/psa/crypto_struct.h`, `include/psa/crypto_builtin_*.h`, `include/psa/crypto_driver_contexts_*.h` — [Translucent data structures](#translucent-data-structures)
+* [ ] `tests/suites/test_suite_psa_crypto.data`, `tests/suites/test_suite_psa_crypto.function`, `tests/suites/test_suite_psa_crypto_driver_wrappers.*` — [Unit tests](#unit-tests)
+
+Note that this is just a basic guide. In some cases, you won't need to change all the files listed here. In some cases, you may need to change other files.
+
+### PSA standardization
+
+Typically, if there's enough demand for a cryptographic mechanism in Mbed TLS, there's enough demand for it to be part of the official PSA Cryptography specification. Therefore the first step before implementing a new mechanism should be to approach the PSA Cryptography working group in Arm for standardization.
+
+At the time of writing, all cryptographic mechanisms that are accessible through `psa_xxx` APIs in in Mbed TLS are current or upcoming PSA standards. Mbed TLS implements some extensions to the PSA API that offer extra integration customization or extra key policies.
+
+Mbed TLS routinely implements cryptographic mechanisms that are not yet part of a published PSA standard, but that are scheduled to be part of a future version of the standard. The Mbed TLS implementation validates the feasibility of the upcoming PSA standard. The PSA Cryptography working group and the Mbed TLS development team communicate during the elaboration of the new interfaces.
+
+### New functions and macros
+
+If a mechanism requires new functions, they should follow the design guidelines in the PSA Cryptography API specification.
+
+Functions that are part of the current or upcoming API are declared in `include/psa/crypto.h`, apart from structure accessors defined in `include/psa/crypto_struct.h`. Functions that have output buffers have associated sufficient-output-size macros in `include/psa/crypto_sizes.h`.
+
+Constants (algorithm identifiers, key type identifiers, etc.) and associated destructor macros (e.g. `PSA_IS_xxx()`) are defined in `include/psa/crypto_values.h`.
+
+Functions and macros that are not intended for standardization, or that are at a stage where the draft standard might still evolve significantly, are declared in `include/psa/crypto_extra.h`.
+
+The PSA Cryptography API specification defines both names and values for certain kinds of constants: algorithms (`PSA_ALG_xxx`), key types (`PSA_KEY_TYPE_xxx`), ECC curve families (`PSA_ECC_FAMILY_xxx`), DH group families (`PSA_DH_FAMILY_xxx`). If Mbed TLS defines an algorithm or a key type that is not part of a current or upcoming PSA standard, pick a value with the `VENDOR` flag set. If Mbed TLS defines an ECC curve or DH group family that is not part of a current or upcoming PSA standard, define a vendor key type and use the family identifier only with this vendor key type.
+
+New constants must have a test case in `tests/suites/test_suite_psa_crypto_metadata.data` that verifies that `PSA_IS_xxx` macros behave properly with the new constant. New `PSA_IS_xxx` macros must be declared in `tests/suites/test_suite_psa_crypto_metadata.function`.
+
+### Preprocessor symbols
+
+Each cryptographic mechanism is optional and can be selected by the application at build time. For each feature `PSA_ttt_xxx`:
+
+* The feature is available to applications when the preprocessor symbol `PSA_WANT_ttt_xxx` is defined. These symbols are set:
+ * If `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`.
+ * if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols.
+* For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`.
+* For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols.
+
+For more details, see *[Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS](../proposed/psa-conditional-inclusion-c.html)*.
+
+Some mechanisms require other mechanisms. For example, you can't do GCM without a block cipher, or RSA-PSS without RSA keys. When mechanism A requires mechanism B, `include/mbedtls/config_psa.h` ensures that B is enabled whenever A is enabled. When mechanism A requires at least one of a set {B1, B2, B3, ...} but there is no particular reason why enabling A would enable any of the specific Bi's, it's up to the application to choose Bi's and the file `library/check_crypto_config.h` contains compile-time constraints to ensure that at least one Bi is enabled.
+
+### Implementation of the mechanisms
+
+The general structure of a cryptographic operation function is:
+
+1. API function defined in `library/psa_crypto.c`. The entry point performs generic checks that don't depend on whether the mechanism is implemented in software or in a driver and looks up keys in the key store.
+2. Driver dispatch code in `scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja` or files included from there.
+3. Built-in implementation in `library/psa_crypto_*.c` (with function declarations in the corresponding `.h` file). These files typically contain the implementation of modes of operation over basic building blocks that are defined elsewhere. For example, HMAC is implemented in `library/psa_crypto_mac.c` but the underlying hash functions are implemented in `library/sha*.c` and `library/md*.c`.
+4. Basic cryptographic building blocks in `library/*.c`.
+
+When implementing a new algorithm or key type, there are typically things to change in `library/crypto.c` (e.g. buffer size calculations, algorithm/key-type compatibility) and in the built-in implementation, but not in the driver dispatch code.
+
+### Translucent data structures
+
+Some mechanisms require state to be kept between function calls. Keys and key-like data is kept in the key store, which PSA manages internally. Other state, for example the state of multipart operations, is kept in structures allocated by the caller.
+
+The size of operation structures needs to be known at compile time, since callers may allocate them on the stack. Therefore these structures are defined in a public header: `include/psa/crypto_struct.h` for the parts that are independent of the underlying implementation, `include/psa/crypto_builtin_*` for parts that are specific to the Mbed TLS built-in implementation, `include/psa/crypto_driver_*.h` for structures implemented by drivers.
+
+### Unit tests
+
+A number of unit tests are automatically generated by `tests/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`:
+
+* Attempt to create a key with a key type that is not supported.
+* Attempt to perform an operation with a combination of key type and algorithm that is not valid or not supported.
+* Storage and retrieval of a persistent key.
+
+When adding a new key type or algorithm:
+
+* `scripts/mbedtls_dev/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms.
+* `scripts/mbedtls_dev/asymmetric_key_data.py` contains valid key data for asymmetric key types.
+
+Other things need to be tested manually, either in `tests/suites/test_sutie_psa_crypto.data` or in another file. For example (this is not an exhaustive list):
+
+* Known answer tests.
+* Potential edge cases (e.g. data less/equal/more than the block size, number equal to zero in asymmetric cryptography).
+* Tests with invalid keys (e.g. wrong size or format).
+* Tests with invalid data (e.g. wrong size or format, output buffer too small, invalid padding).
+* For new functions: incorrect function call sequence, driver dispatch (in `tests/suites/test_suite_psa_crypto_driver_wrappers.*`).
+* For key derivation algorithms: variation on the sequence of input steps, variation on the output size.
+
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md
index a726c43..380fd39 100644
--- a/docs/architecture/testing/driver-interface-test-strategy.md
+++ b/docs/architecture/testing/driver-interface-test-strategy.md
@@ -1,6 +1,6 @@
-# Mbed Crypto driver interface test strategy
+# Mbed TLS driver interface test strategy
-This document describes the test strategy for the driver interfaces in Mbed Crypto. Mbed Crypto has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed Crypto itself; testing drivers is out of scope.
+This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed TLS itself; testing drivers is out of scope.
The driver interfaces are standardized through PSA Cryptography functional specifications.
@@ -16,9 +16,9 @@
#### Dynamic secure element driver interface
-The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers.
+The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed TLS and one or more third-party drivers.
-The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
+The SE interface consists of one function provided by Mbed TLS (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
### SE driver interface unit tests
@@ -57,7 +57,7 @@
#### SE driver outputs
-For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed Crypto handles the outputs.
+For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed TLS handles the outputs.
* Correct outputs.
* Incorrect outputs such as an invalid output length.
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md
index 5514dfa..a5c1fd1 100644
--- a/docs/architecture/testing/psa-storage-format-testing.md
+++ b/docs/architecture/testing/psa-storage-format-testing.md
@@ -47,7 +47,7 @@
* [Storage transaction file](#storage-transaction-resumption).
* [Driver state files](#driver-state-files).
-For a more detailed description, refer to the [Mbed Crypto storage specification](../mbed-crypto-storage-specification.md).
+For a more detailed description, refer to the [Mbed TLS storage specification](../mbed-crypto-storage-specification.md).
In addition, Mbed TLS includes an implementation of the PSA trusted storage interface on top of C stdio. This document addresses the test strategy for [PSA ITS over file](#psa-its-over-file) in a separate section below.
diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md
index cd1b9fc..41f90c9 100644
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@@ -301,25 +301,289 @@
TODO
-#### Operation family `"key_derivation"`
+### Driver entry points for key derivation
-This family requires the following type and entry points:
+Key derivation is more complex than other multipart operations for several reasons:
-* Type `"key_derivation_operation_t"`: the type of a key derivation operation context.
-* `"key_derivation_setup"`: called by `psa_key_derivation_setup()`.
-* `"key_derivation_set_capacity"`: called by `psa_key_derivation_set_capacity()`. The core will always enforce the capacity, therefore this function does not need to do anything for algorithms where the output stream only depends on the effective generated length and not on the capacity.
-* `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point.
-* `"key_derivation_input_integer"`: called by `psa_key_derivation_input_integer()`.
-* `"key_derivation_input_key"` (opaque drivers only)
-* `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers.
-* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers.
-* `"key_derivation_verify_bytes"` (opaque drivers only).
-* `"key_derivation_verify_key"` (opaque drivers only).
-* `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API.
+* There are multiple inputs and outputs.
+* Multiple drivers can be involved. This happens when an operation combines a key agreement and a subsequent symmetric key derivation, each of which can have independent drivers. This also happens when deriving an asymmetric key, where processing the secret input and generating the key output might involve different drivers.
+* When multiple drivers are involved, they are not always independent: if the secret input is managed by an opaque driver, it might not allow the core to retrieve the intermediate output and pass it to another driver.
+* The involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input).
-TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers
+#### Key derivation driver dispatch logic
-TODO
+The core decides whether to dispatch a key derivation operation to a driver based on the location associated with the input step `PSA_KEY_DERIVATION_INPUT_SECRET`.
+
+1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element:
+ * If the driver for this secure element implements the `"key_derivation"` family for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points.
+ Note that for all currently specified algorithms, the key type for the secret input does not matter.
+ * Otherwise the core calls the secure element driver's [`"export_key"`](#key-management-with-opaque-drivers) entry point.
+2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points.
+3. Otherwise, or on fallback, the core uses its built-in implementation.
+
+#### Summary of entry points for the operation family `"key_derivation"`
+
+A key derivation driver has the following entry points:
+
+* `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup).
+* `"key_derivation_input_step"` (mandatory if the driver supports a key derivation algorithm with long inputs, otherwise ignored): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs).
+* `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs).
+* `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs).
+* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types; ignored for other opaque drivers; not permitted for transparent drivers): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity).
+* `"key_derivation_abort"` (mandatory): always the last entry point to be called.
+
+For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections:
+```
+typedef ... acme_key_derivation_operation_t;
+psa_status_t acme_key_derivation_abort(acme_key_derivation_operation_t *operation);
+```
+
+#### Key derivation driver initial inputs
+
+The core conveys the initial inputs for a key derivation via an opaque data structure of type `psa_crypto_driver_key_derivation_inputs_t`.
+
+```
+typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type
+```
+
+A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`.
+
+```
+enum psa_crypto_driver_key_derivation_input_type_t {
+ PSA_KEY_DERIVATION_INPUT_TYPE_INVALID = 0,
+ PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED,
+ PSA_KEY_DERIVATION_INPUT_TYPE_BYTES,
+ PSA_KEY_DERIVATION_INPUT_TYPE_KEY,
+ PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER,
+ // Implementations may add other values, and may freely choose the
+ // numerical values for each identifer except as explicitly specified
+ // above.
+};
+psa_crypto_driver_key_derivation_input_type_t psa_crypto_driver_key_derivation_get_input_type(
+ const psa_crypto_driver_key_derivation_inputs_t *inputs,
+ psa_key_derivation_step_t step);
+```
+
+The function `psa_crypto_driver_key_derivation_get_input_type()` determines whether a given step is present and how to access its value:
+
+* `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for.
+* `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted.
+* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` to make a copy of the input data (design note: [why a copy?](#key-derivation-inputs-and-buffer-ownership)).
+* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key context.
+* `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value.
+
+```
+psa_status_t psa_crypto_driver_key_derivation_get_input_size(
+ const psa_crypto_driver_key_derivation_inputs_t *inputs,
+ psa_key_derivation_step_t step,
+ size_t *size);
+psa_status_t psa_crypto_driver_key_derivation_get_input_bytes(
+ const psa_crypto_driver_key_derivation_inputs_t *inputs,
+ psa_key_derivation_step_t step,
+ uint8_t *buffer, size_t buffer_size, size_t *buffer_length);
+psa_status_t psa_crypto_driver_key_derivation_get_input_key(
+ const psa_crypto_driver_key_derivation_inputs_t *inputs,
+ psa_key_derivation_step_t step,
+ const psa_key_attributes_t *attributes,
+ uint8_t** p_key_buffer, size_t *key_buffer_size);
+psa_status_t psa_crypto_driver_key_derivation_get_input_integer(
+ const psa_crypto_driver_key_derivation_inputs_t *inputs,
+ psa_key_derivation_step_t step,
+ uint64_t *value);
+```
+
+The get-data functions take the following parameters:
+
+* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet.
+* The `step` parameter indicates the input step whose content the driver wants to retrieve.
+* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the specified input in bytes.
+* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the specified input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`.
+* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context.
+* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the specified input.
+
+These functions can return the following statuses:
+
+* `PSA_SUCCESS`: the call succeeded and the requested value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been written to the applicable parameter (`buffer_length`, `key_buffer_size`).
+* `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs).
+* `PSA_ERROR_INVALID_ARGUMENT`: the input type is not compatible with this function or was omitted. Call `psa_crypto_driver_key_derivation_get_input_type()` to find out the actual type of this input step. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step.
+* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size.
+* The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors.
+
+#### Key derivation driver setup
+
+A key derivation driver must implement the following entry point:
+```
+psa_status_t acme_key_derivation_setup(
+ acme_key_derivation_operation_t *operation,
+ psa_algorithm_t alg,
+ const psa_crypto_driver_key_derivation_inputs_t *inputs);
+```
+
+* `operation` is a zero-initialized operation object.
+* `alg` is the algorithm for the key derivation operation. It does not include a key agreement component.
+* `inputs` is an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key derivation.
+
+#### Key derivation driver long inputs
+
+Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this entry point for all the long inputs after calling `"acme_key_derivation_setup"`. A long input step may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. Calls to this entry point for different step values occur in an unspecified order and may be interspersed.
+
+```
+psa_status_t acme_key_derivation_input_step(
+ acme_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *input, size_t input_length);
+```
+
+At the time of writing, no standard key derivation algorithm has long inputs. It is likely that such algorithms will be added in the future.
+
+#### Key derivation driver operation capacity
+
+The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support [`"key_derivation_output_key"`](#key-derivation-driver-outputs), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream.
+
+Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point:
+```
+psa_status_t acme_key_derivation_set_capacity(
+ acme_key_derivation_operation_t *operation,
+ size_t capacity);
+```
+`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaranteed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`.
+
+If this entry point has not been called, the operation has an unlimited capacity.
+
+#### Key derivation driver outputs
+
+A key derivation driver must provide the following entry point:
+```
+psa_status_t acme_key_derivation_output_bytes(
+ acme_key_derivation_operation_t *operation,
+ uint8_t *output, size_t length);
+```
+
+An opaque key derivation driver may provide the following entry points:
+```
+psa_status_t acme_key_derivation_output_key(
+ const psa_key_attributes_t *attributes,
+ acme_key_derivation_operation_t *operation,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+psa_status_t acme_key_derivation_verify_bytes(
+ acme_key_derivation_operation_t *operation,
+ const uint8_t *expected output, size_t length);
+psa_status_t acme_key_derivation_verify_key(
+ acme_key_derivation_operation_t *operation,
+ uint8_t *key_buffer, size_t key_buffer_size);
+```
+
+The core calls a key derivation driver's output entry point when the application calls `psa_key_derivation_output_bytes()`, `psa_key_derivation_output_key()`, `psa_key_derivation_verify_bytes()` or `psa_key_derivation_verify_key()`.
+
+If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the derivation operation is handled by that secure element, the core performs the following steps:
+
+* For a call to `psa_key_derivation_output_key()`:
+
+ 1. If the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop.
+ 1. If the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`.
+ 1. Otherwise proceed as for `psa_key_derivation_output_bytes()`, then import the resulting key material.
+
+* For a call to `psa_key_derivation_verify_key()`:
+ 1. If the driver has a `"key_derivation_verify_key"` entry point, call it and stop.
+ 1. Call the driver's `"export_key"` entry point on the key object that contains the expected value, then proceed as for `psa_key_derivation_verify_bytes()`.
+
+* For a call to `psa_key_derivation_verify_bytes()`:
+ 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call that entry point on the expected output, then stop.
+ 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core.
+
+* For a call to `psa_key_derivation_output_bytes()`:
+ 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit.
+
+If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the core then calls additional entry points in the same or another driver:
+
+* For a call to `psa_key_derivation_output_key()` for some key types, the core calls a transparent driver's `"derive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivation).
+* For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, call that secure element driver's `"import_key"` entry point.
+
+#### Transparent cooked key derivation
+
+Key derivation is said to be *raw* for some key types, where the key material of a derived (8×*n*)-bit key consists of the next *n* bytes of output from the key derivation, and *cooked* otherwise. When deriving a raw key, the core only calls the driver's `"output_bytes"` entry point, except when deriving a key entirely inside a secure element as described in [“Key derivation driver outputs”](#key-derivation-driver-outputs). When deriving a cooked key, the core calls a transparent driver's `"derive_key"` entry point if available.
+
+A capability for cooked key derivation contains the following properties (this is not a subset of [the usual entry point properties](#capability-syntax)):
+
+* `"entry_points"` (mandatory, list of strings). Must be `["derive_key"]`.
+* `"derived_types"` (mandatory, list of strings). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified type.
+* `"derived_sizes"` (optional, list of integers). Each element is a size for the derived key, in bits. This capability only applies when deriving a key of the specified sizes. If absent, this capability applies to all sizes for the specified types.
+* `"memory"` (optional, boolean). If present and true, the driver must define a type `"derive_key_memory_t"` and the core will allocate an object of that type as specified below.
+* `"names"` (optional, object). A mapping from entry point names to C function and type names, as usual.
+* `"fallback"` (optional, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED` if it only partially supports the specified mechanism, as usual.
+
+A transparent driver with the prefix `"acme"` that implements cooked key derivation must provide the following type and function:
+
+```
+typedef ... acme_derive_key_memory_t; // only if the "memory" property is true
+psa_status_t acme_derive_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *input, size_t input_length,
+ acme_derive_key_memory_t *memory, // if the "memory" property is false: void*
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+```
+
+* `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set.
+* `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return.
+* If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer.
+* `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes.
+* On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`.
+
+This entry point may return the following statuses:
+
+* `PSA_SUCCESS`: a key was derived successfully. The driver has placed the representation of the key in `key_buffer`.
+* `PSA_ERROR_NOT_SUPPORTED` (for the first call only) (only if fallback is enabled): the driver cannot fulfill this request, but a fallback driver might.
+* `PSA_ERROR_INSUFFICIENT_DATA`: the core must call the `"derive_key"` entry point again with the same `memory` object and with subsequent data from the key stream.
+* Any other error is a fatal error.
+
+The core calls the `"derive_key"` entry point in a loop until it returns a status other than `PSA_ERROR_INSUFFICIENT_DATA`. Each call has a successive fragment of the key stream. The `memory` object is guaranteed to be the same for successive calls, but note that its address may change between calls. Before the first call, `*memory` is initialized to all-bits-zero.
+
+For standard key types, the `"derive_key"` entry point is called with a certain input length as follows:
+
+* `PSA_KEY_TYPE_DES`: the length of the key.
+* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $8 (m-1) < n \le 8 m$.
+* `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length.
+* Other key types: not applicable.
+
+See [“Open questions around cooked key derivation”](#open-questions-around-cooked-key-derivation) for some points that may not be fully settled.
+
+#### Key agreement
+
+The core always decouples key agreement from symmetric key derivation.
+
+To implement a call to `psa_key_derivation_key_agreement()` where the private key is in a secure element that has a `"key_agreement_to_key"` entry point which is applicable for the given key type and algorithm, the core calls the secure element driver as follows:
+
+1. Call the `"key_agreement_to_key"` entry point to create a key object containing the shared secret. The key object is volatile and has the type `PSA_KEY_TYPE_DERIVE`.
+2. Call the `"key_derivation_setup"` entry point, passing the resulting key object .
+3. Perform the rest of the key derivation, up to and including the call to the `"key_derivation_abort"` entry point.
+4. Call the `"destroy_key"` entry point to destroy the key containing the key object.
+
+In other cases, the core treats `psa_key_derivation_key_agreement()` as if it was a call to `psa_raw_key_agreement()` followed by a call to `psa_key_derivation_input_bytes()` on the shared secret.
+
+The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`:
+```
+psa_status_t acme_key_agreement(psa_algorithm_t alg,
+ const psa_key_attributes_t *our_attributes,
+ const uint8_t *our_key_buffer,
+ size_t our_key_buffer_length,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg,
+ const psa_key_attributes_t *our_attributes,
+ const uint8_t *our_key_buffer,
+ size_t our_key_buffer_length,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ const psa_key_attributes_t *shared_secret_attributes,
+ uint8_t *shared_secret_key_buffer,
+ size_t shared_secret_key_buffer_size,
+ size_t *shared_secret_key_buffer_length);
+```
+
+Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the attributes for the shared secret are not placed near the beginning, but rather grouped with the other parameters related to the shared secret at the end of the parameter list. This is to avoid potential confusion with the attributes of the private key that is passed as an input.
### Driver entry points for PAKE
@@ -390,10 +654,6 @@
const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *peer_id, size_t peer_id_size, size_t *peer_id_length);
-psa_status_t psa_crypto_driver_pake_get_role(
- const psa_crypto_driver_pake_inputs_t *inputs,
- psa_pake_role_t *role);
-
psa_status_t psa_crypto_driver_pake_get_cipher_suite(
const psa_crypto_driver_pake_inputs_t *inputs,
psa_pake_cipher_suite_t *cipher_suite);
@@ -510,8 +770,9 @@
size_t key_buffer_size,
size_t *key_buffer_length);
```
+Additionally, opaque drivers can create keys through their [`"key_derivation_output_key"`](#key-derivation-driver-outputs) and [`"key_agreement_key"`](#key-agreement) entry points. Transparent drivers can create key material through their [`"derive_key"`](#transparent-cooked-key-derivation) entry point.
-TODO: derivation, copy
+TODO: copy
* The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface.
* For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`.
@@ -644,7 +905,7 @@
This entry point has several roles:
1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification.
-2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) above.
+2. Validate the key data. The necessary validation is described in the section [“Key validation”](#key-validation) above.
3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`.
4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it.
@@ -834,7 +1095,7 @@
Opaque drivers may provide the following key management entry points:
-* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations).
+* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations), or [as a fallback for key derivation](#key-derivation-driver-dispatch-logic).
* `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object.
* `"import_key"`: called by `psa_import_key()`, or by `psa_copy_key()` when copying a key from another location.
* `"generate_key"`: called by `psa_generate_key()`.
@@ -1105,6 +1366,12 @@
Should the core guarantee that the output buffer size has the size indicated by the applicable buffer size macro (which may be an overestimation)?
+#### Key derivation inputs and buffer ownership
+
+Why is `psa_crypto_driver_key_derivation_get_input_bytes` a copy, rather than giving a pointer?
+
+The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point returns, which would allow the driver to process the data immediately (e.g. hash it rather than copy it).
+
### Partial computations in drivers
#### Substitution points
@@ -1148,6 +1415,18 @@
`psa_crypto_driver_get_persistent_state` does not identify the calling driver, so the driver needs to remember which driver it's calling. This may require a thread-local variable in a multithreaded core. Is this ok?
+#### Open questions around cooked key derivation
+
+`"derive_key"` is not a clear name. Can we use a better one?
+
+For the `"derive_key"` entry point, how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? Note that for some key types, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test. However, for all key types except RSA, the specification mandates how the key is derived, which practically dictates how the pseudorandom key stream is consumed. So it's probably ok.
+
+#### Fallback for key derivation in opaque drivers
+
+Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so that if `"key_derivation_setup"` returns `PSA_ERROR_NOT_SUPPORTED` then the core exports the key from the secure element instead?
+
+Should the ["`key_derivation_output_key`"](#key-derivation-driver-outputs) capability indicate which key types the driver can derive? How should fallback work? For example, consider a secure element that implements HMAC, HKDF and ECDSA, and that can derive an HMAC key from HKDF without exporting intermediate material but can only import or randomly generate ECC keys. How does this driver convey that it can't derive an ECC key with HKDF, but it can let the core do this and import the resulting key?
+
### Randomness
#### Input to `"add_entropy"`
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
new file mode 100644
index 0000000..ff66124
--- /dev/null
+++ b/docs/psa-driver-example-and-guide.md
@@ -0,0 +1,175 @@
+# PSA Cryptoprocessor driver development examples
+
+As of Mbed TLS 3.4.0, the PSA Driver Interface has only been partially implemented. As a result, the deliverables for writing a driver and the method for integrating a driver with Mbed TLS will vary depending on the operation being accelerated. This document describes how to write and integrate cryptoprocessor drivers depending on which operation or driver type is being implemented.
+
+The `docs/proposed/` directory contains three documents which pertain to the proposed, work-in-progress driver system. The [PSA Driver Interface](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-interface.md) describes how drivers will interface with Mbed TLS in the future, as well as driver types, operation types, and entry points. As many key terms and concepts used in the examples in this document are defined in the PSA Driver Interface, it is recommended that developers read it prior to starting work on implementing drivers.
+The PSA Driver [Developer](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-developer-guide.md) Guide describes the deliverables for writing a driver that can be used with Mbed TLS, and the PSA Driver [Integration](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-integration-guide.md) Guide describes how a driver can be built alongside Mbed TLS.
+
+## Contents:
+[Background on how Mbed TLS calls drivers](#background-on-how-mbed-tls-calls-drivers)\
+[Process for Entry Points where auto-generation is implemented](#process-for-entry-points-where-auto-generation-is-implemented) \
+[Process for Entry Points where auto-generation is not implemented](#process-for-entry-points-where-auto-generation-is-not-implemented) \
+[Example: Manually integrating a software accelerator alongside Mbed TLS](#example-manually-integrating-a-software-accelerator-alongside-mbed-tls)
+
+## Background on how Mbed TLS calls drivers
+
+The PSA Driver Interface specification specifies which cryptographic operations can be accelerated by third-party drivers. Operations that are completed within one step (one function call), such as verifying a signature, are called *Single-Part Operations*. On the other hand, operations that consist of multiple steps implemented by different functions called sequentially are called *Multi-Part Operations*. Single-part operations implemented by a driver will have one entry point, while multi-part operations will have multiple: one for each step.
+
+There are two types of drivers: *transparent* or *opaque*. See below an excerpt from the PSA Driver Interface specification defining them:
+* **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext at the beginning of each operation. They are typically used for hardware **accelerators**. When a transparent driver is available for a particular combination of parameters (cryptographic algorithm, key type and size, etc.), it is used instead of the default software implementation. Transparent drivers can also be pure software implementations that are distributed as plug-ins to a PSA Cryptography implementation (for example, an alternative implementation with different performance characteristics, or a certified implementation).
+* **Opaque** drivers implement cryptographic operations on keys that can only be used inside a protected environment such as a **secure element**, a hardware security module, a smartcard, a secure enclave, etc. An opaque driver is invoked for the specific [key location](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-interface.md#lifetimes-and-locations) that the driver is registered for: the dispatch is based on the key's lifetime.
+
+Mbed TLS contains a **driver dispatch layer** (also called a driver wrapper layer). For each cryptographic operation that supports driver acceleration (or sub-part of a multi-part operation), the library calls the corresponding function in the driver wrapper. Using flags set at compile time, the driver wrapper ascertains whether any present drivers support the operation. When no such driver is present, the built-in library implementation is called as a fallback (if allowed). When a compatible driver is present, the driver wrapper calls the driver entry point function provided by the driver author.
+
+The long-term goal is for the driver dispatch layer to be auto-generated using a JSON driver description file provided by the driver author.
+For some cryptographic operations, this auto-generation logic has already been implemented. When accelerating these operations, the instructions in the above documents can be followed. For the remaining operations which do not yet support auto-generation of the driver wrapper, developers will have to manually edit the driver dispatch layer and call their driver's entry point functions from there.
+
+Auto-generation of the driver wrapper is supported for the operation entry points specified in the table below. Certain operations are only permitted for opaque drivers. All other operation entry points do not support auto-generation of the driver wrapper.
+
+| Transparent Driver | Opaque Driver |
+|---------------------|---------------------|
+| `import_key` | `import_key` |
+| `export_key` | `export_key` |
+| `export_public_key` | `export_public_key` |
+| | `copy_key` |
+| | `get_builtin_key` |
+
+### Process for Entry Points where auto-generation is implemented
+
+If the driver is accelerating operations whose entry points are in the above table, the instructions in the driver [developer](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-developer-guide.md) and [integration](https://github.com/Mbed-TLS/mbedtls/blob/development/docs/proposed/psa-driver-integration-guide.md) guides should be followed.
+
+There are three deliverables for creating such a driver. These are:
+ - A driver description file (in JSON format).
+ - C header files defining the types required by the driver description. The names of these header files are declared in the driver description file.
+ - An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled.
+
+The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `tests/src/drivers`.
+
+### Process for Entry Points where auto-generation is not implemented
+
+If the driver is accelerating operations whose entry points are not present in the table, a different process is followed where the developer manually edits the driver dispatch layer. The following steps describe this process. Steps 1, 2, 3, and 7 only need to be done once *per driver*. Steps 4, 5, and 6 must be done *for each single-part operation* or *for each sub-part of a multi-part operation* implemented by the driver.
+
+**1. Choose a driver prefix and a macro name that indicates whether the driver is enabled** \
+A driver prefix is simply a word (often the name of the driver) that all functions/macros associated with the driver should begin with. This is similar to how most functions/macros in Mbed TLS begin with `PSA_XXX/psa_xxx` or `MBEDTLS_XXX/mbedtls_xxx`. The macro name can follow the form `DRIVER_PREFIX_ENABLED` or something similar; it will be used to indicate the driver is available to be called. When building with the driver present, define this macro at compile time.
+
+**2. Include the following in one of the driver header files:**
+```
+#if defined(DRIVER_PREFIX_ENABLED)
+#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
+#endif
+
+// other definitions here
+
+#endif
+```
+
+**3. Conditionally include header files required by the driver**
+Include any header files required by the driver in `psa_crypto_driver_wrappers.h`, placing the `#include` statements within an `#if defined` block which checks if the driver is available:
+```
+#if defined(DRIVER_PREFIX_ENABLED)
+#include ...
+#endif
+```
+
+
+**4. For each operation being accelerated, locate the function in the driver dispatch layer that corresponds to the entry point of that operation.** \
+The file `psa_crypto_driver_wrappers.c.jinja` contains the driver wrapper functions. For the entry points that have driver wrapper auto-generation implemented, the functions have been replaced with `jinja` templating logic. While the file has a `.jinja` extension, the driver wrapper functions for the remaining entry points are simple C functions. The names of these functions are of the form `psa_driver_wrapper` followed by the entry point name. So, for example, the function `psa_driver_wrapper_sign_hash()` corresponds to the `sign_hash` entry point.
+
+**5. If a driver entry point function has been provided then ensure it has the same signature as the driver wrapper function.** \
+If one has not been provided then write one. Its name should begin with the driver prefix, followed by transparent/opaque (depending on driver type), and end with the entry point name. It should have the same signature as the driver wrapper function. The purpose of the entry point function is to take arguments in PSA format for the implemented operation and return outputs/status codes in PSA format. \
+*Return Codes:*
+* `PSA_SUCCESS`: Successful Execution
+* `PSA_ERROR_NOT_SUPPORTED`: Input arguments are correct, but the driver does not support the operation. If a transparent driver returns this then it allows fallback to another driver or software implementation.
+* `PSA_ERROR_XXX`: Any other PSA error code, see API documentation
+
+**6. Modify the driver wrapper function** \
+Each driver wrapper function contains a `switch` statement which checks the location of the key. If the key is stored in local storage, then operations are performed by a transparent driver. If it is stored elsewhere, then operations are performed by an opaque driver.
+ * **Transparent drivers:** Calls to driver entry points go under `case PSA_KEY_LOCATION_LOCAL_STORAGE`.
+ * **Opaque Drivers** Calls to driver entry points go in a separate `case` block corresponding to the key location.
+
+
+The diagram below shows the layout of a driver wrapper function which can dispatch to two transparent drivers `Foo` and `Bar`, and one opaque driver `Baz`.
+
+ ```
+psa_driver_wrapper_xxx()
+├── switch(location)
+| |
+| ├── case PSA_KEY_LOCATION_LOCAL_STORAGE //transparent driver
+| | ├── #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+| | | ├── #if defined(FOO_DRIVER_PREFIX_ENABLED)
+| | | | ├── if(//conditions for foo driver capibilities)
+| | | | ├── foo_driver_transparent_xxx() //call to driver entry point
+| | | | ├── if (status != PSA_ERROR_NOT_SUPPORTED) return status
+| | | ├── #endif
+| | | ├── #if defined(BAR_DRIVER_PREFIX_ENABLED)
+| | | | ├── if(//conditions for bar driver capibilities)
+| | | | ├── bar_driver_transparent_xxx() //call to driver entry point
+| | | | ├── if (status != PSA_ERROR_NOT_SUPPORTED) return status
+| | | ├── #endif
+| | ├── #endif
+| |
+| ├── case SECURE_ELEMENT_LOCATION //opaque driver
+| | ├── #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
+| | | ├── #if defined(BAZ_DRIVER_PREFIX_ENABLED)
+| | | | ├── if(//conditions for baz driver capibilities)
+| | | | ├── baz_driver_opaque_xxx() //call to driver entry point
+| | | | ├── if (status != PSA_ERROR_NOT_SUPPORTED) return status
+| | | ├── #endif
+| | ├── #endif
+└── return psa_xxx_builtin() // fall back to built in implementation
+ ```
+
+All code related to driver calls within each `case` must be contained between `#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)` and a corresponding `#endif`. Within this block, each individual driver's compatibility checks and call to the entry point must be contained between `#if defined(DRIVER_PREFIX_ENABLED)` and a corresponding `#endif`. Checks that involve accessing key material using PSA macros, such as determining the key type or number of bits, must be done in the driver wrapper.
+
+**7. Build Mbed TLS with the driver**
+This guide assumes you are building Mbed TLS from source alongside your project. If building with a driver present, the chosen driver macro (`DRIVER_PREFIX_ENABLED`) must be defined. This can be done in two ways:
+* *At compile time via flags.* This is the preferred option when your project uses Mbed TLS mostly out-of-the-box without significantly modifying the configuration. This can be done by passing the option via `CFLAGS`.
+ * **Make**:
+ ```
+ make CFLAGS="-DDRIVER_PREFIX_ENABLED"
+ ```
+ * **CMake**: CFLAGS must be passed to CMake when it is invoked. Invoke CMake with
+
+ ```
+ CFLAGS="-DDRIVER_PREFIX_ENABLED" cmake path/to/source
+ ```
+* *Providing a user config file.* This is the preferred option when your project requires a custom configuration that is significantly different to the default. Define the macro for the driver, along with any other custom configurations in a separate header file, then use `config.py`, to set `MBEDTLS_USER_CONFIG_FILE`, providing the path to the defined header file. This will include your custom config file after the default. If you wish to completely replace the default config file, set `MBEDTLS_CONFIG_FILE` instead.
+
+### Example: Manually integrating a software accelerator alongside Mbed TLS
+
+[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. As such, it serves as a software accelerator. This section demonstrates the integration of `p256-m` as a transparent driver alongside Mbed TLS, serving as a guide for implementation.
+The code for p256-m can be found in `3rdparty/p256-m/p256m`. In this demonstration, p256-m is built from source alongside Mbed TLS.
+
+The driver prefix for p256-m is `P256`/`p256`. The driver macro is `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. To build with and use p256-m, set the macro using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run:
+
+ python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
+ make
+
+p256-m implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. The `sign/verify_hash` entry points are used instead of `sign/verify_message` as messages must be hashed prior to any operation, and p256-m does not implement this. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes.
+
+The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called.
+
+```
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+ !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256_transparent_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+```
+Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable.
diff --git a/docs/redirects.yaml b/docs/redirects.yaml
new file mode 100644
index 0000000..7ea1d95
--- /dev/null
+++ b/docs/redirects.yaml
@@ -0,0 +1,11 @@
+# Readthedocs redirects
+# See https://docs.readthedocs.io/en/stable/user-defined-redirects.html
+#
+# Changes to this file do not take effect until they are merged into the
+# 'development' branch. This is because the API token (RTD_TOKEN) is not
+# made available in PR jobs - preventing bad actors from crafting PRs to
+# expose it.
+
+- type: exact
+ from_url: /projects/api/en/latest/$rest
+ to_url: /projects/api/en/development/
diff --git a/docs/requirements.in b/docs/requirements.in
index a523188..14d618c 100644
--- a/docs/requirements.in
+++ b/docs/requirements.in
@@ -1,2 +1,3 @@
-sphinx-rtd-theme
breathe
+readthedocs-cli
+sphinx-rtd-theme
diff --git a/docs/requirements.txt b/docs/requirements.txt
index 4b9f3a6..a1bfd82 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -14,6 +14,8 @@
# via requests
charset-normalizer==3.1.0
# via requests
+click==8.1.3
+ # via readthedocs-cli
docutils==0.17.1
# via
# breathe
@@ -27,14 +29,28 @@
# via sphinx
jinja2==3.1.2
# via sphinx
+markdown-it-py==2.2.0
+ # via rich
markupsafe==2.1.2
# via jinja2
+mdurl==0.1.2
+ # via markdown-it-py
packaging==23.0
# via sphinx
pygments==2.14.0
- # via sphinx
+ # via
+ # rich
+ # sphinx
+pyyaml==6.0
+ # via readthedocs-cli
+readthedocs-cli==4
+ # via -r requirements.in
requests==2.28.2
- # via sphinx
+ # via
+ # readthedocs-cli
+ # sphinx
+rich==13.3.5
+ # via readthedocs-cli
snowballstemmer==2.2.0
# via sphinx
sphinx==4.5.0
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 9d783d5..92d0985 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -13,7 +13,8 @@
**Application code:** when this option is enabled, you need to call
`psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK
-module.
+modules, except for the various mbedtls_xxx_init() functions which can be called
+at any time.
**Why enable this option:** to fully take advantage of PSA drivers in PK,
X.509 and TLS. For example, enabling this option is what allows use of drivers
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index c5bbf2c..4053df8 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,73 +22,10 @@
*/
/**
- * @mainpage mbed TLS v3.4.0 source code documentation
+ * @mainpage Mbed TLS v3.4.0 API Documentation
*
- * This documentation describes the internal structure of mbed TLS. It was
+ * This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
- * mbed TLS's source code using Doxygen. (See
- * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
- *
- * mbed TLS has a simple setup: it provides the ingredients for an SSL/TLS
- * implementation. These ingredients are listed as modules in the
- * \ref mainpage_modules "Modules section". This "Modules section" introduces
- * the high-level module concepts used throughout this documentation.\n
- * Some examples of mbed TLS usage can be found in the \ref mainpage_examples
- * "Examples section".
- *
- * @section mainpage_modules Modules
- *
- * mbed TLS supports TLSv1.0 up to TLSv1.2 communication by providing the
- * following:
- * - TCP/IP communication functions: listen, connect, accept, read/write.
- * - SSL/TLS communication functions: init, handshake, read/write.
- * - X.509 functions: CRT, CRL and key handling
- * - Random number generation
- * - Hashing
- * - Encryption/decryption
- *
- * Above functions are split up neatly into logical interfaces. These can be
- * used separately to provide any of the above functions or to mix-and-match
- * into an SSL server/client solution that utilises a X.509 PKI. Examples of
- * such implementations are amply provided with the source code.
- *
- * Note that mbed TLS does not provide a control channel or (multiple) session
- * handling without additional work from the developer.
- *
- * @section mainpage_examples Examples
- *
- * Example server setup:
- *
- * \b Prerequisites:
- * - X.509 certificate and private key
- * - session handling functions
- *
- * \b Setup:
- * - Load your certificate and your private RSA key (X.509 interface)
- * - Setup the listening TCP socket (TCP/IP interface)
- * - Accept incoming client connection (TCP/IP interface)
- * - Initialise as an SSL-server (SSL/TLS interface)
- * - Set parameters, e.g. authentication, ciphers, CA-chain, key exchange
- * - Set callback functions RNG, IO, session handling
- * - Perform an SSL-handshake (SSL/TLS interface)
- * - Read/write data (SSL/TLS interface)
- * - Close and cleanup (all interfaces)
- *
- * Example client setup:
- *
- * \b Prerequisites:
- * - X.509 certificate and private key
- * - X.509 trusted CA certificates
- *
- * \b Setup:
- * - Load the trusted CA certificates (X.509 interface)
- * - Load your certificate and your private RSA key (X.509 interface)
- * - Setup a TCP/IP connection (TCP/IP interface)
- * - Initialise as an SSL-client (SSL/TLS interface)
- * - Set parameters, e.g. authentication mode, ciphers, CA-chain, session
- * - Set callback functions RNG, IO
- * - Perform an SSL-handshake (SSL/TLS interface)
- * - Verify the server certificate (SSL/TLS interface)
- * - Write/read data (SSL/TLS interface)
- * - Close and cleanup (all interfaces)
+ * Mbed TLS's source code using Doxygen. (See
+ * https://www.doxygen.nl for more information on Doxygen)
*/
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index da73759..3c5072c 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -164,6 +164,27 @@
size_t par_len);
/**
+ * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param oid The OID of the algorithm to write.
+ * \param oid_len The length of the algorithm's OID.
+ * \param par_len The length of the parameters, which must be already written.
+ * \param has_par If there are any parameters. If 0, par_len must be 0. If 1
+ * and \p par_len is 0, NULL parameters are added.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+ */
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
+ const unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par);
+
+/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
* in ASN.1 format.
*
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 5c2c843..e7f3131 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -594,6 +594,8 @@
* \brief Perform a left-shift on an MPI: X <<= count
*
* \param X The MPI to shift. This must point to an initialized MPI.
+ * The MPI pointed by \p X may be resized to fit
+ * the resulting number.
* \param count The number of bits to shift by.
*
* \return \c 0 if successful.
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 8e93e56..ec0dc8a 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -95,6 +95,18 @@
#define MBEDTLS_MD_C
#endif
+/* PSA crypto specific configuration options
+ * - If config_psa.h reads a configuration option in preprocessor directive,
+ * this symbol should be set before its inclusion. (e.g. MBEDTLS_MD_C)
+ * - If config_psa.h writes a configuration option in conditional directive,
+ * this symbol should be consulted after its inclusion.
+ * (e.g. MBEDTLS_MD_LIGHT)
+ */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
+ defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
+#include "mbedtls/config_psa.h"
+#endif
+
/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C.
* This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C.
*/
@@ -108,8 +120,12 @@
#if defined(MBEDTLS_ECJPAKE_C) || \
defined(MBEDTLS_PEM_PARSE_C) || \
defined(MBEDTLS_ENTROPY_C) || \
+ defined(MBEDTLS_PK_C) || \
defined(MBEDTLS_PKCS12_C) || \
- defined(MBEDTLS_RSA_C)
+ defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_SSL_TLS_C) || \
+ defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_X509_CREATE_C)
#define MBEDTLS_MD_LIGHT
#endif
@@ -193,11 +209,6 @@
/* Make sure all configuration symbols are set before including check_config.h,
* even the ones that are calculated programmatically. */
-#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
- defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
-#include "mbedtls/config_psa.h"
-#endif
-
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 20d4358..3a2f06e 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -148,6 +148,13 @@
#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
#endif /* PSA_WANT_ALG_ECDSA */
+#if defined(PSA_WANT_ALG_FFDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
+#endif /* PSA_WANT_ALG_FFDH */
+
#if defined(PSA_WANT_ALG_HKDF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
@@ -261,6 +268,15 @@
#define MBEDTLS_SHA512_C
#endif
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+
#if defined(PSA_WANT_ALG_TLS12_PRF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
@@ -287,6 +303,13 @@
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR */
+
#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
@@ -295,6 +318,13 @@
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
@@ -651,6 +681,16 @@
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
#endif /* MBEDTLS_ECP_C */
+#if defined(MBEDTLS_DHM_C)
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
+#define PSA_WANT_ALG_FFDH 1
+#define PSA_WANT_DH_FAMILY_RFC7919 1
+#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR 1
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#endif /* MBEDTLS_DHM_C */
+
#if defined(MBEDTLS_GCM_C)
#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
#define PSA_WANT_ALG_GCM 1
@@ -877,6 +917,10 @@
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+#if defined(PSA_WANT_ALG_JPAKE)
+#define PSA_WANT_ALG_SOME_PAKE 1
+#endif
+
/* These features are always enabled. */
#define PSA_WANT_KEY_TYPE_DERIVE 1
#define PSA_WANT_KEY_TYPE_PASSWORD 1
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index a63bb32..0008d73 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -54,6 +54,7 @@
typedef enum {
MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client */
MBEDTLS_ECJPAKE_SERVER, /**< Server */
+ MBEDTLS_ECJPAKE_NONE, /**< Undefined */
} mbedtls_ecjpake_role;
#if !defined(MBEDTLS_ECJPAKE_ALT)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 23a83f2..11600bb 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -73,6 +73,7 @@
* SHA1 1 0x0035-0x0035 0x0073-0x0073
* SHA256 1 0x0037-0x0037 0x0074-0x0074
* SHA512 1 0x0039-0x0039 0x0075-0x0075
+ * SHA-3 1 0x0076-0x0076
* CHACHA20 3 0x0051-0x0055
* POLY1305 3 0x0057-0x005B
* CHACHAPOLY 2 0x0054-0x0056
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index c9955d1..b043983 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1947,7 +1947,8 @@
* break backwards compatibility.
*
* \warning If you enable this option, you need to call `psa_crypto_init()`
- * before calling any function from the SSL/TLS, X.509 or PK modules.
+ * before calling any function from the SSL/TLS, X.509 or PK modules, except
+ * for the various mbedtls_xxx_init() functions which can be called at any time.
*
* \note An important and desirable effect of this option is that it allows
* PK, X.509 and TLS to take advantage of PSA drivers. For example, enabling
@@ -3182,6 +3183,17 @@
#define MBEDTLS_SHA512_C
/**
+ * \def MBEDTLS_SHA3_C
+ *
+ * Enable the SHA3 cryptographic hash algorithm.
+ *
+ * Module: library/sha3.c
+ *
+ * This module adds support for SHA3.
+ */
+#define MBEDTLS_SHA3_C
+
+/**
* \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
*
* Enable acceleration of the SHA-512 and SHA-384 cryptographic hash algorithms
@@ -3937,4 +3949,18 @@
*/
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+/**
+ * Uncomment to enable p256-m, which implements ECC key generation, ECDH,
+ * and ECDSA for SECP256R1 curves. This driver is used as an example to
+ * document how a third-party driver or software accelerator can be integrated
+ * to work alongside Mbed TLS.
+ *
+ * \warning p256-m has only been included to serve as a sample implementation
+ * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not
+ * intended for use in production. p256-m files in Mbed TLS are not updated
+ * regularly, so they may not contain upstream fixes/improvements.
+ * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS!
+ */
+//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED
+
/** \} name SECTION: Module configuration options */
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 7bad24d..f717618 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -112,6 +112,12 @@
#define MBEDTLS_MD_CAN_SHA512
#define MBEDTLS_MD_SOME_LEGACY
#endif
+#if defined(MBEDTLS_SHA3_C)
+#define MBEDTLS_MD_CAN_SHA3_224
+#define MBEDTLS_MD_CAN_SHA3_256
+#define MBEDTLS_MD_CAN_SHA3_384
+#define MBEDTLS_MD_CAN_SHA3_512
+#endif
#if defined(MBEDTLS_RIPEMD160_C)
#define MBEDTLS_MD_CAN_RIPEMD160
#define MBEDTLS_MD_SOME_LEGACY
@@ -149,23 +155,43 @@
MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
+ MBEDTLS_MD_SHA3_224, /**< The SHA3-224 message digest. */
+ MBEDTLS_MD_SHA3_256, /**< The SHA3-256 message digest. */
+ MBEDTLS_MD_SHA3_384, /**< The SHA3-384 message digest. */
+ MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */
} mbedtls_md_type_t;
-#if defined(MBEDTLS_MD_CAN_SHA512)
+/* Note: this should always be >= PSA_HASH_MAX_SIZE
+ * in all builds with both CRYPTO_C and MD_LIGHT.
+ *
+ * This is to make things easier for modules such as TLS that may define a
+ * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA
+ * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
+ * part of the code based on PSA.
+ */
+#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#elif defined(MBEDTLS_MD_CAN_SHA384)
+#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384)
#define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */
-#elif defined(MBEDTLS_MD_CAN_SHA256)
+#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256)
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */
-#elif defined(MBEDTLS_MD_CAN_SHA224)
+#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224)
#define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */
#else
#define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160
or smaller (MD5 and earlier) */
#endif
-#if defined(MBEDTLS_MD_CAN_SHA512)
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */
+#elif defined(MBEDTLS_MD_CAN_SHA3_256)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 136
+#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
+#elif defined(MBEDTLS_MD_CAN_SHA3_384)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 104
+#elif defined(MBEDTLS_MD_CAN_SHA3_512)
+#define MBEDTLS_MD_MAX_BLOCK_SIZE 72
#else
#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
#endif
@@ -311,6 +337,20 @@
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
/**
+ * \brief This function gives the message-digest size associated to
+ * message-digest type.
+ *
+ * \param md_type The message-digest type.
+ *
+ * \return The size of the message-digest output in Bytes,
+ * or 0 if the message-digest type is not known.
+ */
+static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type)
+{
+ return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type));
+}
+
+/**
* \brief This function extracts the message-digest type from the
* message-digest information structure.
*
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index a72f51c..ec36748 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -64,6 +64,11 @@
#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16)
/*
+ * Maximum number of OID components allowed
+ */
+#define MBEDTLS_OID_MAX_COMPONENTS 128
+
+/*
* Top level OID tuples
*/
#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
@@ -90,6 +95,9 @@
#define MBEDTLS_OID_OIW_SECSIG MBEDTLS_OID_ORG_OIW "\x03"
#define MBEDTLS_OID_OIW_SECSIG_ALG MBEDTLS_OID_OIW_SECSIG "\x02"
#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_THAWTE "\x65" /* thawte(101) */
+#define MBEDTLS_OID_THAWTE MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+ MBEDTLS_OID_ORG_THAWTE
#define MBEDTLS_OID_ORG_CERTICOM "\x81\x04" /* certicom(132) */
#define MBEDTLS_OID_CERTICOM MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_CERTICOM
@@ -437,6 +445,15 @@
* ecdsa-with-SHA2(3) 4 } */
#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+/*
+ * EC key algorithms from RFC 8410
+ */
+
+#define MBEDTLS_OID_X25519 MBEDTLS_OID_THAWTE "\x6e" /**< id-X25519 OBJECT IDENTIFIER ::= { 1 3 101 110 } */
+#define MBEDTLS_OID_X448 MBEDTLS_OID_THAWTE "\x6f" /**< id-X448 OBJECT IDENTIFIER ::= { 1 3 101 111 } */
+#define MBEDTLS_OID_ED25519 MBEDTLS_OID_THAWTE "\x70" /**< id-Ed25519 OBJECT IDENTIFIER ::= { 1 3 101 112 } */
+#define MBEDTLS_OID_ED448 MBEDTLS_OID_THAWTE "\x71" /**< id-Ed448 OBJECT IDENTIFIER ::= { 1 3 101 113 } */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -467,6 +484,25 @@
int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid);
/**
+ * \brief Translate a string containing a dotted-decimal
+ * representation of an ASN.1 OID into its encoded form
+ * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D").
+ * On success, this function allocates oid->buf from the
+ * heap. It must be freed by the caller using mbedtls_free().
+ *
+ * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID
+ * \param oid_str string representation of the OID to parse
+ * \param size length of the OID string, not including any null terminator
+ *
+ * \return 0 if successful
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not
+ * represent a valid OID
+ * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to
+ * allocate oid->buf
+ */
+int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size);
+
+/**
* \brief Translate an X.509 extension OID into local values
*
* \param oid OID to use
@@ -531,6 +567,30 @@
*/
int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
const char **oid, size_t *olen);
+
+/**
+ * \brief Translate AlgorithmIdentifier OID into an EC group identifier,
+ * for curves that are directly encoded at this level
+ *
+ * \param oid OID to use
+ * \param grp_id place to store group id
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_ec_grp_algid(const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id);
+
+/**
+ * \brief Translate EC group identifier into AlgorithmIdentifier OID,
+ * for curves that are directly encoded at this level
+ *
+ * \param grp_id EC group identifier
+ * \param oid place to store ASN.1 OID string pointer
+ * \param olen length of the OID
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ */
+int mbedtls_oid_get_oid_by_ec_grp_algid(mbedtls_ecp_group_id grp_id,
+ const char **oid, size_t *olen);
#endif /* MBEDTLS_ECP_LIGHT */
/**
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index c579661..ec99c84 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -40,7 +40,7 @@
#include "mbedtls/ecdsa.h"
#endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
#endif
@@ -202,6 +202,27 @@
#define MBEDTLS_PK_CAN_ECDH
#endif
+/* Internal helper to define which fields in the pk_context structure below
+ * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly)
+ * format. It should be noticed that this only affect how data is stored, not
+ * which functions are used for various operations. The overall picture looks
+ * like this:
+ * - if ECP_C is defined then use legacy functions
+ * - if USE_PSA is defined and
+ * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly
+ * format and use PSA functions
+ * - if !ECP_C then use new raw data and PSA functions directly.
+ *
+ * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long
+ * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the
+ * ecp_keypair structure inside the pk_context so he/she can modify it using
+ * ECP functions which are not under PK module's control.
+ */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_ECP_C) && \
+ defined(MBEDTLS_ECP_LIGHT)
+#define MBEDTLS_PK_USE_PSA_EC_DATA
+#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */
+
/**
* \brief Types for interfacing with the debug module
*/
@@ -209,6 +230,7 @@
MBEDTLS_PK_DEBUG_NONE = 0,
MBEDTLS_PK_DEBUG_MPI,
MBEDTLS_PK_DEBUG_ECP,
+ MBEDTLS_PK_DEBUG_PSA_EC,
} mbedtls_pk_debug_type;
/**
@@ -232,12 +254,59 @@
*/
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
+#define MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)
/**
* \brief Public key container
*/
typedef struct mbedtls_pk_context {
const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */
void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */
+ /* The following field is used to store the ID of a private key in the
+ * following cases:
+ * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined
+ * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case:
+ * - the pk_ctx above is not not used to store the private key anymore.
+ * Actually that field not populated at all in this case because also
+ * the public key will be stored in raw format as explained below
+ * - this ID is used for all private key operations (ex: sign, check
+ * key pair, key write, etc) using PSA functions
+ *
+ * Note: this private key storing solution only affects EC keys, not the
+ * other ones. The latters still use the pk_ctx to store their own
+ * context.
+ *
+ * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by
+ * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because,
+ * when working with opaque keys, it can be used also in
+ * mbedtls_pk_sign_ext for RSA keys. */
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+ /* The following fields are meant for storing the public key in raw format
+ * which is handy for:
+ * - easily importing it into the PSA context
+ * - reducing the ECP module dependencies in the PK one.
+ *
+ * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled:
+ * - the pk_ctx above is not used anymore for storing the public key
+ * inside the ecp_keypair structure
+ * - the following fields are used for all public key operations: signature
+ * verify, key pair check and key write.
+ * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
+ * ecp_keypair structure is used for storing the public key and performing
+ * all the operations.
+ *
+ * Note: This new public key storing solution only works for EC keys, not
+ * other ones. The latters still use pk_ctx to store their own
+ * context.
+ */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ uint8_t MBEDTLS_PRIVATE(pub_raw)[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; /**< Raw public key */
+ size_t MBEDTLS_PRIVATE(pub_raw_len); /**< Valid bytes in "pub_raw" */
+ psa_ecc_family_t MBEDTLS_PRIVATE(ec_family); /**< EC family of pk */
+ size_t MBEDTLS_PRIVATE(ec_bits); /**< Curve's bits of pk */
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
} mbedtls_pk_context;
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
@@ -771,7 +840,7 @@
}
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_ECP_C)
/**
* Quick access to an EC context inside a PK context.
*
@@ -794,7 +863,7 @@
return NULL;
}
}
-#endif /* MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_PK_PARSE_C)
/** \ingroup pk_module */
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index f651587..768c756 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -139,6 +139,8 @@
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#undef mbedtls_free
+#undef mbedtls_calloc
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
#else
@@ -160,6 +162,8 @@
void (*free_func)(void *));
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
+#undef mbedtls_free
+#undef mbedtls_calloc
#define mbedtls_free free
#define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
@@ -184,6 +188,7 @@
int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *,
...));
#else
+#undef mbedtls_fprintf
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
#else
@@ -208,6 +213,7 @@
*/
int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#undef mbedtls_printf
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
#else
@@ -243,6 +249,7 @@
int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
const char *format, ...));
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#undef mbedtls_snprintf
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
@@ -279,6 +286,7 @@
int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
const char *format, va_list arg));
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+#undef mbedtls_vsnprintf
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
#else
@@ -320,7 +328,9 @@
*/
int mbedtls_platform_set_setbuf(void (*setbuf_func)(
FILE *stream, char *buf));
-#elif defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
+#else
+#undef mbedtls_setbuf
+#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
/**
* \brief Macro defining the function for the library to
* call for `setbuf` functionality (changing the
@@ -334,7 +344,8 @@
#define mbedtls_setbuf MBEDTLS_PLATFORM_SETBUF_MACRO
#else
#define mbedtls_setbuf setbuf
-#endif /* MBEDTLS_PLATFORM_SETBUF_ALT / MBEDTLS_PLATFORM_SETBUF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SETBUF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
/*
* The function pointers for exit
@@ -353,6 +364,7 @@
*/
int mbedtls_platform_set_exit(void (*exit_func)(int status));
#else
+#undef mbedtls_exit
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
#else
@@ -405,6 +417,8 @@
int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)
);
#else
+#undef mbedtls_nv_seed_read
+#undef mbedtls_nv_seed_write
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index b750716..528c0ab 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -29,6 +29,8 @@
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
+
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
@@ -120,49 +122,6 @@
}
}
-/* Translations for hashing. */
-
-/* Note: this function should not be used from inside the library, use
- * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
- * It is kept only for compatibility in case applications were using it. */
-static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
-{
- switch (md_alg) {
-#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
- case MBEDTLS_MD_MD5:
- return PSA_ALG_MD5;
-#endif
-#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
- case MBEDTLS_MD_SHA1:
- return PSA_ALG_SHA_1;
-#endif
-#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
- case MBEDTLS_MD_SHA224:
- return PSA_ALG_SHA_224;
-#endif
-#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
- case MBEDTLS_MD_SHA256:
- return PSA_ALG_SHA_256;
-#endif
-#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
- case MBEDTLS_MD_SHA384:
- return PSA_ALG_SHA_384;
-#endif
-#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
- case MBEDTLS_MD_SHA512:
- return PSA_ALG_SHA_512;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
- case MBEDTLS_MD_RIPEMD160:
- return PSA_ALG_RIPEMD160;
-#endif
- case MBEDTLS_MD_NONE:
- return 0;
- default:
- return 0;
- }
-}
-
/* Translations for ECC. */
static inline int mbedtls_psa_get_ecc_oid_from_id(
@@ -248,6 +207,22 @@
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
}
break;
+ case PSA_ECC_FAMILY_MONTGOMERY:
+ switch (bits) {
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ case 255:
+ *oid = MBEDTLS_OID_X25519;
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X25519);
+ return 0;
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ case 448:
+ *oid = MBEDTLS_OID_X448;
+ *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X448);
+ return 0;
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+ }
+ break;
}
(void) oid;
(void) oid_len;
@@ -345,11 +320,15 @@
#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
typedef struct {
- psa_status_t psa_status;
+ /* Error codes used by PSA crypto are in -255..-128, fitting in 16 bits. */
+ int16_t psa_status;
+ /* Error codes used by Mbed TLS are in one of the ranges
+ * -127..-1 (low-level) or -32767..-4096 (high-level with a low-level
+ * code optionally added), fitting in 16 bits. */
int16_t mbedtls_error;
} mbedtls_error_pair_t;
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_MD_LIGHT)
extern const mbedtls_error_pair_t psa_to_md_errors[4];
#endif
diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h
new file mode 100644
index 0000000..77748be
--- /dev/null
+++ b/include/mbedtls/sha3.h
@@ -0,0 +1,184 @@
+/**
+ * \file sha3.h
+ *
+ * \brief This file contains SHA-3 definitions and functions.
+ *
+ * The Secure Hash Algorithms cryptographic
+ * hash functions are defined in <em>FIPS 202: SHA-3 Standard:
+ * Permutation-Based Hash and Extendable-Output Functions </em>.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_SHA3_H
+#define MBEDTLS_SHA3_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** SHA-3 input data was malformed. */
+#define MBEDTLS_ERR_SHA3_BAD_INPUT_DATA -0x0076
+
+/**
+ * SHA-3 family id.
+ *
+ * It identifies the family (SHA3-256, SHA3-512, etc.)
+ */
+
+typedef enum {
+ MBEDTLS_SHA3_NONE = 0, /*!< Operation not defined. */
+ MBEDTLS_SHA3_224, /*!< SHA3-224 */
+ MBEDTLS_SHA3_256, /*!< SHA3-256 */
+ MBEDTLS_SHA3_384, /*!< SHA3-384 */
+ MBEDTLS_SHA3_512, /*!< SHA3-512 */
+} mbedtls_sha3_id;
+
+/**
+ * \brief The SHA-3 context structure.
+ *
+ * The structure is used SHA-3 checksum calculations.
+ */
+typedef struct {
+ uint64_t MBEDTLS_PRIVATE(state[25]);
+ uint32_t MBEDTLS_PRIVATE(index);
+ uint16_t MBEDTLS_PRIVATE(olen);
+ uint16_t MBEDTLS_PRIVATE(max_block_size);
+}
+mbedtls_sha3_context;
+
+/**
+ * \brief This function initializes a SHA-3 context.
+ *
+ * \param ctx The SHA-3 context to initialize. This must not be \c NULL.
+ */
+void mbedtls_sha3_init(mbedtls_sha3_context *ctx);
+
+/**
+ * \brief This function clears a SHA-3 context.
+ *
+ * \param ctx The SHA-3 context to clear. This may be \c NULL, in which
+ * case this function returns immediately. If it is not \c NULL,
+ * it must point to an initialized SHA-3 context.
+ */
+void mbedtls_sha3_free(mbedtls_sha3_context *ctx);
+
+/**
+ * \brief This function clones the state of a SHA-3 context.
+ *
+ * \param dst The destination context. This must be initialized.
+ * \param src The context to clone. This must be initialized.
+ */
+void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
+ const mbedtls_sha3_context *src);
+
+/**
+ * \brief This function starts a SHA-3 checksum
+ * calculation.
+ *
+ * \param ctx The context to use. This must be initialized.
+ * \param id The id of the SHA-3 family.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id);
+
+/**
+ * \brief This function feeds an input buffer into an ongoing
+ * SHA-3 checksum calculation.
+ *
+ * \param ctx The SHA-3 context. This must be initialized
+ * and have a hash operation started.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
+ const uint8_t *input,
+ size_t ilen);
+
+/**
+ * \brief This function finishes the SHA-3 operation, and writes
+ * the result to the output buffer.
+ *
+ * \param ctx The SHA-3 context. This must be initialized
+ * and have a hash operation started.
+ * \param output The SHA-3 checksum result.
+ * This must be a writable buffer of length \c olen bytes.
+ * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256,
+ * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64,
+ * respectively.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
+ uint8_t *output, size_t olen);
+
+/**
+ * \brief This function calculates the SHA-3
+ * checksum of a buffer.
+ *
+ * The function allocates the context, performs the
+ * calculation, and frees the context.
+ *
+ * The SHA-3 result is calculated as
+ * output = SHA-3(id, input buffer, d).
+ *
+ * \param id The id of the SHA-3 family.
+ * \param input The buffer holding the data. This must be a readable
+ * buffer of length \p ilen Bytes.
+ * \param ilen The length of the input data in Bytes.
+ * \param output The SHA-3 checksum result.
+ * This must be a writable buffer of length \c olen bytes.
+ * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256,
+ * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64,
+ * respectively.
+ *
+ * \return \c 0 on success.
+ * \return A negative error code on failure.
+ */
+int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input,
+ size_t ilen,
+ uint8_t *output,
+ size_t olen);
+
+#if defined(MBEDTLS_SELF_TEST)
+/**
+ * \brief Checkup routine for the algorithms implemented
+ * by this module: SHA3-224, SHA3-256, SHA3-384, SHA3-512.
+ *
+ * \return 0 if successful, or 1 if the test failed.
+ */
+int mbedtls_sha3_self_test(int verbose);
+#endif /* MBEDTLS_SELF_TEST */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* mbedtls_sha3.h */
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 8dfd1f3..df6d762 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -243,6 +243,17 @@
*/
typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
+/*
+ * Container for the fields of the Authority Key Identifier object
+ */
+typedef struct mbedtls_x509_authority {
+ mbedtls_x509_buf keyIdentifier;
+ mbedtls_x509_sequence authorityCertIssuer;
+ mbedtls_x509_buf authorityCertSerialNumber;
+ mbedtls_x509_buf raw;
+}
+mbedtls_x509_authority;
+
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time {
int year, mon, day; /**< Date. */
@@ -293,7 +304,7 @@
typedef struct mbedtls_x509_subject_alternative_name {
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
- mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
+ mbedtls_x509_san_other_name other_name;
mbedtls_x509_name directory_name;
mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */
}
@@ -301,6 +312,12 @@
}
mbedtls_x509_subject_alternative_name;
+typedef struct mbedtls_x509_san_list {
+ mbedtls_x509_subject_alternative_name node;
+ struct mbedtls_x509_san_list *next;
+}
+mbedtls_x509_san_list;
+
/** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
/**
@@ -390,7 +407,8 @@
* of the subject alternative name encoded in \p san_raw.
*
* \note Supported GeneralName types, as defined in RFC 5280:
- * "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name"
+ * "rfc822Name", "dnsName", "directoryName",
+ * "uniformResourceIdentifier" and "hardware_module_name"
* of type "otherName", as defined in RFC 4108.
*
* \note This function should be called on a single raw data of
@@ -470,6 +488,9 @@
int mbedtls_x509_get_subject_alt_name(unsigned char **p,
const unsigned char *end,
mbedtls_x509_sequence *subject_alt_name);
+int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *subject_alt_name);
int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
const mbedtls_x509_sequence
*subject_alt_name,
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index a795183..078781c 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -75,7 +75,9 @@
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */
+ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
+ mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */
+ mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
@@ -240,6 +242,21 @@
mbedtls_x509write_cert;
/**
+ * \brief Set Subject Alternative Name
+ *
+ * \param ctx Certificate context to use
+ * \param san_list List of SAN values
+ *
+ * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ *
+ * \note "dnsName", "uniformResourceIdentifier", "IP address",
+ * "otherName", and "DirectoryName", as defined in RFC 5280,
+ * are supported.
+ */
+int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
+ const mbedtls_x509_san_list *san_list);
+
+/**
* Item in a verification chain: cert and flags for it
*/
typedef struct {
@@ -559,6 +576,7 @@
int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
#endif /* MBEDTLS_FS_IO */
+
#if !defined(MBEDTLS_X509_REMOVE_INFO)
/**
* \brief Returns an informational string about the
@@ -638,8 +656,12 @@
* \param cn The expected Common Name. This will be checked to be
* present in the certificate's subjectAltNames extension or,
* if this extension is absent, as a CN component in its
- * Subject name. DNS names and IP addresses are supported. This
- * may be \c NULL if the CN need not be verified.
+ * Subject name. DNS names and IP addresses are fully
+ * supported, while the URI subtype is partially supported:
+ * only exact matching, without any normalization procedures
+ * described in 7.4 of RFC5280, will result in a positive
+ * URI verification.
+ * This may be \c NULL if the CN need not be verified.
* \param flags The address at which to store the result of the verification.
* If the verification couldn't be completed, the flag value is
* set to (uint32_t) -1.
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index f3f9e13..80adb19 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -60,7 +60,7 @@
unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */
unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */
- mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+ mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
@@ -83,12 +83,6 @@
}
mbedtls_x509write_csr;
-typedef struct mbedtls_x509_san_list {
- mbedtls_x509_subject_alternative_name node;
- struct mbedtls_x509_san_list *next;
-}
-mbedtls_x509_san_list;
-
#if defined(MBEDTLS_X509_CSR_PARSE_C)
/**
* \brief Load a Certificate Signing Request (CSR) in DER format
diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h
index c280360..d9473ac 100644
--- a/include/psa/crypto_builtin_composites.h
+++ b/include/psa/crypto_builtin_composites.h
@@ -202,7 +202,7 @@
uint8_t *MBEDTLS_PRIVATE(password);
size_t MBEDTLS_PRIVATE(password_len);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
- uint8_t MBEDTLS_PRIVATE(role);
+ mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);
uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]);
size_t MBEDTLS_PRIVATE(buffer_length);
size_t MBEDTLS_PRIVATE(buffer_offset);
diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h
index 1913a9b..d54291f 100644
--- a/include/psa/crypto_builtin_key_derivation.h
+++ b/include/psa/crypto_builtin_key_derivation.h
@@ -105,5 +105,23 @@
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+typedef enum {
+ PSA_PBKDF2_STATE_INIT, /* no input provided */
+ PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */
+ PSA_PBKDF2_STATE_SALT_SET, /* salt has been set */
+ PSA_PBKDF2_STATE_PASSWORD_SET, /* password has been set */
+ PSA_PBKDF2_STATE_OUTPUT /* output has been started */
+} psa_pbkdf2_key_derivation_state_t;
+
+typedef struct {
+ psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state);
+ uint64_t MBEDTLS_PRIVATE(input_cost);
+ uint8_t *MBEDTLS_PRIVATE(salt);
+ size_t MBEDTLS_PRIVATE(salt_length);
+ uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
+ size_t MBEDTLS_PRIVATE(password_length);
+} psa_pbkdf2_key_derivation_t;
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
#endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 3544f96..70fa14e 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -5,7 +5,7 @@
*
* This header declares alternative names for macro and functions.
* New application code should not use these names.
- * These names may be removed in a future version of Mbed Crypto.
+ * These names may be removed in a future version of Mbed TLS.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index e68fac8..48e20c2 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -65,6 +65,7 @@
#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
#define PSA_WANT_ALG_ECB_NO_PADDING 1
#define PSA_WANT_ALG_ECDH 1
+#define PSA_WANT_ALG_FFDH 1
#define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_JPAKE 1
#define PSA_WANT_ALG_GCM 1
@@ -74,9 +75,7 @@
#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1
-/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
- * Note: when adding support, also adjust include/mbedtls/config_psa.h */
-//#define PSA_WANT_ALG_PBKDF2_HMAC 1
+#define PSA_WANT_ALG_PBKDF2_HMAC 1
#define PSA_WANT_ALG_RIPEMD160 1
#define PSA_WANT_ALG_RSA_OAEP 1
#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@@ -92,8 +91,7 @@
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
-/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS.
- * Note: when adding support, also adjust include/mbedtls/config_psa.h */
+/* Note: when adding support, also adjust include/mbedtls/config_psa.h */
//#define PSA_WANT_ALG_XTS 1
#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
@@ -126,6 +124,8 @@
#define PSA_WANT_KEY_TYPE_DES 1
#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
+#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR 1
+#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h
index 39754cc..5b4e474 100644
--- a/include/psa/crypto_driver_contexts_key_derivation.h
+++ b/include/psa/crypto_driver_contexts_key_derivation.h
@@ -55,6 +55,9 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms);
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2);
+#endif
} psa_driver_key_derivation_context_t;
#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H */
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index b858180..cc70e6f 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -106,7 +106,7 @@
* indicates the slot number that contains it.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not permitted to query the slot number.
- * Mbed Crypto currently does not return this error.
+ * Mbed TLS currently does not return this error.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is not located in a secure element.
*/
@@ -219,7 +219,7 @@
* resource consumption related to the PSA keystore.
*
* \note The content of this structure is not part of the stable API and ABI
- * of Mbed Crypto and may change arbitrarily from version to version.
+ * of Mbed TLS and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
@@ -248,7 +248,7 @@
/** \brief Get statistics about
* resource consumption related to the PSA keystore.
*
- * \note When Mbed Crypto is built as part of a service, with isolation
+ * \note When Mbed TLS is built as part of a service, with isolation
* between the application and the keystore, the service may or
* may not expose this function.
*/
@@ -956,7 +956,7 @@
* the official PSA Crypto API yet.
*
* \note The content of this section is not part of the stable API and ABI
- * of Mbed Crypto and may change arbitrarily from version to version.
+ * of Mbed TLS and may change arbitrarily from version to version.
* Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and
* #PSA_ALG_JPAKE.
* @{
@@ -1328,20 +1328,6 @@
const psa_crypto_driver_pake_inputs_t *inputs,
uint8_t *buffer, size_t buffer_size, size_t *buffer_length);
-/** Get the role from given inputs.
- *
- * \param[in] inputs Operation inputs.
- * \param[out] role Return buffer for role.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_BAD_STATE
- * Role hasn't been set yet.
- */
-psa_status_t psa_crypto_driver_pake_get_role(
- const psa_crypto_driver_pake_inputs_t *inputs,
- psa_pake_role_t *role);
-
/** Get the length of the user id in bytes from given inputs.
*
* \param[in] inputs Operation inputs.
@@ -1560,7 +1546,6 @@
* been set (psa_pake_set_user() hasn't been
* called yet).
* \param[in] user_id The user ID to authenticate with.
- * (temporary limitation: "client" or "server" only)
* \param user_id_len Size of the \p user_id buffer in bytes.
*
* \retval #PSA_SUCCESS
@@ -1602,7 +1587,6 @@
* been set (psa_pake_set_peer() hasn't been
* called yet).
* \param[in] peer_id The peer's ID to authenticate.
- * (temporary limitation: "client" or "server" only)
* \param peer_id_len Size of the \p peer_id buffer in bytes.
*
* \retval #PSA_SUCCESS
@@ -2039,7 +2023,6 @@
struct psa_crypto_driver_pake_inputs_s {
uint8_t *MBEDTLS_PRIVATE(password);
size_t MBEDTLS_PRIVATE(password_len);
- psa_pake_role_t MBEDTLS_PRIVATE(role);
uint8_t *MBEDTLS_PRIVATE(user);
size_t MBEDTLS_PRIVATE(user_len);
uint8_t *MBEDTLS_PRIVATE(peer);
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index ee41c89..35a42f8 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -83,7 +83,7 @@
*/
#if defined(MBEDTLS_PSA_CRYPTO_SPM)
#define PSA_CRYPTO_SECURE 1
-#include "crypto_spe.h"
+#include "../tests/include/spe/crypto_spe.h"
#endif // MBEDTLS_PSA_CRYPTO_SPM
#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index 9ae631f..f39e229 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -138,7 +138,7 @@
psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto with secure element support enabled defines this type in
+/* Mbed TLS with secure element support enabled defines this type in
* crypto_types.h because it is also visible to applications through an
* implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
@@ -837,7 +837,7 @@
* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
* is no key with the specified slot number.
*
- * This is an Mbed Crypto extension.
+ * This is an Mbed TLS extension.
*/
PSA_KEY_CREATION_REGISTER,
#endif
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 37f7205..8cc965b 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -51,6 +51,8 @@
#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8)
#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8)
+#define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \
+ (c) : (b) : (a) <= (c) ? (c) : (a))
#define PSA_ROUND_UP_TO_MULTIPLE(block_size, length) \
(((length) + (block_size) - 1) / (block_size) * (block_size))
@@ -126,12 +128,23 @@
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
-#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
+/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
+ * see the note on MBEDTLS_MD_MAX_SIZE for details. */
+#if defined(PSA_WANT_ALG_SHA_512)
#define PSA_HASH_MAX_SIZE 64
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
+#elif defined(PSA_WANT_ALG_SHA_384)
+#define PSA_HASH_MAX_SIZE 48
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#elif defined(PSA_WANT_ALG_SHA_256)
#define PSA_HASH_MAX_SIZE 32
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#elif defined(PSA_WANT_ALG_SHA_224)
+#define PSA_HASH_MAX_SIZE 28
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#endif
/** \def PSA_MAC_MAX_SIZE
@@ -195,6 +208,12 @@
* operations, and does not need to accept all key sizes up to the limit. */
#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096
+/* The maximum size of an DH key on this implementation, in bits.
+ *
+ * Note that an implementation may set different size limits for different
+ * operations, and does not need to accept all key sizes up to the limit. */
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192
+
/* The maximum size of an ECC key on this implementation, in bits.
* This is a vendor-specific macro. */
#if defined(PSA_WANT_ECC_SECP_R1_521)
@@ -253,6 +272,10 @@
* curve. */
#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32
+/* The maximum number of iterations for PBKDF2 on this implementation, in bits.
+ * This is a vendor-specific macro. This can be configured if necessary */
+#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff
+
/** The maximum size of a block cipher. */
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
@@ -804,6 +827,18 @@
#define PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) \
(PSA_BITS_TO_BYTES(key_bits))
+/* Maximum size of the export encoding of an DH key pair.
+ *
+ * An DH key pair is represented by the secret value.
+ */
+#define PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
+/* Maximum size of the export encoding of an DH public key.
+ */
+#define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \
+ (PSA_BITS_TO_BYTES(key_bits))
+
/** Sufficient output buffer size for psa_export_key() or
* psa_export_public_key().
*
@@ -845,6 +880,7 @@
*/
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_KEY_PAIR ? PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
(key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \
@@ -901,6 +937,7 @@
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
+ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
0)
/** Sufficient buffer size for exporting any asymmetric key pair.
@@ -911,11 +948,10 @@
*
* See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
+ PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \
+ PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \
+ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS))
/** Sufficient buffer size for exporting any asymmetric public key.
*
@@ -926,11 +962,11 @@
*
* See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
- (PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
- PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
- PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
+ PSA_MAX_OF_THREE(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS), \
+ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS), \
+ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS))
+
/** Sufficient output buffer size for psa_raw_key_agreement().
*
@@ -955,11 +991,9 @@
* If the parameters are not valid,
* the return value is unspecified.
*/
-/* FFDH is not yet supported in PSA. */
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
- (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
- PSA_BITS_TO_BYTES(key_bits) : \
- 0)
+ ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \
+ PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0)
/** Maximum size of the output from psa_raw_key_agreement().
*
@@ -968,8 +1002,11 @@
*
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
*/
-#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
- (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
+#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
+ (PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \
+ PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) ? \
+ PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS) : \
+ PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS))
/** The default IV size for a cipher algorithm, in bytes.
*
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 125a73d..b309bc8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -35,8 +35,8 @@
* GCC and Clang initialize the whole structure to 0 (at the time of writing),
* but MSVC and CompCert don't.
*
- * In Mbed Crypto, multipart operation structures live independently from
- * the key. This allows Mbed Crypto to free the key objects when destroying
+ * In Mbed TLS, multipart operation structures live independently from
+ * the key. This allows Mbed TLS to free the key objects when destroying
* a key slot. If a multipart operation needs to remember the key after
* the setup function returns, the operation structure needs to contain a
* copy of the key.
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index a5154fc..445657e 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -297,7 +297,7 @@
typedef psa_key_id_t mbedtls_svc_key_id_t;
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-/* Implementation-specific: The Mbed Cryptography library can be built as
+/* Implementation-specific: The Mbed TLS library can be built as
* part of a multi-client service that exposes the PSA Cryptography API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
@@ -439,7 +439,7 @@
#ifndef __DOXYGEN_ONLY__
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto defines this type in crypto_types.h because it is also
+/* Mbed TLS defines this type in crypto_types.h because it is also
* visible to applications through an implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
* via crypto_se_driver.h. */
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 39acd96..580e3ae 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -2102,7 +2102,8 @@
*/
#define PSA_ALG_IS_PBKDF2_HMAC(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE)
-
+#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \
+ (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK))
/** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm.
*
* PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2).
diff --git a/library/.gitignore b/library/.gitignore
index 18cd305..b4dc918 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -1,4 +1,3 @@
-*.o
libmbed*
*.sln
*.vcxproj
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 5359883..8e70c46 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -42,7 +42,6 @@
entropy_poll.c
error.c
gcm.c
- hash_info.c
hkdf.c
hmac_drbg.c
lmots.c
@@ -69,6 +68,7 @@
psa_crypto_client.c
psa_crypto_driver_wrappers.c
psa_crypto_ecp.c
+ psa_crypto_ffdh.c
psa_crypto_hash.c
psa_crypto_mac.c
psa_crypto_pake.c
@@ -84,6 +84,7 @@
sha1.c
sha256.c
sha512.c
+ sha3.c
threading.c
timing.c
version.c
@@ -272,6 +273,10 @@
target_link_libraries(${mbedcrypto_static_target} PUBLIC everest)
endif()
+ if(TARGET p256m)
+ target_link_libraries(${mbedcrypto_static_target} PUBLIC p256m)
+ endif()
+
add_library(${mbedx509_static_target} STATIC ${src_x509})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
@@ -291,6 +296,10 @@
target_link_libraries(${mbedcrypto_target} PUBLIC everest)
endif()
+ if(TARGET p256m)
+ target_link_libraries(${mbedcrypto_target} PUBLIC p256m)
+ endif()
+
add_library(${mbedx509_target} SHARED ${src_x509})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.4.0 SOVERSION 5)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
diff --git a/library/Makefile b/library/Makefile
index 160aa6b..fafcdda 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -107,7 +107,6 @@
entropy_poll.o \
error.o \
gcm.o \
- hash_info.o \
hkdf.o \
hmac_drbg.o \
lmots.o \
@@ -134,6 +133,7 @@
psa_crypto_client.o \
psa_crypto_driver_wrappers.o \
psa_crypto_ecp.o \
+ psa_crypto_ffdh.o \
psa_crypto_hash.o \
psa_crypto_mac.o \
psa_crypto_pake.o \
@@ -149,6 +149,7 @@
sha1.o \
sha256.o \
sha512.o \
+ sha3.o \
threading.o \
timing.o \
version.o \
diff --git a/library/asn1write.c b/library/asn1write.c
index b9d586a..c65d937 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -195,13 +195,22 @@
const char *oid, size_t oid_len,
size_t par_len)
{
+ return mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, par_len, 1);
+}
+
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par)
+{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if (par_len == 0) {
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
- } else {
- len += par_len;
+ if (has_par) {
+ if (par_len == 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
+ } else {
+ len += par_len;
+ }
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
diff --git a/library/base64.c b/library/base64.c
index 4170610..3eb9e7c 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#include <limits.h>
+
#include "common.h"
#if defined(MBEDTLS_BASE64_C)
@@ -31,8 +33,6 @@
#include "mbedtls/platform.h"
#endif /* MBEDTLS_SELF_TEST */
-#define BASE64_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */
-
/*
* Encode a buffer into base64 format
*/
@@ -50,8 +50,8 @@
n = slen / 3 + (slen % 3 != 0);
- if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
- *olen = BASE64_SIZE_T_MAX;
+ if (n > (SIZE_MAX - 1) / 4) {
+ *olen = SIZE_MAX;
return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
}
diff --git a/library/bignum.c b/library/bignum.c
index 2421c1a..36effaf 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -54,8 +54,6 @@
#define MPI_VALIDATE(cond) \
MBEDTLS_INTERNAL_VALIDATE(cond)
-#define MPI_SIZE_T_MAX ((size_t) -1) /* SIZE_T_MAX is not standard */
-
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_mpi_zeroize(mbedtls_mpi_uint *v, size_t n)
{
@@ -416,7 +414,7 @@
slen = strlen(s);
if (radix == 16) {
- if (slen > MPI_SIZE_T_MAX >> 2) {
+ if (slen > SIZE_MAX >> 2) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
@@ -750,13 +748,9 @@
int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, v0, t1;
- mbedtls_mpi_uint r0 = 0, r1;
+ size_t i;
MPI_VALIDATE_RET(X != NULL);
- v0 = count / (biL);
- t1 = count & (biL - 1);
-
i = mbedtls_mpi_bitlen(X) + count;
if (X->n * biL < i) {
@@ -765,31 +759,7 @@
ret = 0;
- /*
- * shift by count / limb_size
- */
- if (v0 > 0) {
- for (i = X->n; i > v0; i--) {
- X->p[i - 1] = X->p[i - v0 - 1];
- }
-
- for (; i > 0; i--) {
- X->p[i - 1] = 0;
- }
- }
-
- /*
- * shift by count % limb_size
- */
- if (t1 > 0) {
- for (i = v0; i < X->n; i++) {
- r1 = X->p[i] >> (biL - t1);
- X->p[i] <<= t1;
- X->p[i] |= r0;
- r0 = r1;
- }
- }
-
+ mbedtls_mpi_core_shift_l(X->p, X->n, count);
cleanup:
return ret;
diff --git a/library/bignum_core.c b/library/bignum_core.c
index a99b3be..de57cfc 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -33,7 +33,7 @@
#include "bn_mul.h"
#include "constant_time_internal.h"
-inline size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a)
+size_t mbedtls_mpi_core_clz(mbedtls_mpi_uint a)
{
#if defined(__has_builtin)
#if __has_builtin(__builtin_clz)
@@ -366,6 +366,41 @@
}
}
+void mbedtls_mpi_core_shift_l(mbedtls_mpi_uint *X, size_t limbs,
+ size_t count)
+{
+ size_t i, v0, v1;
+ mbedtls_mpi_uint r0 = 0, r1;
+
+ v0 = count / (biL);
+ v1 = count & (biL - 1);
+
+ /*
+ * shift by count / limb_size
+ */
+ if (v0 > 0) {
+ for (i = limbs; i > v0; i--) {
+ X[i - 1] = X[i - v0 - 1];
+ }
+
+ for (; i > 0; i--) {
+ X[i - 1] = 0;
+ }
+ }
+
+ /*
+ * shift by count % limb_size
+ */
+ if (v1 > 0) {
+ for (i = v0; i < limbs; i++) {
+ r1 = X[i] >> (biL - v1);
+ X[i] <<= v1;
+ X[i] |= r0;
+ r0 = r1;
+ }
+ }
+}
+
mbedtls_mpi_uint mbedtls_mpi_core_add(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
const mbedtls_mpi_uint *B,
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 158d2b3..21a5a11 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -281,7 +281,7 @@
unsigned char *output,
size_t output_length);
-/** \brief Shift an MPI right in place by a number of bits.
+/** \brief Shift an MPI in-place right by a number of bits.
*
* Shifting by more bits than there are bit positions
* in \p X is valid and results in setting \p X to 0.
@@ -297,6 +297,21 @@
size_t count);
/**
+ * \brief Shift an MPI in-place left by a number of bits.
+ *
+ * Shifting by more bits than there are bit positions
+ * in \p X will produce an unspecified result.
+ *
+ * This function's execution time depends on the value
+ * of \p count (and of course \p limbs).
+ * \param[in,out] X The number to shift.
+ * \param limbs The number of limbs of \p X. This must be at least 1.
+ * \param count The number of bits to shift by.
+ */
+void mbedtls_mpi_core_shift_l(mbedtls_mpi_uint *X, size_t limbs,
+ size_t count);
+
+/**
* \brief Add two fixed-size large unsigned integers, returning the carry.
*
* Calculates `A + B` where `A` and `B` have the same size.
diff --git a/library/bn_mul.h b/library/bn_mul.h
index ab59fbd..c5994f7 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -658,6 +658,20 @@
#endif /* TriCore */
+#if defined(__arm__)
+
+#if defined(__thumb__) && !defined(__thumb2__)
+#if !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/*
+ * Thumb 1 ISA. This code path has only been tested successfully on gcc;
+ * it does not compile on clang or armclang.
+ *
+ * Other compilers which define __GNUC__ may not work. The above macro
+ * attempts to exclude these untested compilers.
+ */
+
+#if !defined(__OPTIMIZE__) && defined(__GNUC__)
/*
* Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about
* our use of r7 below, unless -fomit-frame-pointer is passed.
@@ -666,32 +680,39 @@
* x !=0, which we can detect using __OPTIMIZE__ (which is also defined by
* clang and armcc5 under the same conditions).
*
- * So, only use the optimized assembly below for optimized build, which avoids
- * the build error and is pretty reasonable anyway.
+ * If gcc needs to use r7, we use r1 as a scratch register and have a few extra
+ * instructions to preserve/restore it; otherwise, we can use r7 and avoid
+ * the preserve/restore overhead.
*/
-#if defined(__GNUC__) && !defined(__OPTIMIZE__)
-#define MULADDC_CANNOT_USE_R7
-#endif
-
-#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
-
-#if defined(__thumb__) && !defined(__thumb2__)
+#define MULADDC_SCRATCH "RS .req r1 \n\t"
+#define MULADDC_PRESERVE_SCRATCH "mov r10, r1 \n\t"
+#define MULADDC_RESTORE_SCRATCH "mov r1, r10 \n\t"
+#define MULADDC_SCRATCH_CLOBBER "r10"
+#else /* !defined(__OPTIMIZE__) && defined(__GNUC__) */
+#define MULADDC_SCRATCH "RS .req r7 \n\t"
+#define MULADDC_PRESERVE_SCRATCH ""
+#define MULADDC_RESTORE_SCRATCH ""
+#define MULADDC_SCRATCH_CLOBBER "r7"
+#endif /* !defined(__OPTIMIZE__) && defined(__GNUC__) */
#define MULADDC_X1_INIT \
asm( \
+ MULADDC_SCRATCH \
"ldr r0, %3 \n\t" \
"ldr r1, %4 \n\t" \
"ldr r2, %5 \n\t" \
"ldr r3, %6 \n\t" \
- "lsr r7, r3, #16 \n\t" \
- "mov r9, r7 \n\t" \
- "lsl r7, r3, #16 \n\t" \
- "lsr r7, r7, #16 \n\t" \
- "mov r8, r7 \n\t"
+ "lsr r4, r3, #16 \n\t" \
+ "mov r9, r4 \n\t" \
+ "lsl r4, r3, #16 \n\t" \
+ "lsr r4, r4, #16 \n\t" \
+ "mov r8, r4 \n\t" \
+
#define MULADDC_X1_CORE \
+ MULADDC_PRESERVE_SCRATCH \
"ldmia r0!, {r6} \n\t" \
- "lsr r7, r6, #16 \n\t" \
+ "lsr RS, r6, #16 \n\t" \
"lsl r6, r6, #16 \n\t" \
"lsr r6, r6, #16 \n\t" \
"mov r4, r8 \n\t" \
@@ -699,12 +720,12 @@
"mov r3, r9 \n\t" \
"mul r6, r3 \n\t" \
"mov r5, r9 \n\t" \
- "mul r5, r7 \n\t" \
+ "mul r5, RS \n\t" \
"mov r3, r8 \n\t" \
- "mul r7, r3 \n\t" \
+ "mul RS, r3 \n\t" \
"lsr r3, r6, #16 \n\t" \
"add r5, r5, r3 \n\t" \
- "lsr r3, r7, #16 \n\t" \
+ "lsr r3, RS, #16 \n\t" \
"add r5, r5, r3 \n\t" \
"add r4, r4, r2 \n\t" \
"mov r2, #0 \n\t" \
@@ -712,9 +733,10 @@
"lsl r3, r6, #16 \n\t" \
"add r4, r4, r3 \n\t" \
"adc r5, r2 \n\t" \
- "lsl r3, r7, #16 \n\t" \
+ "lsl r3, RS, #16 \n\t" \
"add r4, r4, r3 \n\t" \
"adc r5, r2 \n\t" \
+ MULADDC_RESTORE_SCRATCH \
"ldr r3, [r1] \n\t" \
"add r4, r4, r3 \n\t" \
"adc r2, r5 \n\t" \
@@ -727,11 +749,15 @@
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7", "r8", "r9", "cc" \
+ "r6", MULADDC_SCRATCH_CLOBBER, "r8", "r9", "cc" \
);
+#endif /* !defined(__ARMCC_VERSION) && !defined(__clang__) */
#elif (__ARM_ARCH >= 6) && \
defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
+/* Armv6-M (or later) with DSP Instruction Set Extensions.
+ * Requires support for either Thumb 2 or Arm ISA.
+ */
#define MULADDC_X1_INIT \
{ \
@@ -796,7 +822,7 @@
); \
}
-#else
+#else /* Thumb 2 or Arm ISA, without DSP extensions */
#define MULADDC_X1_INIT \
asm( \
@@ -810,9 +836,9 @@
"mov r5, #0 \n\t" \
"ldr r6, [r1] \n\t" \
"umlal r2, r5, r3, r4 \n\t" \
- "adds r7, r6, r2 \n\t" \
+ "adds r4, r6, r2 \n\t" \
"adc r2, r5, #0 \n\t" \
- "str r7, [r1], #4 \n\t"
+ "str r4, [r1], #4 \n\t"
#define MULADDC_X1_STOP \
"str r2, %0 \n\t" \
@@ -821,12 +847,12 @@
: "=m" (c), "=m" (d), "=m" (s) \
: "m" (s), "m" (d), "m" (c), "m" (b) \
: "r0", "r1", "r2", "r3", "r4", "r5", \
- "r6", "r7", "cc" \
+ "r6", "cc" \
);
-#endif /* Thumb */
+#endif /* ISA codepath selection */
-#endif /* ARMv3 */
+#endif /* defined(__arm__) */
#if defined(__alpha__)
diff --git a/library/constant_time.c b/library/constant_time.c
index 552a918..c823b78 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -316,40 +316,6 @@
#if defined(MBEDTLS_BIGNUM_C)
-/** Select between two sign values without branches.
- *
- * This is functionally equivalent to `condition ? if1 : if0` but uses only bit
- * operations in order to avoid branches.
- *
- * \note if1 and if0 must be either 1 or -1, otherwise the result
- * is undefined.
- *
- * \param condition Condition to test; must be either 0 or 1.
- * \param if1 The first sign; must be either +1 or -1.
- * \param if0 The second sign; must be either +1 or -1.
- *
- * \return \c if1 if \p condition is nonzero, otherwise \c if0.
- * */
-static int mbedtls_ct_cond_select_sign(unsigned char condition,
- int if1,
- int if0)
-{
- /* In order to avoid questions about what we can reasonably assume about
- * the representations of signed integers, move everything to unsigned
- * by taking advantage of the fact that if1 and if0 are either +1 or -1. */
- unsigned uif1 = if1 + 1;
- unsigned uif0 = if0 + 1;
-
- /* condition was 0 or 1, mask is 0 or 2 as are uif1 and uif0 */
- const unsigned mask = condition << 1;
-
- /* select uif1 or uif0 */
- unsigned ur = (uif0 & ~mask) | (uif1 & mask);
-
- /* ur is now 0 or 2, convert back to -1 or +1 */
- return (int) ur - 1;
-}
-
void mbedtls_ct_mpi_uint_cond_assign(size_t n,
mbedtls_mpi_uint *dest,
const mbedtls_mpi_uint *src,
@@ -754,7 +720,7 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
- X->s = mbedtls_ct_cond_select_sign(assign, Y->s, X->s);
+ X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s);
mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign);
@@ -789,8 +755,8 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
s = X->s;
- X->s = mbedtls_ct_cond_select_sign(swap, Y->s, X->s);
- Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
+ X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s);
+ Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s);
mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap);
diff --git a/library/debug.c b/library/debug.c
index 3969616..0f02929 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -30,6 +30,7 @@
#include <stdio.h>
#include <string.h>
+/* DEBUG_BUF_SIZE must be at least 2 */
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;
@@ -69,6 +70,8 @@
char str[DEBUG_BUF_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small");
+
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
@@ -80,10 +83,15 @@
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
- if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
- str[ret] = '\n';
- str[ret + 1] = '\0';
+ if (ret < 0) {
+ ret = 0;
+ } else {
+ if (ret >= DEBUG_BUF_SIZE - 1) {
+ ret = DEBUG_BUF_SIZE - 2;
+ }
}
+ str[ret] = '\n';
+ str[ret + 1] = '\0';
debug_send_line(ssl, level, file, line, str);
}
@@ -195,6 +203,52 @@
#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_BIGNUM_C)
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+void mbedtls_debug_print_psa_ec(const mbedtls_ssl_context *ssl, int level,
+ const char *file, int line,
+ const char *text, const mbedtls_pk_context *pk)
+{
+ char str[DEBUG_BUF_SIZE];
+ mbedtls_mpi mpi;
+ const uint8_t *mpi_start;
+ size_t mpi_len;
+ int ret;
+
+ if (NULL == ssl ||
+ NULL == ssl->conf ||
+ NULL == ssl->conf->f_dbg ||
+ level > debug_threshold) {
+ return;
+ }
+
+ /* For the description of pk->pk_raw content please refer to the description
+ * psa_export_public_key() function. */
+ mpi_len = (pk->pub_raw_len - 1)/2;
+
+ /* X coordinate */
+ mbedtls_mpi_init(&mpi);
+ mpi_start = pk->pub_raw + 1;
+ ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len);
+ if (ret != 0) {
+ return;
+ }
+ mbedtls_snprintf(str, sizeof(str), "%s(X)", text);
+ mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi);
+ mbedtls_mpi_free(&mpi);
+
+ /* Y coordinate */
+ mbedtls_mpi_init(&mpi);
+ mpi_start = mpi_start + mpi_len;
+ ret = mbedtls_mpi_read_binary(&mpi, mpi_start, mpi_len);
+ if (ret != 0) {
+ return;
+ }
+ mbedtls_snprintf(str, sizeof(str), "%s(Y)", text);
+ mbedtls_debug_print_mpi(ssl, level, file, line, str, &mpi);
+ mbedtls_mpi_free(&mpi);
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_mpi *X)
@@ -278,6 +332,11 @@
mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
} else
#endif
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ if (items[i].type == MBEDTLS_PK_DEBUG_PSA_EC) {
+ mbedtls_debug_print_psa_ec(ssl, level, file, line, name, items[i].value);
+ } else
+#endif
{ debug_send_line(ssl, level, file, line,
"should not happen\n"); }
}
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 355bf89..1faec16 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -234,6 +234,19 @@
}
#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
+{
+ switch (gid) {
+#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ case MBEDTLS_ECP_DP_CURVE25519: return 0;
+#endif
+#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
+ case MBEDTLS_ECP_DP_CURVE448: return 0;
+#endif
+ default: return 1;
+ }
+}
+
#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
@@ -373,19 +386,6 @@
return ret;
}
-int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
-{
- switch (gid) {
-#ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
- case MBEDTLS_ECP_DP_CURVE25519: return 0;
-#endif
-#ifdef MBEDTLS_ECP_DP_CURVE448_ENABLED
- case MBEDTLS_ECP_DP_CURVE448: return 0;
-#endif
- default: return 1;
- }
-}
-
/*
* Compute ECDSA signature of a hashed message
*/
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 7d452bc..19ad2c6 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -30,8 +30,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "hash_info.h"
-
#include <string.h>
#if !defined(MBEDTLS_ECJPAKE_ALT)
@@ -217,7 +215,7 @@
unsigned char *p = buf;
const unsigned char *end = buf + sizeof(buf);
const size_t id_len = strlen(id);
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
/* Write things to temporary buffer */
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
@@ -244,7 +242,7 @@
/* Turn it into an integer mod n */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash,
- mbedtls_hash_info_get_size(md_type)));
+ mbedtls_md_get_size_from_type(md_type)));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
cleanup:
@@ -780,7 +778,7 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
- *olen = mbedtls_hash_info_get_size(ctx->md_type);
+ *olen = mbedtls_md_get_size_from_type(ctx->md_type);
if (len < *olen) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 1640107..57ce39a 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -22,9 +22,12 @@
#if defined(MBEDTLS_ECP_LIGHT)
#include "mbedtls/ecp.h"
+#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/platform.h"
+
#include "bn_mul.h"
#include "bignum_core.h"
#include "ecp_invasive.h"
@@ -4602,24 +4605,28 @@
/* Additional forward declarations */
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
static int ecp_mod_p255(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
static int ecp_mod_p448(mbedtls_mpi *);
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *, size_t);
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1(mbedtls_mpi *);
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p192k1(mbedtls_mpi *);
+int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
static int ecp_mod_p224k1(mbedtls_mpi *);
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p224k1(mbedtls_mpi *);
+int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
static int ecp_mod_p256k1(mbedtls_mpi *);
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p256k1(mbedtls_mpi *);
+int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif
#if defined(ECP_LOAD_GROUP)
@@ -5413,27 +5420,57 @@
*/
static int ecp_mod_p255(mbedtls_mpi *N)
{
- mbedtls_mpi_uint Mp[P255_WIDTH];
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t expected_width = 2 * P255_WIDTH;
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
+ ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width);
+cleanup:
+ return ret;
+}
- /* Helper references for top part of N */
- mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
- const size_t NT_n = N->n - P255_WIDTH;
- if (N->n <= P255_WIDTH) {
- return 0;
- }
- if (NT_n > P255_WIDTH) {
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs)
+{
+
+ if (X_Limbs != 2 * P255_WIDTH) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- /* Split N as N + 2^256 M */
- memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n);
- memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n);
+ mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL);
+ if (carry == NULL) {
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED;
+ }
- /* N = A0 + 38 * A1 */
- mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1,
- Mp, NT_n,
- 38);
+ /* Step 1: Reduction to P255_WIDTH limbs */
+ if (X_Limbs > P255_WIDTH) {
+ /* Helper references for top part of X */
+ mbedtls_mpi_uint * const A1 = X + P255_WIDTH;
+ const size_t A1_limbs = X_Limbs - P255_WIDTH;
+ /* X = A0 + 38 * A1, capture carry out */
+ *carry = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38);
+ /* Clear top part */
+ memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs);
+ }
+
+ /* Step 2: Reduce to <2p
+ * Split as A0 + 2^255*c, with c a scalar, and compute A0 + 19*c */
+ *carry <<= 1;
+ *carry += (X[P255_WIDTH - 1] >> (biL - 1));
+ *carry *= 19;
+
+ /* Clear top bit */
+ X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1;
+ /* Since the top bit for X has been cleared 0 + 0 + Carry
+ * will not overflow.
+ *
+ * Furthermore for 2p = 2^256-38. When a carry propagation on the highest
+ * limb occurs, X > 2^255 and all the remaining bits on the limb are zero.
+ * - If X < 2^255 ==> X < 2p
+ * - If X > 2^255 ==> X < 2^256 - 2^255 < 2p */
+ (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH);
+
+ mbedtls_free(carry);
return 0;
}
#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
@@ -5449,67 +5486,110 @@
#define P224_WIDTH_MAX DIV_ROUND_UP(28, sizeof(mbedtls_mpi_uint))
#define P224_UNUSED_BITS ((P224_WIDTH_MAX * sizeof(mbedtls_mpi_uint) * 8) - 224)
-/*
- * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
- * Write N as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return
- * A0 + A1 + B1 + (B0 + B1) * 2^224. This is different to the reference
- * implementation of Curve448, which uses its own special 56-bit limbs rather
- * than a generic bignum library. We could squeeze some extra speed out on
- * 32-bit machines by splitting N up into 32-bit limbs and doing the
- * arithmetic using the limbs directly as we do for the NIST primes above,
- * but for 64-bit targets it should use half the number of operations if we do
- * the reduction with 224-bit limbs, since mpi_add_mpi will then use 64-bit adds.
- */
static int ecp_mod_p448(mbedtls_mpi *N)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i;
- mbedtls_mpi M, Q;
- mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
+ size_t expected_width = 2 * ((448 + biL - 1) / biL);
- if (N->n <= P448_WIDTH) {
+ /* This is required as some tests and use cases do not pass in a Bignum of
+ * the correct size, and expect the growth to be done automatically, which
+ * will no longer happen. */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
+
+ ret = mbedtls_ecp_mod_p448(N->p, N->n);
+
+cleanup:
+ return ret;
+}
+
+/*
+ * Fast quasi-reduction modulo p448 = 2^448 - 2^224 - 1
+ * Write X as A0 + 2^448 A1 and A1 as B0 + 2^224 B1, and return A0 + A1 + B1 +
+ * (B0 + B1) * 2^224. This is different to the reference implementation of
+ * Curve448, which uses its own special 56-bit limbs rather than a generic
+ * bignum library. We could squeeze some extra speed out on 32-bit machines by
+ * splitting N up into 32-bit limbs and doing the arithmetic using the limbs
+ * directly as we do for the NIST primes above, but for 64-bit targets it should
+ * use half the number of operations if we do the reduction with 224-bit limbs,
+ * since mpi_core_add will then use 64-bit adds.
+ */
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs)
+{
+ size_t i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if (X_limbs <= P448_WIDTH) {
return 0;
}
- /* M = A1 */
- M.s = 1;
- M.n = N->n - (P448_WIDTH);
- if (M.n > P448_WIDTH) {
- /* Shouldn't be called with N larger than 2^896! */
+ size_t M_limbs = X_limbs - (P448_WIDTH);
+ const size_t Q_limbs = M_limbs;
+
+ if (M_limbs > P448_WIDTH) {
+ /* Shouldn't be called with X larger than 2^896! */
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
- M.p = Mp;
- memset(Mp, 0, sizeof(Mp));
- memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
- /* N = A0 */
- for (i = P448_WIDTH; i < N->n; i++) {
- N->p[i] = 0;
+ /* Extra limb for carry below. */
+ M_limbs++;
+
+ mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL);
+
+ if (M == NULL) {
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- /* N += A1 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
+ mbedtls_mpi_uint *Q = mbedtls_calloc(Q_limbs, ciL);
- /* Q = B1, N += B1 */
- Q = M;
- Q.p = Qp;
- memcpy(Qp, Mp, sizeof(Qp));
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&Q, 224));
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
+ if (Q == NULL) {
+ ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
+ goto cleanup;
+ }
- /* M = (B0 + B1) * 2^224, N += M */
+ /* M = A1 */
+ memset(M, 0, (M_limbs * ciL));
+
+ /* Do not copy into the overflow limb, as this would read past the end of
+ * X. */
+ memcpy(M, X + P448_WIDTH, ((M_limbs - 1) * ciL));
+
+ /* X = A0 */
+ for (i = P448_WIDTH; i < X_limbs; i++) {
+ X[i] = 0;
+ }
+
+ /* X += A1 - Carry here dealt with by oversize M and X. */
+ (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
+
+ /* Q = B1, X += B1 */
+ memcpy(Q, M, (Q_limbs * ciL));
+
+ mbedtls_mpi_core_shift_r(Q, Q_limbs, 224);
+
+ /* No carry here - only max 224 bits */
+ (void) mbedtls_mpi_core_add(X, X, Q, Q_limbs);
+
+ /* M = (B0 + B1) * 2^224, X += M */
if (sizeof(mbedtls_mpi_uint) > 4) {
- Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
+ M[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
}
- for (i = P224_WIDTH_MAX; i < M.n; ++i) {
- Mp[i] = 0;
+ for (i = P224_WIDTH_MAX; i < M_limbs; ++i) {
+ M[i] = 0;
}
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
- M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
+
+ (void) mbedtls_mpi_core_add(M, M, Q, Q_limbs);
+
+ /* Shifted carry bit from the addition is dealt with by oversize M */
+ mbedtls_mpi_core_shift_l(M, M_limbs, 224);
+ (void) mbedtls_mpi_core_add(X, X, M, M_limbs);
+
+ ret = 0;
cleanup:
+ mbedtls_free(M);
+ mbedtls_free(Q);
+
return ret;
}
#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
@@ -5517,141 +5597,197 @@
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+
/*
* Fast quasi-reduction modulo P = 2^s - R,
* with R about 33 bits, used by the Koblitz curves.
*
- * Write N as A0 + 2^224 A1, return A0 + R * A1.
- * Actually do two passes, since R is big.
+ * Write X as A0 + 2^224 A1, return A0 + R * A1.
*/
-#define P_KOBLITZ_MAX (256 / 8 / sizeof(mbedtls_mpi_uint)) // Max limbs in P
#define P_KOBLITZ_R (8 / sizeof(mbedtls_mpi_uint)) // Limbs in R
-static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
- size_t adjust, size_t shift, mbedtls_mpi_uint mask)
-{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi M, R;
- mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
- if (N->n < p_limbs) {
- return 0;
+static inline int ecp_mod_koblitz(mbedtls_mpi_uint *X,
+ size_t X_limbs,
+ mbedtls_mpi_uint *R,
+ size_t bits)
+{
+ int ret = 0;
+
+ /* Determine if A1 is aligned to limb bitsize. If not then the used limbs
+ * of P, A0 and A1 must be set accordingly and there is a middle limb
+ * which is shared by A0 and A1 and need to handle accordingly.
+ */
+ size_t shift = bits % biL;
+ size_t adjust = (shift + biL - 1) / biL;
+ size_t P_limbs = bits / biL + adjust;
+
+ mbedtls_mpi_uint *A1 = mbedtls_calloc(P_limbs, ciL);
+ if (A1 == NULL) {
+ return MBEDTLS_ERR_ECP_ALLOC_FAILED;
}
- /* Init R */
- R.s = 1;
- R.p = Rp;
- R.n = P_KOBLITZ_R;
+ /* Create a buffer to store the value of `R * A1` */
+ size_t R_limbs = P_KOBLITZ_R;
+ size_t M_limbs = P_limbs + R_limbs;
+ mbedtls_mpi_uint *M = mbedtls_calloc(M_limbs, ciL);
+ if (M == NULL) {
+ ret = MBEDTLS_ERR_ECP_ALLOC_FAILED;
+ goto cleanup;
+ }
- /* Common setup for M */
- M.s = 1;
- M.p = Mp;
+ mbedtls_mpi_uint mask = 0;
+ if (adjust != 0) {
+ mask = ((mbedtls_mpi_uint) 1 << shift) - 1;
+ }
- for (size_t pass = 0; pass < 2; pass++) {
- /* M = A1 */
- M.n = N->n - (p_limbs - adjust);
- if (M.n > p_limbs + adjust) {
- M.n = p_limbs + adjust;
- }
- memset(Mp, 0, sizeof(Mp));
- memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
+ /* Two passes are needed to reduce the value of `A0 + R * A1` and then
+ * we need an additional one to reduce the possible overflow during
+ * the addition.
+ */
+ for (size_t pass = 0; pass < 3; pass++) {
+ /* Copy A1 */
+ memcpy(A1, X + P_limbs - adjust, P_limbs * ciL);
+
+ /* Shift A1 to be aligned */
if (shift != 0) {
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+ mbedtls_mpi_core_shift_r(A1, P_limbs, shift);
}
- M.n += R.n; /* Make room for multiplication by R */
- /* N = A0 */
+ /* Zeroize the A1 part of the shared limb */
if (mask != 0) {
- N->p[p_limbs - 1] &= mask;
- }
- for (size_t i = p_limbs; i < N->n; i++) {
- N->p[i] = 0;
+ X[P_limbs - 1] &= mask;
}
- /* N = A0 + R * A1 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
- MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
+ /* X = A0
+ * Zeroize the A1 part of X to keep only the A0 part.
+ */
+ for (size_t i = P_limbs; i < X_limbs; i++) {
+ X[i] = 0;
+ }
+
+ /* X = A0 + R * A1 */
+ mbedtls_mpi_core_mul(M, A1, P_limbs, R, R_limbs);
+ (void) mbedtls_mpi_core_add(X, X, M, P_limbs + R_limbs);
+
+ /* Carry can not be generated since R is a 33-bit value and stored in
+ * 64 bits. The result value of the multiplication is at most
+ * P length + 33 bits in length and the result value of the addition
+ * is at most P length + 34 bits in length. So the result of the
+ * addition always fits in P length + 64 bits.
+ */
}
cleanup:
+ mbedtls_free(M);
+ mbedtls_free(A1);
+
return ret;
}
+
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
MBEDTLS_ECP_DP_SECP256K1_ENABLED) */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+
/*
* Fast quasi-reduction modulo p192k1 = 2^192 - R,
- * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
+ * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9
*/
static int ecp_mod_p192k1(mbedtls_mpi *N)
{
- return mbedtls_ecp_mod_p192k1(N);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t expected_width = 2 * ((192 + biL - 1) / biL);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
+ ret = mbedtls_ecp_mod_p192k1_raw(N->p, expected_width);
+
+cleanup:
+ return ret;
}
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N)
+int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00)
+ MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00)
};
- return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
- 0);
+ if (X_limbs != 2 * ((192 + biL - 1) / biL)) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+
+ return ecp_mod_koblitz(X, X_limbs, Rp, 192);
}
+
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-static int ecp_mod_p224k1(mbedtls_mpi *N)
-{
- return mbedtls_ecp_mod_p224k1(N);
-}
-
/*
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
+static int ecp_mod_p224k1(mbedtls_mpi *N)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t expected_width = 2 * 224 / biL;
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
+ ret = mbedtls_ecp_mod_p224k1_raw(N->p, expected_width);
+
+cleanup:
+ return ret;
+}
+
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N)
+int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00)
+ MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00)
};
-#if defined(MBEDTLS_HAVE_INT64)
- return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
-#else
- return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
- 0);
-#endif
+ if (X_limbs != 2 * 224 / biL) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+
+ return ecp_mod_koblitz(X, X_limbs, Rp, 224);
}
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-static int ecp_mod_p256k1(mbedtls_mpi *N)
-{
- return mbedtls_ecp_mod_p256k1(N);
-}
-
/*
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
+static int ecp_mod_p256k1(mbedtls_mpi *N)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t expected_width = 2 * ((256 + biL - 1) / biL);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width));
+ ret = mbedtls_ecp_mod_p256k1_raw(N->p, expected_width);
+
+cleanup:
+ return ret;
+}
+
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N)
+int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs)
{
static mbedtls_mpi_uint Rp[] = {
- MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
- 0x00)
+ MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00,
+ 0x01, 0x00, 0x00, 0x00)
};
- return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
- 0);
+
+ if (X_limbs != 2 * ((256 + biL - 1) / biL)) {
+ return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+ }
+
+ return ecp_mod_koblitz(X, X_limbs, Rp, 256);
}
+
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_TEST_HOOKS)
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 0d093f3..587b173 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -171,28 +171,104 @@
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-/*
- * Fast quasi-reduction modulo p192k1 = 2^192 - R,
- * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
+/** Fast quasi-reduction modulo p192k1 = 2^192 - R,
+ * with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x01000011C9
+ *
+ * \param[in,out] X The address of the MPI to be converted.
+ * Must have exact limb size that stores a 384-bit MPI
+ * (double the bitlength of the modulus).
+ * Upon return holds the reduced value which is
+ * in range `0 <= X < 2 * N` (where N is the modulus).
+ * The bitlength of the reduced value is the same as
+ * that of the modulus (192 bits).
+ * \param[in] X_limbs The length of \p X in limbs.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have
+ * twice as many limbs as the modulus.
+ * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed.
*/
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p192k1(mbedtls_mpi *N);
+int mbedtls_ecp_mod_p192k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+/** Fast quasi-reduction modulo p224k1 = 2^224 - R,
+ * with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
+ *
+ * \param[in,out] X The address of the MPI to be converted.
+ * Must have exact limb size that stores a 448-bit MPI
+ * (double the bitlength of the modulus).
+ * Upon return holds the reduced value which is
+ * in range `0 <= X < 2 * N` (where N is the modulus).
+ * The bitlength of the reduced value is the same as
+ * that of the modulus (224 bits).
+ * \param[in] X_limbs The length of \p X in limbs.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have
+ * twice as many limbs as the modulus.
+ * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed.
+ */
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p224k1(mbedtls_mpi *N);
+int mbedtls_ecp_mod_p224k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+/** Fast quasi-reduction modulo p256k1 = 2^256 - R,
+ * with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
+ *
+ * \param[in,out] X The address of the MPI to be converted.
+ * Must have exact limb size that stores a 512-bit MPI
+ * (double the bitlength of the modulus).
+ * Upon return holds the reduced value which is
+ * in range `0 <= X < 2 * N` (where N is the modulus).
+ * The bitlength of the reduced value is the same as
+ * that of the modulus (256 bits).
+ * \param[in] X_limbs The length of \p X in limbs.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have
+ * twice as many limbs as the modulus.
+ * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed.
+ */
MBEDTLS_STATIC_TESTABLE
-int mbedtls_ecp_mod_p256k1(mbedtls_mpi *N);
+int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs);
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+
+/** Fast quasi-reduction modulo p255 = 2^255 - 19
+ *
+ * \param[in,out] X The address of the MPI to be converted.
+ * Must have exact limb size that stores a 510-bit MPI
+ * (double the bitlength of the modulus).
+ * Upon return holds the reduced value which is
+ * in range `0 <= X < 2 * N` (where N is the modulus).
+ * \param[in] X_limbs The length of \p X in limbs.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have
+ * twice as many limbs as the modulus.
+ * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed.
+ */
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs);
+
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+
+MBEDTLS_STATIC_TESTABLE
+int mbedtls_ecp_mod_p448(mbedtls_mpi_uint *X, size_t X_limbs);
+
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
/** Initialise a modulus with hard-coded const curve data.
*
* \note The caller is responsible for the \p N modulus' memory.
diff --git a/library/hash_info.c b/library/hash_info.c
deleted file mode 100644
index 37e44c6..0000000
--- a/library/hash_info.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Hash information that's independent from the crypto implementation.
- *
- * (See the corresponding header file for usage notes.)
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "hash_info.h"
-#include "mbedtls/error.h"
-
-typedef struct {
- psa_algorithm_t psa_alg;
- mbedtls_md_type_t md_type;
- unsigned char size;
- unsigned char block_size;
-} hash_entry;
-
-static const hash_entry hash_table[] = {
-#if defined(MBEDTLS_MD_CAN_MD5)
- { PSA_ALG_MD5, MBEDTLS_MD_MD5, 16, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
- { PSA_ALG_RIPEMD160, MBEDTLS_MD_RIPEMD160, 20, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA1)
- { PSA_ALG_SHA_1, MBEDTLS_MD_SHA1, 20, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
- { PSA_ALG_SHA_224, MBEDTLS_MD_SHA224, 28, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA256)
- { PSA_ALG_SHA_256, MBEDTLS_MD_SHA256, 32, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
- { PSA_ALG_SHA_384, MBEDTLS_MD_SHA384, 48, 128 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA512)
- { PSA_ALG_SHA_512, MBEDTLS_MD_SHA512, 64, 128 },
-#endif
- { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 },
-};
-
-/* Get size from MD type */
-unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->size;
-}
-
-/* Get block size from MD type */
-unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->block_size;
-}
-
-/* Get PSA from MD */
-psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->psa_alg;
-}
-
-/* Get MD from PSA */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->psa_alg != psa_alg) {
- entry++;
- }
-
- return entry->md_type;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_error_from_psa(psa_status_t status)
-{
- switch (status) {
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INVALID_ARGUMENT:
- return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_MD_ALLOC_FAILED;
- default:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- }
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/library/hash_info.h b/library/hash_info.h
deleted file mode 100644
index f984c82..0000000
--- a/library/hash_info.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Hash information that's independent from the crypto implementation.
- *
- * This can be used by:
- * - code based on PSA
- * - code based on the legacy API
- * - code based on either of them depending on MBEDTLS_USE_PSA_CRYPTO
- * - code based on either of them depending on what's available
- *
- * Note: this internal module will go away when everything becomes based on
- * PSA Crypto; it is a helper for the transition while hash algorithms are
- * still represented using mbedtls_md_type_t in most places even when PSA is
- * used for the actual crypto computations.
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_HASH_INFO_H
-#define MBEDTLS_HASH_INFO_H
-
-#include "common.h"
-
-#include "mbedtls/md.h"
-#include "psa/crypto.h"
-#include "mbedtls/platform_util.h"
-
-/** \def MBEDTLS_HASH_MAX_SIZE
- *
- * Maximum size of a hash based on configuration.
- */
-#if defined(MBEDTLS_MD_C) && ( \
- !defined(MBEDTLS_PSA_CRYPTO_C) || \
- MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
- !defined(MBEDTLS_MD_C) || \
- PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
-#endif
-
-/** Get the output length of the given hash type from its MD type.
- *
- * \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH().
- *
- * \param md_type The hash MD type.
- *
- * \return The output length in bytes, or 0 if not known.
- */
-unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type);
-
-/** Get the block size of the given hash type from its MD type.
- *
- * \note To get the output length from the PSA alg, use
- * \c PSA_HASH_BLOCK_LENGTH().
- *
- * \param md_type The hash MD type.
- *
- * \return The block size in bytes, or 0 if not known.
- */
-unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type);
-
-/** Get the PSA alg from the MD type.
- *
- * \param md_type The hash MD type.
- *
- * \return The corresponding PSA algorithm identifier,
- * or PSA_ALG_NONE if not known.
- */
-psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type);
-
-/** Get the MD type alg from the PSA algorithm identifier.
- *
- * \param psa_alg The PSA hash algorithm.
- *
- * \return The corresponding MD type,
- * or MBEDTLS_MD_NONE if not known.
- */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/** Convert PSA status to MD error code.
- *
- * \param status PSA status.
- *
- * \return The corresponding MD error code,
- */
-int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status);
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_HASH_INFO_H */
diff --git a/library/md.c b/library/md.c
index bebe358..a29d876 100644
--- a/library/md.c
+++ b/library/md.c
@@ -51,9 +51,15 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include <psa/crypto.h>
+#include "md_psa.h"
+#include "mbedtls/psa_util.h"
+#endif
#if defined(MBEDTLS_MD_SOME_PSA)
-#include <psa/crypto.h>
#include "psa_crypto_core.h"
#endif
@@ -65,6 +71,11 @@
#include <stdio.h>
#endif
+/* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
+#error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
+#endif
+
#if defined(MBEDTLS_MD_CAN_MD5)
const mbedtls_md_info_t mbedtls_md5_info = {
"MD5",
@@ -128,6 +139,42 @@
};
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+const mbedtls_md_info_t mbedtls_sha3_224_info = {
+ "SHA3-224",
+ MBEDTLS_MD_SHA3_224,
+ 28,
+ 144,
+};
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+const mbedtls_md_info_t mbedtls_sha3_256_info = {
+ "SHA3-256",
+ MBEDTLS_MD_SHA3_256,
+ 32,
+ 136,
+};
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+const mbedtls_md_info_t mbedtls_sha3_384_info = {
+ "SHA3-384",
+ MBEDTLS_MD_SHA3_384,
+ 48,
+ 104,
+};
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+const mbedtls_md_info_t mbedtls_sha3_512_info = {
+ "SHA3-512",
+ MBEDTLS_MD_SHA3_512,
+ 64,
+ 72,
+};
+#endif
+
const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type)
{
switch (md_type) {
@@ -159,6 +206,22 @@
case MBEDTLS_MD_SHA512:
return &mbedtls_sha512_info;
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ case MBEDTLS_MD_SHA3_224:
+ return &mbedtls_sha3_224_info;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ case MBEDTLS_MD_SHA3_256:
+ return &mbedtls_sha3_256_info;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ case MBEDTLS_MD_SHA3_384:
+ return &mbedtls_sha3_384_info;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ case MBEDTLS_MD_SHA3_512:
+ return &mbedtls_sha3_512_info;
+#endif
default:
return NULL;
}
@@ -210,20 +273,6 @@
return psa_can_do_hash(alg);
}
-
-static int mbedtls_md_error_from_psa(psa_status_t status)
-{
- switch (status) {
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_MD_ALLOC_FAILED;
- default:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- }
-}
#endif /* MBEDTLS_MD_SOME_PSA */
void mbedtls_md_init(mbedtls_md_context_t *ctx)
@@ -280,6 +329,14 @@
mbedtls_sha512_free(ctx->md_ctx);
break;
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ case MBEDTLS_MD_SHA3_256:
+ case MBEDTLS_MD_SHA3_384:
+ case MBEDTLS_MD_SHA3_512:
+ mbedtls_sha3_free(ctx->md_ctx);
+ break;
+#endif
default:
/* Shouldn't happen */
break;
@@ -358,6 +415,14 @@
mbedtls_sha512_clone(dst->md_ctx, src->md_ctx);
break;
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ case MBEDTLS_MD_SHA3_256:
+ case MBEDTLS_MD_SHA3_384:
+ case MBEDTLS_MD_SHA3_512:
+ mbedtls_sha3_clone(dst->md_ctx, src->md_ctx);
+ break;
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -376,7 +441,12 @@
int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac)
{
- if (md_info == NULL || ctx == NULL) {
+#if defined(MBEDTLS_MD_C)
+ if (ctx == NULL) {
+ return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
+ }
+#endif
+ if (md_info == NULL) {
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -435,6 +505,14 @@
ALLOC(sha512);
break;
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ case MBEDTLS_MD_SHA3_256:
+ case MBEDTLS_MD_SHA3_384:
+ case MBEDTLS_MD_SHA3_512:
+ ALLOC(sha3);
+ break;
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -455,9 +533,11 @@
int mbedtls_md_starts(mbedtls_md_context_t *ctx)
{
+#if defined(MBEDTLS_MD_C)
if (ctx == NULL || ctx->md_info == NULL) {
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
+#endif
#if defined(MBEDTLS_MD_SOME_PSA)
if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
@@ -497,6 +577,16 @@
case MBEDTLS_MD_SHA512:
return mbedtls_sha512_starts(ctx->md_ctx, 0);
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224);
+ case MBEDTLS_MD_SHA3_256:
+ return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256);
+ case MBEDTLS_MD_SHA3_384:
+ return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384);
+ case MBEDTLS_MD_SHA3_512:
+ return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512);
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -504,9 +594,11 @@
int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen)
{
+#if defined(MBEDTLS_MD_C)
if (ctx == NULL || ctx->md_info == NULL) {
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
+#endif
#if defined(MBEDTLS_MD_SOME_PSA)
if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
@@ -544,6 +636,13 @@
case MBEDTLS_MD_SHA512:
return mbedtls_sha512_update(ctx->md_ctx, input, ilen);
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ case MBEDTLS_MD_SHA3_256:
+ case MBEDTLS_MD_SHA3_384:
+ case MBEDTLS_MD_SHA3_512:
+ return mbedtls_sha3_update(ctx->md_ctx, input, ilen);
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -551,9 +650,11 @@
int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output)
{
+#if defined(MBEDTLS_MD_C)
if (ctx == NULL || ctx->md_info == NULL) {
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
+#endif
#if defined(MBEDTLS_MD_SOME_PSA)
if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) {
@@ -593,6 +694,13 @@
case MBEDTLS_MD_SHA512:
return mbedtls_sha512_finish(ctx->md_ctx, output);
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ case MBEDTLS_MD_SHA3_256:
+ case MBEDTLS_MD_SHA3_384:
+ case MBEDTLS_MD_SHA3_512:
+ return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size);
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -644,6 +752,16 @@
case MBEDTLS_MD_SHA512:
return mbedtls_sha512(input, ilen, output, 0);
#endif
+#if defined(MBEDTLS_SHA3_C)
+ case MBEDTLS_MD_SHA3_224:
+ return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size);
+ case MBEDTLS_MD_SHA3_256:
+ return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size);
+ case MBEDTLS_MD_SHA3_384:
+ return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size);
+ case MBEDTLS_MD_SHA3_512:
+ return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size);
+#endif
default:
return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
}
@@ -667,6 +785,87 @@
return md_info->type;
}
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+ switch (md_type) {
+#if defined(MBEDTLS_MD_CAN_MD5)
+ case MBEDTLS_MD_MD5:
+ return PSA_ALG_MD5;
+#endif
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ case MBEDTLS_MD_RIPEMD160:
+ return PSA_ALG_RIPEMD160;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ case MBEDTLS_MD_SHA1:
+ return PSA_ALG_SHA_1;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA224)
+ case MBEDTLS_MD_SHA224:
+ return PSA_ALG_SHA_224;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ case MBEDTLS_MD_SHA256:
+ return PSA_ALG_SHA_256;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ case MBEDTLS_MD_SHA384:
+ return PSA_ALG_SHA_384;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA512)
+ case MBEDTLS_MD_SHA512:
+ return PSA_ALG_SHA_512;
+#endif
+ default:
+ return PSA_ALG_NONE;
+ }
+}
+
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+ switch (psa_alg) {
+#if defined(MBEDTLS_MD_CAN_MD5)
+ case PSA_ALG_MD5:
+ return MBEDTLS_MD_MD5;
+#endif
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ return MBEDTLS_MD_RIPEMD160;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ case PSA_ALG_SHA_1:
+ return MBEDTLS_MD_SHA1;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA224)
+ case PSA_ALG_SHA_224:
+ return MBEDTLS_MD_SHA224;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ case PSA_ALG_SHA_256:
+ return MBEDTLS_MD_SHA256;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ case PSA_ALG_SHA_384:
+ return MBEDTLS_MD_SHA384;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA512)
+ case PSA_ALG_SHA_512:
+ return MBEDTLS_MD_SHA512;
+#endif
+ default:
+ return MBEDTLS_MD_NONE;
+ }
+}
+
+int mbedtls_md_error_from_psa(psa_status_t status)
+{
+ return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
+ psa_generic_status_to_mbedtls);
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+
/************************************************************************
* Functions above this separator are part of MBEDTLS_MD_LIGHT, *
* functions below are only available when MBEDTLS_MD_C is set. *
@@ -705,6 +904,22 @@
MBEDTLS_MD_MD5,
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ MBEDTLS_MD_SHA3_224,
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ MBEDTLS_MD_SHA3_256,
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ MBEDTLS_MD_SHA3_384,
+#endif
+
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ MBEDTLS_MD_SHA3_512,
+#endif
+
MBEDTLS_MD_NONE
};
@@ -755,6 +970,26 @@
return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512);
}
#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_224)
+ if (!strcmp("SHA3-224", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224);
+ }
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_256)
+ if (!strcmp("SHA3-256", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256);
+ }
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_384)
+ if (!strcmp("SHA3-384", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384);
+ }
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA3_512)
+ if (!strcmp("SHA3-512", md_name)) {
+ return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512);
+ }
+#endif
return NULL;
}
diff --git a/library/md_psa.h b/library/md_psa.h
new file mode 100644
index 0000000..6645c83
--- /dev/null
+++ b/library/md_psa.h
@@ -0,0 +1,60 @@
+/**
+ * Translation between MD and PSA identifiers (algorithms, errors).
+ *
+ * Note: this internal module will go away when everything becomes based on
+ * PSA Crypto; it is a helper for the transition period.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_MD_PSA_H
+#define MBEDTLS_MD_PSA_H
+
+#include "common.h"
+
+#include "mbedtls/md.h"
+#include "psa/crypto.h"
+
+/**
+ * \brief This function returns the PSA algorithm identifier
+ * associated with the given digest type.
+ *
+ * \param md_type The type of digest to search for.
+ *
+ * \return The PSA algorithm identifier associated with \p md_type.
+ * \return PSA_ALG_NONE if the algorithm is not supported.
+ */
+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type);
+
+/**
+ * \brief This function returns the given digest type
+ * associated with the PSA algorithm identifier.
+ *
+ * \param psa_alg The PSA algorithm identifier to search for.
+ *
+ * \return The MD type associated with \p psa_alg.
+ * \return MBEDTLS_MD_NONE if the algorithm is not supported.
+ */
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg);
+
+/** Convert PSA status to MD error code.
+ *
+ * \param status PSA status.
+ *
+ * \return The corresponding MD error code,
+ */
+int mbedtls_md_error_from_psa(psa_status_t status);
+
+#endif /* MBEDTLS_MD_PSA_H */
diff --git a/library/md_wrap.h b/library/md_wrap.h
index cd539b5..5e1e327 100644
--- a/library/md_wrap.h
+++ b/library/md_wrap.h
@@ -73,6 +73,12 @@
#if defined(MBEDTLS_SHA512_C)
extern const mbedtls_md_info_t mbedtls_sha512_info;
#endif
+#if defined(MBEDTLS_SHA3_C)
+extern const mbedtls_md_info_t mbedtls_sha3_224_info;
+extern const mbedtls_md_info_t mbedtls_sha3_256_info;
+extern const mbedtls_md_info_t mbedtls_sha3_384_info;
+extern const mbedtls_md_info_t mbedtls_sha3_512_info;
+#endif
#ifdef __cplusplus
}
diff --git a/library/mps_common.h b/library/mps_common.h
index 4a10176..33b518b 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -169,7 +169,7 @@
*
*/
typedef size_t mbedtls_mps_stored_size_t;
-#define MBEDTLS_MPS_STORED_SIZE_MAX ((mbedtls_mps_stored_size_t) -1)
+#define MBEDTLS_MPS_STORED_SIZE_MAX (SIZE_MAX)
/** \brief The type of buffer sizes and offsets used in the MPS API
* and implementation.
@@ -183,7 +183,7 @@
* so almost 10%.
*/
typedef size_t mbedtls_mps_size_t;
-#define MBEDTLS_MPS_SIZE_MAX ((mbedtls_mps_size_t) -1)
+#define MBEDTLS_MPS_SIZE_MAX (SIZE_MAX)
#if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX
#error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t."
diff --git a/library/oid.c b/library/oid.c
index 80cadcd..a580992 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -319,6 +319,18 @@
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
},
{
+ OID_DESCRIPTOR(MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER,
+ "id-ce-subjectKeyIdentifier",
+ "Subject Key Identifier"),
+ MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER,
+ },
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
+ "id-ce-authorityKeyIdentifier",
+ "Authority Key Identifier"),
+ MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER,
+ },
+ {
NULL_OID_DESCRIPTOR,
0,
},
@@ -533,7 +545,7 @@
#if defined(MBEDTLS_ECP_LIGHT)
/*
- * For namedCurve (RFC 5480)
+ * For elliptic curves that use namedCurve inside ECParams (RFC 5480)
*/
typedef struct {
mbedtls_oid_descriptor_t descriptor;
@@ -621,6 +633,47 @@
oid_ecp_grp,
mbedtls_ecp_group_id,
grp_id)
+
+/*
+ * For Elliptic Curve algorithms that are directly
+ * encoded in the AlgorithmIdentifier (RFC 8410)
+ */
+typedef struct {
+ mbedtls_oid_descriptor_t descriptor;
+ mbedtls_ecp_group_id grp_id;
+} oid_ecp_grp_algid_t;
+
+static const oid_ecp_grp_algid_t oid_ecp_grp_algid[] =
+{
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_X25519, "X25519", "X25519"),
+ MBEDTLS_ECP_DP_CURVE25519,
+ },
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ {
+ OID_DESCRIPTOR(MBEDTLS_OID_X448, "X448", "X448"),
+ MBEDTLS_ECP_DP_CURVE448,
+ },
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+ {
+ NULL_OID_DESCRIPTOR,
+ MBEDTLS_ECP_DP_NONE,
+ },
+};
+
+FN_OID_TYPED_FROM_ASN1(oid_ecp_grp_algid_t, grp_id_algid, oid_ecp_grp_algid)
+FN_OID_GET_ATTR1(mbedtls_oid_get_ec_grp_algid,
+ oid_ecp_grp_algid_t,
+ grp_id_algid,
+ mbedtls_ecp_group_id,
+ grp_id)
+FN_OID_GET_OID_BY_ATTR1(mbedtls_oid_get_oid_by_ec_grp_algid,
+ oid_ecp_grp_algid_t,
+ oid_ecp_grp_algid,
+ mbedtls_ecp_group_id,
+ grp_id)
#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_CIPHER_C)
@@ -880,4 +933,180 @@
return (int) (size - n);
}
+static int oid_parse_number(unsigned int *num, const char **p, const char *bound)
+{
+ int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+
+ *num = 0;
+
+ while (*p < bound && **p >= '0' && **p <= '9') {
+ ret = 0;
+ if (*num > (UINT_MAX / 10)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ *num *= 10;
+ *num += **p - '0';
+ (*p)++;
+ }
+ return ret;
+}
+
+static size_t oid_subidentifier_num_bytes(unsigned int value)
+{
+ size_t num_bytes = 0;
+
+ do {
+ value >>= 7;
+ num_bytes++;
+ } while (value != 0);
+
+ return num_bytes;
+}
+
+static int oid_subidentifier_encode_into(unsigned char **p,
+ unsigned char *bound,
+ unsigned int value)
+{
+ size_t num_bytes = oid_subidentifier_num_bytes(value);
+
+ if ((size_t) (bound - *p) < num_bytes) {
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+ }
+ (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f);
+ value >>= 7;
+
+ for (size_t i = 2; i <= num_bytes; i++) {
+ (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f);
+ value >>= 7;
+ }
+ *p += num_bytes;
+
+ return 0;
+}
+
+/* Return the OID for the given x.y.z.... style numeric string */
+int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid,
+ const char *oid_str, size_t size)
+{
+ int ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ const char *str_ptr = oid_str;
+ const char *str_bound = oid_str + size;
+ unsigned int val = 0;
+ unsigned int component1, component2;
+ size_t encoded_len;
+ unsigned char *resized_mem;
+
+ /* Count the number of dots to get a worst-case allocation size. */
+ size_t num_dots = 0;
+ for (size_t i = 0; i < size; i++) {
+ if (oid_str[i] == '.') {
+ num_dots++;
+ }
+ }
+ /* Allocate maximum possible required memory:
+ * There are (num_dots + 1) integer components, but the first 2 share the
+ * same subidentifier, so we only need num_dots subidentifiers maximum. */
+ if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
+ /* Each byte can store 7 bits, calculate number of bytes for a
+ * subidentifier:
+ *
+ * bytes = ceil(subidentifer_size * 8 / 7)
+ */
+ size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7)
+ + 1;
+ size_t max_possible_bytes = num_dots * bytes_per_subidentifier;
+ oid->p = mbedtls_calloc(max_possible_bytes, 1);
+ if (oid->p == NULL) {
+ return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ }
+ unsigned char *out_ptr = oid->p;
+ unsigned char *out_bound = oid->p + max_possible_bytes;
+
+ ret = oid_parse_number(&component1, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if (component1 > 2) {
+ /* First component can't be > 2 */
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ if (str_ptr >= str_bound || *str_ptr != '.') {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ str_ptr++;
+
+ ret = oid_parse_number(&component2, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if ((component1 < 2) && (component2 > 39)) {
+ /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ if (str_ptr < str_bound) {
+ if (*str_ptr == '.') {
+ str_ptr++;
+ } else {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ }
+
+ if (component2 > (UINT_MAX - (component1 * 40))) {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ ret = oid_subidentifier_encode_into(&out_ptr, out_bound,
+ (component1 * 40) + component2);
+ if (ret != 0) {
+ goto error;
+ }
+
+ while (str_ptr < str_bound) {
+ ret = oid_parse_number(&val, &str_ptr, str_bound);
+ if (ret != 0) {
+ goto error;
+ }
+ if (str_ptr < str_bound) {
+ if (*str_ptr == '.') {
+ str_ptr++;
+ } else {
+ ret = MBEDTLS_ERR_ASN1_INVALID_DATA;
+ goto error;
+ }
+ }
+
+ ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val);
+ if (ret != 0) {
+ goto error;
+ }
+ }
+
+ encoded_len = out_ptr - oid->p;
+ resized_mem = mbedtls_calloc(encoded_len, 1);
+ if (resized_mem == NULL) {
+ ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ goto error;
+ }
+ memcpy(resized_mem, oid->p, encoded_len);
+ mbedtls_free(oid->p);
+ oid->p = resized_mem;
+ oid->len = encoded_len;
+
+ oid->tag = MBEDTLS_ASN1_OID;
+
+ return 0;
+
+error:
+ mbedtls_free(oid->p);
+ oid->p = NULL;
+ oid->len = 0;
+ return ret;
+}
+
#endif /* MBEDTLS_OID_C */
diff --git a/library/pem.c b/library/pem.c
index 8c8f39d..056c98c 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -29,7 +29,6 @@
#include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "hash_info.h"
#include <string.h>
@@ -491,7 +490,7 @@
size_t len = 0, use_len, add_len = 0;
mbedtls_base64_encode(NULL, 0, &use_len, der_data, der_len);
- add_len = strlen(header) + strlen(footer) + (use_len / 64) + 1;
+ add_len = strlen(header) + strlen(footer) + (((use_len > 2) ? (use_len - 2) : 0) / 64) + 1;
if (use_len + add_len > buf_len) {
*olen = use_len + add_len;
diff --git a/library/pk.c b/library/pk.c
index 2516eed..91796de 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -23,8 +23,7 @@
#include "mbedtls/pk.h"
#include "pk_wrap.h"
#include "pkwrite.h"
-
-#include "hash_info.h"
+#include "pk_internal.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -41,13 +40,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
-#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
-#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_pk_rsa_errors, \
- psa_pk_status_to_mbedtls)
-#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_pk_ecdsa_errors, \
- psa_pk_status_to_mbedtls)
+#include "md_psa.h"
#endif
#include <limits.h>
@@ -60,6 +53,15 @@
{
ctx->pk_info = NULL;
ctx->pk_ctx = NULL;
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ ctx->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ memset(ctx->pub_raw, 0, sizeof(ctx->pub_raw));
+ ctx->pub_raw_len = 0;
+ ctx->ec_family = 0;
+ ctx->ec_bits = 0;
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
}
/*
@@ -71,10 +73,18 @@
return;
}
- if (ctx->pk_info != NULL) {
+ if ((ctx->pk_info != NULL) && (ctx->pk_info->ctx_free_func != NULL)) {
ctx->pk_info->ctx_free_func(ctx->pk_ctx);
}
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ /* The ownership of the priv_id key for opaque keys is external of the PK
+ * module. It's the user responsibility to clear it after use. */
+ if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) {
+ psa_destroy_key(ctx->priv_id);
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context));
}
@@ -140,7 +150,8 @@
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
- if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
+ if ((info->ctx_alloc_func != NULL) &&
+ ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) {
return MBEDTLS_ERR_PK_ALLOC_FAILED;
}
@@ -158,7 +169,6 @@
{
const mbedtls_pk_info_t *info = NULL;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t *pk_ctx;
psa_key_type_t type;
if (ctx == NULL || ctx->pk_info != NULL) {
@@ -179,19 +189,49 @@
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- if ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL) {
- return MBEDTLS_ERR_PK_ALLOC_FAILED;
- }
-
ctx->pk_info = info;
-
- pk_ctx = (mbedtls_svc_key_id_t *) ctx->pk_ctx;
- *pk_ctx = key;
+ ctx->priv_id = key;
return 0;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
+ mbedtls_ecp_keypair *ecp_keypair)
+{
+ int ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+
+ if (pk == NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ /* The raw public key storing mechanism is only supported for EC keys so
+ * we fail silently for other ones. */
+ if ((pk->pk_info->type != MBEDTLS_PK_ECKEY) &&
+ (pk->pk_info->type != MBEDTLS_PK_ECKEY_DH) &&
+ (pk->pk_info->type != MBEDTLS_PK_ECDSA)) {
+ return 0;
+ }
+
+ ret = mbedtls_ecp_point_write_binary(&ecp_keypair->grp, &ecp_keypair->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &pk->pub_raw_len,
+ pk->pub_raw,
+ MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
+ if (ret != 0) {
+ return ret;
+ }
+
+ pk->ec_family = mbedtls_ecc_group_to_psa(ecp_keypair->grp.id,
+ &pk->ec_bits);
+ if (pk->ec_family == 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/*
* Initialize an RSA-alt context
@@ -315,12 +355,11 @@
return (key_usage & usage) == usage;
}
- const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t key_alg, key_alg2;
psa_status_t status;
- status = psa_get_key_attributes(*key, &attributes);
+ status = psa_get_key_attributes(ctx->priv_id, &attributes);
if (status != PSA_SUCCESS) {
return 0;
}
@@ -378,7 +417,7 @@
return 0;
}
- *hash_len = mbedtls_hash_info_get_size(md_alg);
+ *hash_len = mbedtls_md_get_size_from_type(md_alg);
if (*hash_len == 0) {
return -1;
@@ -527,7 +566,7 @@
psa_status_t status = PSA_ERROR_DATA_CORRUPT;
psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
- psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg);
@@ -695,16 +734,15 @@
}
#if defined(MBEDTLS_RSA_C)
- psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
- const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
psa_status_t status;
- status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg),
+ status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg),
hash, hash_len,
sig, sig_size, sig_len);
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
@@ -786,7 +824,8 @@
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
} else {
- if (pub->pk_info != prv->pk_info) {
+ if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) &&
+ (pub->pk_info != prv->pk_info)) {
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
}
}
@@ -873,24 +912,35 @@
#else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
- const mbedtls_ecp_keypair *ec;
- unsigned char d[MBEDTLS_ECP_MAX_BYTES];
size_t d_len;
psa_ecc_family_t curve_id;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
size_t bits;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_status_t status;
/* export the private key material in the format PSA wants */
- ec = mbedtls_pk_ec(*pk);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
+ status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len);
+ if (status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(status);
+ }
+
+ curve_id = pk->ec_family;
+ bits = pk->ec_bits;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ unsigned char d[MBEDTLS_ECP_MAX_BYTES];
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
- if ((ret = mbedtls_mpi_write_binary(&ec->d, d, d_len)) != 0) {
+ if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
return ret;
}
curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
/* prepare the key attributes */
@@ -904,6 +954,7 @@
/* import private key into PSA */
status = psa_import_key(&attributes, d, d_len, key);
+ mbedtls_platform_zeroize(d, sizeof(d));
if (status != PSA_SUCCESS) {
return PSA_PK_TO_MBEDTLS_ERR(status);
}
diff --git a/library/pk_internal.h b/library/pk_internal.h
new file mode 100644
index 0000000..388f94a
--- /dev/null
+++ b/library/pk_internal.h
@@ -0,0 +1,135 @@
+/**
+ * \file pk_internal.h
+ *
+ * \brief Public Key abstraction layer: internal (i.e. library only) functions
+ * and definitions.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_PK_INTERNAL_H
+#define MBEDTLS_PK_INTERNAL_H
+
+#include "mbedtls/pk.h"
+
+#if defined(MBEDTLS_ECP_LIGHT)
+#include "mbedtls/ecp.h"
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#include "mbedtls/psa_util.h"
+#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
+#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+ psa_to_pk_rsa_errors, \
+ psa_pk_status_to_mbedtls)
+#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+ psa_to_pk_ecdsa_errors, \
+ psa_pk_status_to_mbedtls)
+#endif
+
+#if defined(MBEDTLS_ECP_LIGHT)
+/**
+ * Public function mbedtls_pk_ec() can be used to get direct access to the
+ * wrapped ecp_keypair structure pointed to the pk_ctx. However this is not
+ * ideal because it bypasses the PK module on the control of its internal
+ * structure (pk_context) fields.
+ * For backward compatibility we keep mbedtls_pk_ec() when ECP_C is defined, but
+ * we provide 2 very similar functions when only ECP_LIGHT is enabled and not
+ * ECP_C.
+ * These variants embed the "ro" or "rw" keywords in their name to make the
+ * usage of the returned pointer explicit. Of course the returned value is
+ * const or non-const accordingly.
+ */
+static inline const mbedtls_ecp_keypair *mbedtls_pk_ec_ro(const mbedtls_pk_context pk)
+{
+ switch (mbedtls_pk_get_type(&pk)) {
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ return (const mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
+ default:
+ return NULL;
+ }
+}
+
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk)
+{
+ switch (mbedtls_pk_get_type(&pk)) {
+ case MBEDTLS_PK_ECKEY:
+ case MBEDTLS_PK_ECKEY_DH:
+ case MBEDTLS_PK_ECDSA:
+ return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
+ default:
+ return NULL;
+ }
+}
+
+static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk)
+{
+ mbedtls_ecp_group_id id;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t opaque_key_type;
+ psa_ecc_family_t curve;
+
+ if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
+ return MBEDTLS_ECP_DP_NONE;
+ }
+ opaque_key_type = psa_get_key_type(&opaque_attrs);
+ curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type);
+ id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0);
+ psa_reset_key_attributes(&opaque_attrs);
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ id = mbedtls_pk_ec_ro(*pk)->grp.id;
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ }
+
+ return id;
+}
+
+/* Helper for Montgomery curves */
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#define MBEDTLS_PK_HAVE_RFC8410_CURVES
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */
+#endif /* MBEDTLS_ECP_LIGHT */
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+/**
+ * \brief Copy the public key content in raw format from "ctx->pk_ctx"
+ * (which is an ecp_keypair) into the internal "ctx->pub_raw" buffer.
+ *
+ * \note This is a temporary function that can be removed as soon as the pk
+ * module is free from ECP_C
+ *
+ * \param pk It is the pk_context which is going to be updated. It acts both
+ * as input and output.
+ */
+int mbedtls_pk_update_public_key_from_keypair(mbedtls_pk_context *pk,
+ mbedtls_ecp_keypair *ecp_keypair);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+#endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 6c9f97b..a4c2a3b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -23,7 +23,9 @@
#if defined(MBEDTLS_PK_C)
#include "pk_wrap.h"
+#include "pk_internal.h"
#include "mbedtls/error.h"
+#include "md_psa.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
@@ -42,18 +44,10 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
-#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status)
-#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_pk_rsa_errors, \
- psa_pk_status_to_mbedtls)
-#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
- psa_to_pk_ecdsa_errors, \
- psa_pk_status_to_mbedtls)
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#include "hash_info.h"
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#include "mbedtls/asn1write.h"
@@ -211,7 +205,7 @@
int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
psa_algorithm_t psa_alg_md =
- PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
size_t rsa_len = mbedtls_rsa_get_len(rsa);
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
@@ -363,7 +357,7 @@
((void) p_rng);
psa_algorithm_t psa_md_alg;
- psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -653,8 +647,12 @@
static size_t eckey_get_bitlen(mbedtls_pk_context *pk)
{
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ return pk->ec_bits;
+#else
mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
return ecp->grp.pbits;
+#endif
}
#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
@@ -724,11 +722,20 @@
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len)
{
- mbedtls_ecp_keypair *ctx = pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
+ unsigned char *p;
+ psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
+ size_t signature_len;
+ ((void) md_alg);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ unsigned char buf[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE];
+ psa_ecc_family_t curve = pk->ec_family;
+ size_t curve_bits = pk->ec_bits;
+#else
+ mbedtls_ecp_keypair *ctx = pk->pk_ctx;
size_t key_len;
/* This buffer will initially contain the public key and then the signature
* but at different points in time. For all curves except secp224k1, which
@@ -736,13 +743,10 @@
* (header byte + 2 numbers, while the signature is only 2 numbers),
* so use that as the buffer size. */
unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
- unsigned char *p;
- psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
size_t curve_bits;
psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
- const size_t signature_part_size = (ctx->grp.nbits + 7) / 8;
- ((void) md_alg);
+#endif
if (curve == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -752,6 +756,11 @@
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
psa_set_key_algorithm(&attributes, psa_sig_md);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ status = psa_import_key(&attributes,
+ pk->pub_raw, pk->pub_raw_len,
+ &key_id);
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&key_len, buf, sizeof(buf));
@@ -762,27 +771,30 @@
status = psa_import_key(&attributes,
buf, key_len,
&key_id);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status);
goto cleanup;
}
- /* We don't need the exported key anymore and can
- * reuse its buffer for signature extraction. */
- if (2 * signature_part_size > sizeof(buf)) {
+ signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits);
+ if (signature_len > sizeof(buf)) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
goto cleanup;
}
p = (unsigned char *) sig;
+ /* extract_ecdsa_sig's last parameter is the size
+ * of each integer to be parsed, so it's actually half
+ * the size of the signature. */
if ((ret = extract_ecdsa_sig(&p, sig + sig_len, buf,
- signature_part_size)) != 0) {
+ signature_len/2)) != 0) {
goto cleanup;
}
status = psa_verify_hash(key_id, psa_sig_md,
hash, hash_len,
- buf, 2 * signature_part_size);
+ buf, signature_len);
if (status != PSA_SUCCESS) {
ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
goto cleanup;
@@ -913,23 +925,27 @@
unsigned char *sig, size_t sig_size, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- mbedtls_ecp_keypair *ctx = pk->pk_ctx;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_status_t status;
- unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
psa_algorithm_t psa_sig_md =
- PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
#else
psa_algorithm_t psa_sig_md =
- PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
#endif
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ psa_ecc_family_t curve = pk->ec_family;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *ctx = pk->pk_ctx;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
size_t curve_bits;
psa_ecc_family_t curve =
mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits);
size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/* PSA has its own RNG */
((void) f_rng);
@@ -939,6 +955,12 @@
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(pk->priv_id) == PSA_KEY_ID_NULL) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ key_id = pk->priv_id;
+#else
if (key_len > sizeof(buf)) {
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
}
@@ -958,6 +980,7 @@
ret = PSA_PK_TO_MBEDTLS_ERR(status);
goto cleanup;
}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len,
sig, sig_size, sig_len);
@@ -969,8 +992,11 @@
ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size);
cleanup:
+
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
mbedtls_platform_zeroize(buf, sizeof(buf));
status = psa_destroy_key(key_id);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
if (ret == 0 && status != PSA_SUCCESS) {
ret = PSA_PK_TO_MBEDTLS_ERR(status);
}
@@ -1110,28 +1136,43 @@
*/
static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv)
{
- psa_status_t status, destruction_status;
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_ecp_keypair *prv_ctx = prv->pk_ctx;
- mbedtls_ecp_keypair *pub_ctx = pub->pk_ctx;
+ psa_status_t status;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- /* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this
- * buffer because it will be used to hold the private key at first and
- * then its public part (but not at the same time). */
uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t prv_key_len;
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_svc_key_id_t key_id = prv->priv_id;
+
+ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf),
+ &prv_key_len);
+ ret = PSA_PK_TO_MBEDTLS_ERR(status);
+ if (ret != 0) {
+ return ret;
+ }
+
+ if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+#else /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+ psa_status_t destruction_status;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
size_t pub_key_len;
- mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
size_t curve_bits;
const psa_ecc_family_t curve =
- mbedtls_ecc_group_to_psa(prv_ctx->grp.id, &curve_bits);
+ mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits);
const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits);
+ if (curve == 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
- ret = mbedtls_mpi_write_binary(&prv_ctx->d, prv_key_buf, curve_bytes);
+ ret = mbedtls_mpi_write_binary(&mbedtls_pk_ec_ro(*prv)->d,
+ prv_key_buf, curve_bytes);
if (ret != 0) {
return ret;
}
@@ -1154,7 +1195,8 @@
return PSA_PK_TO_MBEDTLS_ERR(destruction_status);
}
- ret = mbedtls_ecp_point_write_binary(&pub_ctx->grp, &pub_ctx->Q,
+ ret = mbedtls_ecp_point_write_binary(&mbedtls_pk_ec_rw(*pub)->grp,
+ &mbedtls_pk_ec_rw(*pub)->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED,
&pub_key_len, pub_key_buf,
sizeof(pub_key_buf));
@@ -1165,6 +1207,7 @@
if (memcmp(prv_key_buf, pub_key_buf, curve_bytes) != 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return 0;
}
@@ -1187,6 +1230,7 @@
#endif
}
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static void *eckey_alloc_wrap(void)
{
void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair));
@@ -1203,13 +1247,20 @@
mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx);
mbedtls_free(ctx);
}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
{
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ items->type = MBEDTLS_PK_DEBUG_PSA_EC;
+ items->name = "eckey.Q";
+ items->value = pk;
+#else
mbedtls_ecp_keypair *ecp = (mbedtls_ecp_keypair *) pk->pk_ctx;
items->type = MBEDTLS_PK_DEBUG_ECP;
items->name = "eckey.Q";
items->value = &(ecp->Q);
+#endif
}
const mbedtls_pk_info_t mbedtls_eckey_info = {
@@ -1234,8 +1285,13 @@
NULL,
NULL,
eckey_check_pair,
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ NULL,
+ NULL,
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
eckey_alloc_wrap,
eckey_free_wrap,
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
eckey_rs_alloc,
eckey_rs_free,
@@ -1266,8 +1322,13 @@
NULL,
NULL,
eckey_check_pair,
- eckey_alloc_wrap, /* Same underlying key structure */
- eckey_free_wrap, /* Same underlying key structure */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ NULL,
+ NULL,
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ eckey_alloc_wrap, /* Same underlying key structure */
+ eckey_free_wrap, /* Same underlying key structure */
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL,
NULL,
@@ -1356,8 +1417,13 @@
NULL,
NULL,
eckey_check_pair, /* Compatible key structures */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ NULL,
+ NULL,
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
eckey_alloc_wrap, /* Compatible key structures */
eckey_free_wrap, /* Compatible key structures */
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
ecdsa_rs_alloc,
ecdsa_rs_free,
@@ -1503,29 +1569,12 @@
#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-static void *pk_opaque_alloc_wrap(void)
-{
- void *ctx = mbedtls_calloc(1, sizeof(mbedtls_svc_key_id_t));
-
- /* no _init() function to call, as calloc() already zeroized */
-
- return ctx;
-}
-
-static void pk_opaque_free_wrap(void *ctx)
-{
- mbedtls_platform_zeroize(ctx, sizeof(mbedtls_svc_key_id_t));
- mbedtls_free(ctx);
-}
-
static size_t pk_opaque_get_bitlen(mbedtls_pk_context *pk)
{
- const mbedtls_svc_key_id_t *key = pk->pk_ctx;
size_t bits;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- if (PSA_SUCCESS != psa_get_key_attributes(*key, &attributes)) {
+ if (PSA_SUCCESS != psa_get_key_attributes(pk->priv_id, &attributes)) {
return 0;
}
@@ -1563,7 +1612,6 @@
((void) p_rng);
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
#else /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */
- const mbedtls_svc_key_id_t *key = pk->pk_ctx;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
psa_key_type_t type;
@@ -1573,7 +1621,7 @@
(void) f_rng;
(void) p_rng;
- status = psa_get_key_attributes(*key, &attributes);
+ status = psa_get_key_attributes(pk->priv_id, &attributes);
if (status != PSA_SUCCESS) {
return PSA_PK_TO_MBEDTLS_ERR(status);
}
@@ -1583,18 +1631,18 @@
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
- alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ alg = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
#if defined(MBEDTLS_RSA_C)
if (PSA_KEY_TYPE_IS_RSA(type)) {
- alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+ alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
} else
#endif /* MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
/* make the signature */
- status = psa_sign_hash(*key, alg, hash, hash_len,
+ status = psa_sign_hash(pk->priv_id, alg, hash, hash_len,
sig, sig_size, sig_len);
if (status != PSA_SUCCESS) {
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
@@ -1621,6 +1669,53 @@
#endif /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */
}
+static int pk_opaque_ec_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
+{
+ /* The main difference between this function and eckey_check_pair_psa() is
+ * that in the opaque case the private key is always stored in PSA side no
+ * matter if MBEDTLS_PK_USE_PSA_EC_DATA is enabled or not.
+ * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we can simply use the
+ * eckey_check_pair_psa(). */
+ (void) f_rng;
+ (void) p_rng;
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ return eckey_check_pair_psa(pub, prv);
+#elif defined(MBEDTLS_ECP_LIGHT)
+ psa_status_t status;
+ uint8_t exp_pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+ size_t exp_pub_key_len = 0;
+ uint8_t pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN];
+ size_t pub_key_len = 0;
+ int ret;
+
+ status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key),
+ &exp_pub_key_len);
+ if (status != PSA_SUCCESS) {
+ ret = psa_pk_status_to_mbedtls(status);
+ return ret;
+ }
+ ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp),
+ &(mbedtls_pk_ec_ro(*pub)->Q),
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &pub_key_len, pub_key, sizeof(pub_key));
+ if (ret != 0) {
+ return ret;
+ }
+ if ((exp_pub_key_len != pub_key_len) ||
+ memcmp(exp_pub_key, pub_key, exp_pub_key_len)) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ return 0;
+#else
+ (void) pub;
+ (void) prv;
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+}
+
const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
MBEDTLS_PK_OPAQUE,
"Opaque",
@@ -1634,9 +1729,9 @@
#endif
NULL, /* decrypt - not relevant */
NULL, /* encrypt - not relevant */
- NULL, /* check_pair - could be done later or left NULL */
- pk_opaque_alloc_wrap,
- pk_opaque_free_wrap,
+ pk_opaque_ec_check_pair,
+ NULL, /* alloc - no need to allocate new data dynamically */
+ NULL, /* free - as for the alloc, there is no data to free */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL, /* restart alloc - not relevant */
NULL, /* restart free - not relevant */
@@ -1650,14 +1745,13 @@
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
- const mbedtls_svc_key_id_t *key = pk->pk_ctx;
psa_status_t status;
/* PSA has its own RNG */
(void) f_rng;
(void) p_rng;
- status = psa_asymmetric_decrypt(*key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ status = psa_asymmetric_decrypt(pk->priv_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
input, ilen,
NULL, 0,
output, osize, olen);
@@ -1687,8 +1781,8 @@
#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
NULL, /* encrypt - will be done later */
NULL, /* check_pair - could be done later or left NULL */
- pk_opaque_alloc_wrap,
- pk_opaque_free_wrap,
+ NULL, /* alloc - no need to allocate new data dynamically */
+ NULL, /* free - as for the alloc, there is no data to free */
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
NULL, /* restart alloc - not relevant */
NULL, /* restart free - not relevant */
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 515d9e1..ce2dcf2 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -39,7 +39,6 @@
#include "mbedtls/des.h"
#endif
-#include "hash_info.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -290,7 +289,7 @@
unsigned char diversifier[128];
unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
- unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
unsigned char *p;
unsigned char c;
int use_password = 0;
@@ -314,7 +313,7 @@
use_password = (pwd && pwdlen != 0);
use_salt = (salt && saltlen != 0);
- hlen = mbedtls_hash_info_get_size(md_type);
+ hlen = mbedtls_md_get_size_from_type(md_type);
if (hlen <= 32) {
v = 64;
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 0f4baf1..94da981 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -44,7 +44,6 @@
#include "mbedtls/platform.h"
-#include "hash_info.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
diff --git a/library/pkparse.c b/library/pkparse.c
index 800e352..07fce5c 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -26,14 +26,19 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "pk_internal.h"
#include <string.h>
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
-#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
+#include "pkwrite.h"
+#endif
+#if defined(MBEDTLS_ECP_LIGHT)
+#include "pk_internal.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
#include "mbedtls/ecdsa.h"
@@ -58,6 +63,12 @@
#include "mbedtls/platform.h"
+/* Helper for Montgomery curves */
+#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \
+ ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448))
+#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */
+
#if defined(MBEDTLS_FS_IO)
/*
* Load all data from a file into a given buffer.
@@ -232,7 +243,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = params->p;
- const unsigned char * const end = params->p + params->len;
+ const unsigned char *const end = params->p + params->len;
const unsigned char *end_field, *end_curve;
size_t len;
int ver;
@@ -404,7 +415,6 @@
mbedtls_mpi_get_bit(&grp->G.Y, 0) == mbedtls_mpi_get_bit(&ref.G.Y, 0)) {
break;
}
-
}
cleanup:
@@ -454,6 +464,29 @@
}
#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+/* Functions pk_use_ecparams() and pk_use_ecparams_rfc8410() update the
+ * ecp_keypair structure with proper group ID. The purpose of this helper
+ * function is to update ec_family and ec_bits accordingly. */
+static int pk_update_psa_ecparams(mbedtls_pk_context *pk,
+ mbedtls_ecp_group_id grp_id)
+{
+ psa_ecc_family_t ec_family;
+ size_t bits;
+
+ ec_family = mbedtls_ecc_group_to_psa(grp_id, &bits);
+
+ if ((pk->ec_family != 0) && (pk->ec_family != ec_family)) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+
+ pk->ec_family = ec_family;
+ pk->ec_bits = bits;
+
+ return 0;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
/*
* Use EC parameters to initialise an EC group
*
@@ -462,7 +495,7 @@
* specifiedCurve SpecifiedECDomain -- = SEQUENCE { ... }
* -- implicitCurve NULL
*/
-static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_ecp_group *grp)
+static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_group_id grp_id;
@@ -481,19 +514,210 @@
#endif
}
- /*
- * grp may already be initialized; if so, make sure IDs match
- */
- if (grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id) {
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ ret = pk_update_psa_ecparams(pk, grp_id);
+#else
+ /* grp may already be initialized; if so, make sure IDs match */
+ if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE &&
+ mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) {
return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
}
- if ((ret = mbedtls_ecp_group_load(grp, grp_id)) != 0) {
+ if ((ret = mbedtls_ecp_group_load(&(mbedtls_pk_ec_rw(*pk)->grp),
+ grp_id)) != 0) {
+ return ret;
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ return ret;
+}
+
+/*
+ * Helper function for deriving a public key from its private counterpart.
+ */
+static int pk_derive_public_key(mbedtls_pk_context *pk,
+ const unsigned char *d, size_t d_len,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
+{
+ int ret;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+ (void) f_rng;
+ (void) p_rng;
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ (void) d;
+ (void) d_len;
+
+ status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw),
+ &pk->pub_raw_len);
+ ret = psa_pk_status_to_mbedtls(status);
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
+ size_t key_len;
+ mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ size_t curve_bits;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits);
+ psa_status_t destruction_status;
+
+ psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+
+ status = psa_import_key(&key_attr, d, d_len, &key_id);
+ ret = psa_pk_status_to_mbedtls(status);
+ if (ret != 0) {
return ret;
}
+ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len);
+ ret = psa_pk_status_to_mbedtls(status);
+ destruction_status = psa_destroy_key(key_id);
+ if (ret != 0) {
+ return ret;
+ } else if (destruction_status != PSA_SUCCESS) {
+ return psa_pk_status_to_mbedtls(destruction_status);
+ }
+ ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len);
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ (void) d;
+ (void) d_len;
+
+ ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G, f_rng, p_rng);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ return ret;
+}
+
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+
+/*
+ * Load an RFC8410 EC key, which doesn't have any parameters
+ */
+static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params,
+ mbedtls_ecp_group_id grp_id,
+ mbedtls_pk_context *pk)
+{
+ int ret;
+
+ if (params->tag != 0 || params->len != 0) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ ret = pk_update_psa_ecparams(pk, grp_id);
+#else
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk);
+ ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id);
+ if (ret != 0) {
+ return ret;
+ }
+#endif
+ return ret;
+}
+
+/*
+ * Parse an RFC 8410 encoded private EC key
+ *
+ * CurvePrivateKey ::= OCTET STRING
+ */
+static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
+ unsigned char *key, size_t keylen, const unsigned char *end,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len;
+
+ if ((ret = mbedtls_asn1_get_tag(&key, (key + keylen), &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
+
+ if (key + len != end) {
+ return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
+ }
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status;
+
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family));
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
+
+ status = psa_import_key(&attributes, key, len, &pk->priv_id);
+ if (status != PSA_SUCCESS) {
+ ret = psa_pk_status_to_mbedtls(status);
+ return ret;
+ }
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
+
+ if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys,
+ * which never contain a public key. As such, derive the public key
+ * unconditionally. */
+ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) {
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_ecp_keypair_free(eck);
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+ return ret;
+ }
+
+ /* When MBEDTLS_PK_USE_PSA_EC_DATA the key is checked while importing it
+ * into PSA. */
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
+ mbedtls_ecp_keypair_free(eck);
+ return ret;
+ }
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+
return 0;
}
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+/*
+ * Create a temporary ecp_keypair for converting an EC point in compressed
+ * format to an uncompressed one
+ */
+static int pk_convert_compressed_ec(mbedtls_pk_context *pk,
+ const unsigned char *in_start, size_t in_len,
+ size_t *out_buf_len, unsigned char *out_buf,
+ size_t out_buf_size)
+{
+ mbedtls_ecp_keypair ecp_key;
+ mbedtls_ecp_group_id ecp_group_id;
+ int ret;
+
+ ecp_group_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0);
+
+ mbedtls_ecp_keypair_init(&ecp_key);
+ ret = mbedtls_ecp_group_load(&(ecp_key.grp), ecp_group_id);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = mbedtls_ecp_point_read_binary(&(ecp_key.grp), &ecp_key.Q,
+ in_start, in_len);
+ if (ret != 0) {
+ goto exit;
+ }
+ ret = mbedtls_ecp_point_write_binary(&(ecp_key.grp), &ecp_key.Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ out_buf_len, out_buf, out_buf_size);
+
+exit:
+ mbedtls_ecp_keypair_free(&ecp_key);
+ return ret;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
* EC public key is an EC point
@@ -503,15 +727,61 @@
* return code of mbedtls_ecp_point_read_binary() and leave p in a usable state.
*/
static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end,
- mbedtls_ecp_keypair *key)
+ mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- if ((ret = mbedtls_ecp_point_read_binary(&key->grp, &key->Q,
- (const unsigned char *) *p, end - *p)) == 0) {
- ret = mbedtls_ecp_check_pubkey(&key->grp, &key->Q);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_svc_key_id_t key;
+ psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
+ size_t len = (end - *p);
+
+ if (len > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Compressed point format are not supported yet by PSA crypto. As a
+ * consequence ecp functions are used to "convert" the point to
+ * uncompressed format */
+ if ((**p == 0x02) || (**p == 0x03)) {
+ ret = pk_convert_compressed_ec(pk, *p, len,
+ &(pk->pub_raw_len), pk->pub_raw,
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
+ if (ret != 0) {
+ return ret;
+ }
+ } else {
+ /* Uncompressed format */
+ if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) {
+ return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
+ }
+ memcpy(pk->pub_raw, *p, (end - *p));
+ pk->pub_raw_len = end - *p;
+ }
+
+ /* Validate the key by trying to importing it */
+ psa_set_key_usage_flags(&key_attrs, 0);
+ psa_set_key_algorithm(&key_attrs, PSA_ALG_ECDSA_ANY);
+ psa_set_key_type(&key_attrs, PSA_KEY_TYPE_ECC_PUBLIC_KEY(pk->ec_family));
+ psa_set_key_bits(&key_attrs, pk->ec_bits);
+
+ if ((psa_import_key(&key_attrs, pk->pub_raw, pk->pub_raw_len,
+ &key) != PSA_SUCCESS) ||
+ (psa_destroy_key(key) != PSA_SUCCESS)) {
+ mbedtls_platform_zeroize(pk->pub_raw, MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN);
+ pk->pub_raw_len = 0;
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ ret = 0;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ mbedtls_ecp_keypair *ec_key = (mbedtls_ecp_keypair *) pk->pk_ctx;
+ if ((ret = mbedtls_ecp_point_read_binary(&ec_key->grp, &ec_key->Q,
+ (const unsigned char *) *p,
+ end - *p)) == 0) {
+ ret = mbedtls_ecp_check_pubkey(&ec_key->grp, &ec_key->Q);
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
/*
* We know mbedtls_ecp_point_read_binary consumed all bytes or failed
*/
@@ -591,7 +861,8 @@
*/
static int pk_get_pk_alg(unsigned char **p,
const unsigned char *end,
- mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params)
+ mbedtls_pk_type_t *pk_alg, mbedtls_asn1_buf *params,
+ mbedtls_ecp_group_id *ec_grp_id)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_asn1_buf alg_oid;
@@ -602,7 +873,18 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_ALG, ret);
}
- if (mbedtls_oid_get_pk_alg(&alg_oid, pk_alg) != 0) {
+ ret = mbedtls_oid_get_pk_alg(&alg_oid, pk_alg);
+#if defined(MBEDTLS_ECP_LIGHT)
+ if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
+ ret = mbedtls_oid_get_ec_grp_algid(&alg_oid, ec_grp_id);
+ if (ret == 0) {
+ *pk_alg = MBEDTLS_PK_ECKEY;
+ }
+ }
+#else
+ (void) ec_grp_id;
+#endif
+ if (ret != 0) {
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
}
@@ -630,6 +912,7 @@
size_t len;
mbedtls_asn1_buf alg_params;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
+ mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
const mbedtls_pk_info_t *pk_info;
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
@@ -639,7 +922,7 @@
end = *p + len;
- if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params)) != 0) {
+ if ((ret = pk_get_pk_alg(p, end, &pk_alg, &alg_params, &ec_grp_id)) != 0) {
return ret;
}
@@ -667,9 +950,16 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) {
- ret = pk_use_ecparams(&alg_params, &mbedtls_pk_ec(*pk)->grp);
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
+ ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk);
+ } else
+#endif
+ {
+ ret = pk_use_ecparams(&alg_params, pk);
+ }
if (ret == 0) {
- ret = pk_get_ecpubkey(p, end, mbedtls_pk_ec(*pk));
+ ret = pk_get_ecpubkey(p, end, pk);
}
} else
#endif /* MBEDTLS_ECP_LIGHT */
@@ -877,71 +1167,26 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Helper function for deriving a public key from its private counterpart by
- * using PSA functions.
- */
-static int pk_derive_public_key(mbedtls_ecp_group *grp, mbedtls_ecp_point *Q,
- const mbedtls_mpi *d)
-{
- psa_status_t status, destruction_status;
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- size_t curve_bits;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id, &curve_bits);
- /* This buffer is used to store the private key at first and then the
- * public one (but not at the same time). Therefore we size it for the
- * latter since it's bigger. */
- unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
- size_t key_len = PSA_BITS_TO_BYTES(curve_bits);
- mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
- int ret;
-
- psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
- psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
-
- ret = mbedtls_mpi_write_binary(d, key_buf, key_len);
- if (ret != 0) {
- return ret;
- }
-
- status = psa_import_key(&key_attr, key_buf, key_len, &key_id);
- ret = psa_pk_status_to_mbedtls(status);
- if (ret != 0) {
- return ret;
- }
-
- mbedtls_platform_zeroize(key_buf, sizeof(key_buf));
-
- status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len);
- ret = psa_pk_status_to_mbedtls(status);
- destruction_status = psa_destroy_key(key_id);
- if (ret != 0) {
- return ret;
- } else if (destruction_status != PSA_SUCCESS) {
- return psa_pk_status_to_mbedtls(destruction_status);
- }
-
- ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
-
- return ret;
-}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
/*
* Parse a SEC1 encoded private EC key
*/
-static int pk_parse_key_sec1_der(mbedtls_ecp_keypair *eck,
+static int pk_parse_key_sec1_der(mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done;
- size_t len;
+ size_t len, d_len;
mbedtls_asn1_buf params = { 0, 0, NULL };
unsigned char *p = (unsigned char *) key;
+ unsigned char *d;
unsigned char *end = p + keylen;
unsigned char *end2;
+ mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status;
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
* RFC 5915, or SEC1 Appendix C.4
@@ -972,10 +1217,15 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
+ d = p;
+ d_len = len;
+
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) {
mbedtls_ecp_keypair_free(eck);
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
}
+#endif
p += len;
@@ -988,7 +1238,7 @@
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
0)) == 0) {
if ((ret = pk_get_ecparams(&p, p + len, ¶ms)) != 0 ||
- (ret = pk_use_ecparams(¶ms, &eck->grp)) != 0) {
+ (ret = pk_use_ecparams(¶ms, pk)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
@@ -1017,7 +1267,7 @@
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- if ((ret = pk_get_ecpubkey(&p, end2, eck)) == 0) {
+ if ((ret = pk_get_ecpubkey(&p, end2, pk)) == 0) {
pubkey_done = 1;
} else {
/*
@@ -1034,27 +1284,40 @@
}
}
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family));
+ /* Setting largest masks for usage and key algorithms */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE |
+ PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE);
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ psa_set_key_algorithm(&attributes,
+ PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH));
+#else
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
+#endif
+ psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH);
+
+ status = psa_import_key(&attributes, d, d_len, &pk->priv_id);
+ if (status != PSA_SUCCESS) {
+ ret = psa_pk_status_to_mbedtls(status);
+ return ret;
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
if (!pubkey_done) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- (void) f_rng;
- (void) p_rng;
- if ((ret = pk_derive_public_key(&eck->grp, &eck->Q, &eck->d)) != 0) {
+ if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
-#else /* MBEDTLS_USE_PSA_CRYPTO */
- if ((ret = mbedtls_ecp_mul(&eck->grp, &eck->Q, &eck->d, &eck->grp.G,
- f_rng, p_rng)) != 0) {
- mbedtls_ecp_keypair_free(eck);
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) {
mbedtls_ecp_keypair_free(eck);
return ret;
}
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
return 0;
}
@@ -1084,9 +1347,10 @@
unsigned char *p = (unsigned char *) key;
unsigned char *end = p + keylen;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
+ mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
const mbedtls_pk_info_t *pk_info;
-#if !defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_ECP_LIGHT)
(void) f_rng;
(void) p_rng;
#endif
@@ -1122,7 +1386,7 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret);
}
- if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms)) != 0) {
+ if ((ret = pk_get_pk_alg(&p, end, &pk_alg, ¶ms, &ec_grp_id)) != 0) {
return ret;
}
@@ -1153,10 +1417,24 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) {
- if ((ret = pk_use_ecparams(¶ms, &mbedtls_pk_ec(*pk)->grp)) != 0 ||
- (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk), p, len, f_rng, p_rng)) != 0) {
- mbedtls_pk_free(pk);
- return ret;
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) {
+ if ((ret =
+ pk_use_ecparams_rfc8410(¶ms, ec_grp_id, pk)) != 0 ||
+ (ret =
+ pk_parse_key_rfc8410_der(pk, p, len, end, f_rng,
+ p_rng)) != 0) {
+ mbedtls_pk_free(pk);
+ return ret;
+ }
+ } else
+#endif
+ {
+ if ((ret = pk_use_ecparams(¶ms, pk)) != 0 ||
+ (ret = pk_parse_key_sec1_der(pk, p, len, f_rng, p_rng)) != 0) {
+ mbedtls_pk_free(pk);
+ return ret;
+ }
}
} else
#endif /* MBEDTLS_ECP_LIGHT */
@@ -1340,7 +1618,7 @@
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
- (ret = pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ (ret = pk_parse_key_sec1_der(pk,
pem.buf, pem.buflen,
f_rng, p_rng)) != 0) {
mbedtls_pk_free(pk);
@@ -1464,18 +1742,18 @@
#if defined(MBEDTLS_ECP_LIGHT)
pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY);
if (mbedtls_pk_setup(pk, pk_info) == 0 &&
- pk_parse_key_sec1_der(mbedtls_pk_ec(*pk),
+ pk_parse_key_sec1_der(pk,
key, keylen, f_rng, p_rng) == 0) {
return 0;
}
mbedtls_pk_free(pk);
#endif /* MBEDTLS_ECP_LIGHT */
- /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_C isn't,
+ /* If MBEDTLS_RSA_C is defined but MBEDTLS_ECP_LIGHT isn't,
* it is ok to leave the PK context initialized but not
* freed: It is the caller's responsibility to call pk_init()
* before calling this function, and to call pk_free()
- * when it fails. If MBEDTLS_ECP_C is defined but MBEDTLS_RSA_C
+ * when it fails. If MBEDTLS_ECP_LIGHT is defined but MBEDTLS_RSA_C
* isn't, this leads to mbedtls_pk_free() being called
* twice, once here and once by the caller, but this is
* also ok and in line with the mbedtls_pk_free() calls
@@ -1557,7 +1835,7 @@
*/
p = pem.buf;
- ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx);
+ ret = mbedtls_pk_parse_subpubkey(&p, p + pem.buflen, ctx);
mbedtls_pem_free(&pem);
return ret;
} else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 3c1a408..218d0c1 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -26,6 +26,7 @@
#include "mbedtls/oid.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "pk_internal.h"
#include <string.h>
@@ -37,7 +38,10 @@
#include "mbedtls/ecp.h"
#include "mbedtls/platform_util.h"
#endif
-#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
+#include "pk_internal.h"
+#endif
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_LIGHT)
#include "pkwrite.h"
#endif
#if defined(MBEDTLS_ECDSA_C)
@@ -53,6 +57,61 @@
#endif
#include "mbedtls/platform.h"
+/* Helper for Montgomery curves */
+#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk)
+{
+ mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk);
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ if (id == MBEDTLS_ECP_DP_CURVE25519) {
+ return 1;
+ }
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ if (id == MBEDTLS_ECP_DP_CURVE448) {
+ return 1;
+ }
+#endif
+ return 0;
+}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/* It is assumed that the input key is opaque */
+static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk)
+{
+ psa_ecc_family_t ec_family = 0;
+ psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT;
+
+ if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) {
+ return 0;
+ }
+ ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs));
+ psa_reset_key_attributes(&key_attrs);
+
+ return ec_family;
+}
+#endif /* MBETLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+#endif /* MBEDTLS_ECP_LIGHT */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/* It is assumed that the input key is opaque */
+static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk)
+{
+ psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t opaque_key_type;
+
+ if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) {
+ return 0;
+ }
+ opaque_key_type = psa_get_key_type(&opaque_attrs);
+ psa_reset_key_attributes(&opaque_attrs);
+
+ return opaque_key_type;
+}
+#endif /* MBETLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_RSA_C)
/*
* RSAPublicKey ::= SEQUENCE {
@@ -61,11 +120,12 @@
* }
*/
static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
- mbedtls_rsa_context *rsa)
+ const mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
mbedtls_mpi T;
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
mbedtls_mpi_init(&T);
@@ -99,20 +159,20 @@
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
-/*
- * EC public key is an EC point
- */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec)
+ const mbedtls_pk_context *pk)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
+ uint8_t buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
- if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED,
- &len, buf, sizeof(buf))) != 0) {
- return ret;
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ } else {
+ len = pk->pub_raw_len;
+ memcpy(buf, pk->pub_raw, len);
}
if (*p < start || (size_t) (*p - start) < len) {
@@ -124,6 +184,47 @@
return (int) len;
}
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
+#else
+ unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ *p -= len;
+ memcpy(*p, buf, len);
+ return (int) len;
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q,
+ MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof(buf))) != 0) {
+ return ret;
+ }
+ }
+
+ if (*p < start || (size_t) (*p - start) < len) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ *p -= len;
+ memcpy(*p, buf, len);
+
+ return (int) len;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/*
* ECParameters ::= CHOICE {
@@ -131,14 +232,14 @@
* }
*/
static int pk_write_ec_param(unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec)
+ mbedtls_ecp_group_id grp_id)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
const char *oid;
size_t oid_len;
- if ((ret = mbedtls_oid_get_oid_by_ec_grp(ec->grp.id, &oid, &oid_len)) != 0) {
+ if ((ret = mbedtls_oid_get_oid_by_ec_grp(grp_id, &oid, &oid_len)) != 0) {
return ret;
}
@@ -150,25 +251,97 @@
/*
* privateKey OCTET STRING -- always of length ceil(log2(n)/8)
*/
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
static int pk_write_ec_private(unsigned char **p, unsigned char *start,
- mbedtls_ecp_keypair *ec)
+ const mbedtls_pk_context *pk)
{
+ size_t byte_length;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t byte_length = (ec->grp.pbits + 7) / 8;
- unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+ unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
+ psa_status_t status;
- ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
- if (ret != 0) {
- goto exit;
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ return ret;
+ }
+ } else {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ goto exit;
+ }
}
- ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
+ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
exit:
- mbedtls_platform_zeroize(tmp, byte_length);
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
return ret;
}
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+static int pk_write_ec_private(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t byte_length;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
+ psa_status_t status;
+#else
+ unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+ return ret;
+ }
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
+ byte_length = (ec->grp.pbits + 7) / 8;
+
+ ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length);
+exit:
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return ret;
+}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
#endif /* MBEDTLS_ECP_LIGHT */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start,
+ const mbedtls_pk_context *pk)
+{
+ size_t buffer_size;
+ size_t len = 0;
+
+ if (*p < start) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ buffer_size = (size_t) (*p - start);
+ if (psa_export_public_key(pk->priv_id, start, buffer_size,
+ &len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
+ *p -= len;
+ memmove(*p, start, len);
+
+ return (int) len;
+}
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
const mbedtls_pk_context *key)
{
@@ -177,31 +350,17 @@
#if defined(MBEDTLS_RSA_C)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key)));
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
} else
#endif
#if defined(MBEDTLS_ECP_LIGHT)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, mbedtls_pk_ec(*key)));
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_pubkey(p, start, key));
} else
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
- size_t buffer_size;
- mbedtls_svc_key_id_t *key_id = (mbedtls_svc_key_id_t *) key->pk_ctx;
-
- if (*p < start) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- buffer_size = (size_t) (*p - start);
- if (psa_export_public_key(*key_id, start, buffer_size, &len)
- != PSA_SUCCESS) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- } else {
- *p -= len;
- memmove(*p, start, len);
- }
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key));
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
@@ -213,8 +372,12 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *c;
- size_t len = 0, par_len = 0, oid_len;
+ int has_par = 1;
+ size_t len = 0, par_len = 0, oid_len = 0;
mbedtls_pk_type_t pk_type;
+#if defined(MBEDTLS_ECP_LIGHT)
+ mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE;
+#endif
const char *oid;
if (size == 0) {
@@ -243,61 +406,56 @@
pk_type = mbedtls_pk_get_type(key);
#if defined(MBEDTLS_ECP_LIGHT)
if (pk_type == MBEDTLS_PK_ECKEY) {
- MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, mbedtls_pk_ec(*key)));
+ ec_grp_id = mbedtls_pk_get_group_id(key);
}
#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (pk_type == MBEDTLS_PK_OPAQUE) {
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- mbedtls_svc_key_id_t key_id;
- psa_ecc_family_t curve;
- size_t bits;
-
- key_id = *((mbedtls_svc_key_id_t *) key->pk_ctx);
- if (PSA_SUCCESS != psa_get_key_attributes(key_id, &attributes)) {
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- }
- key_type = psa_get_key_type(&attributes);
- bits = psa_get_key_bits(&attributes);
- psa_reset_key_attributes(&attributes);
-
- if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) {
- curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type);
- if (curve == 0) {
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- }
-
- ret = mbedtls_psa_get_ecc_oid_from_id(curve, bits,
- &oid, &oid_len);
- if (ret != 0) {
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- }
-
- /* Write EC algorithm parameters; that's akin
- * to pk_write_ec_param() above. */
- MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_oid(&c, buf,
- oid,
- oid_len));
-
- /* The rest of the function works as for legacy EC contexts. */
+ psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
+#if defined(MBEDTLS_ECP_LIGHT)
+ if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) {
pk_type = MBEDTLS_PK_ECKEY;
- } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
+ ec_grp_id = mbedtls_pk_get_group_id(key);
+ } else
+#endif /* MBEDTLS_ECP_LIGHT */
+ if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) {
/* The rest of the function works as for legacy RSA contexts. */
pk_type = MBEDTLS_PK_RSA;
- } else {
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
}
+ /* `pk_type` will have been changed to non-opaque by here if this function can handle it */
+ if (pk_type == MBEDTLS_PK_OPAQUE) {
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
- if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
- &oid_len)) != 0) {
- return ret;
+#if defined(MBEDTLS_ECP_LIGHT)
+ if (pk_type == MBEDTLS_PK_ECKEY) {
+ /* Some groups have their own AlgorithmIdentifier OID, others are handled
+ * by mbedtls_oid_get_oid_by_pk_alg() below */
+ ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len);
+
+ if (ret == 0) {
+ /* Currently, none of the supported algorithms that have their own
+ * AlgorithmIdentifier OID have any parameters */
+ has_par = 0;
+ } else if (ret == MBEDTLS_ERR_OID_NOT_FOUND) {
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id));
+ } else {
+ return ret;
+ }
+ }
+#endif /* MBEDTLS_ECP_LIGHT */
+
+ if (oid_len == 0) {
+ if ((ret = mbedtls_oid_get_oid_by_pk_alg(pk_type, &oid,
+ &oid_len)) != 0) {
+ return ret;
+ }
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(&c, buf, oid, oid_len,
- par_len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(&c, buf, oid, oid_len,
+ par_len, has_par));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
@@ -306,22 +464,140 @@
return (int) len;
}
-int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
+#if defined(MBEDTLS_ECP_LIGHT)
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+/*
+ * RFC8410 section 7
+ *
+ * OneAsymmetricKey ::= SEQUENCE {
+ * version Version,
+ * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ * privateKey PrivateKey,
+ * attributes [0] IMPLICIT Attributes OPTIONAL,
+ * ...,
+ * [[2: publicKey [1] IMPLICIT PublicKey OPTIONAL ]],
+ * ...
+ * }
+ * ...
+ * CurvePrivateKey ::= OCTET STRING
+ */
+static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf,
+ const mbedtls_pk_context *pk)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- unsigned char *c;
size_t len = 0;
+ size_t oid_len = 0;
+ const char *oid;
+ mbedtls_ecp_group_id grp_id;
- if (size == 0) {
+ /* privateKey */
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING));
+
+ grp_id = mbedtls_pk_get_group_id(pk);
+ /* privateKeyAlgorithm */
+ if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) {
+ return ret;
+ }
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0));
+
+ /* version */
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return (int) len;
+}
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+
+/*
+ * RFC 5915, or SEC1 Appendix C.4
+ *
+ * ECPrivateKey ::= SEQUENCE {
+ * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
+ * privateKey OCTET STRING,
+ * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
+ * publicKey [1] BIT STRING OPTIONAL
+ * }
+ */
+static int pk_write_ec_der(unsigned char **p, unsigned char *buf,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+ int ret;
+ size_t pub_len = 0, par_len = 0;
+ mbedtls_ecp_group_id grp_id;
+
+ /* publicKey */
+ MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk));
+
+ if (*p - buf < 1) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
+ (*p)--;
+ **p = 0;
+ pub_len += 1;
- c = buf + size;
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING));
+
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len));
+ MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 1));
+ len += pub_len;
+
+ /* parameters */
+ grp_id = mbedtls_pk_get_group_id(pk);
+ MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id));
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len));
+ MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED | 0));
+ len += par_len;
+
+ /* privateKey */
+ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk));
+
+ /* version */
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1));
+
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ return (int) len;
+}
+#endif /* MBEDTLS_ECP_LIGHT */
#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
+static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
+ const mbedtls_pk_context *pk)
+{
+ size_t len = 0;
+ int ret;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
+ uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
+ size_t tmp_len = 0;
+
+ if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+ *p -= tmp_len;
+ memcpy(*p, tmp, tmp_len);
+ len += tmp_len;
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
mbedtls_mpi T; /* Temporary holding the exported parameters */
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key);
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
/*
* Export the parameters one after another to avoid simultaneous copies.
@@ -331,21 +607,21 @@
/* Export QP */
if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
/* Export DQ */
if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
/* Export DP */
if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -353,7 +629,7 @@
/* Export Q */
if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
&T, NULL, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -361,7 +637,7 @@
/* Export P */
if ((ret = mbedtls_rsa_export(rsa, NULL, &T,
NULL, NULL, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -369,7 +645,7 @@
/* Export D */
if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
NULL, &T, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -377,7 +653,7 @@
/* Export E */
if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
NULL, NULL, &T)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -385,7 +661,7 @@
/* Export N */
if ((ret = mbedtls_rsa_export(rsa, &T, NULL,
NULL, NULL, NULL)) != 0 ||
- (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) {
+ (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
goto end_of_export;
}
len += ret;
@@ -397,67 +673,64 @@
return ret;
}
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c,
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p,
buf, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE));
+ }
+
+ return (int) len;
+}
+#endif /* MBEDTLS_RSA_C */
+
+int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size)
+{
+ unsigned char *c;
+ size_t len = 0;
+#if defined(MBEDTLS_RSA_C)
+ int is_rsa_opaque = 0;
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_LIGHT)
+ int is_ec_opaque = 0;
+#endif /* MBEDTLS_ECP_LIGHT */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_key_type_t opaque_key_type;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (size == 0) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
+
+ c = buf + size;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
+ opaque_key_type = pk_get_opaque_key_type(key);
+#if defined(MBEDTLS_RSA_C)
+ is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_LIGHT)
+ is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
+#endif /* MBEDTLS_ECP_LIGHT */
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_RSA_C)
+ if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) {
+ return pk_write_rsa_der(&c, buf, key);
} else
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_ECP_LIGHT)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*key);
- size_t pub_len = 0, par_len = 0;
-
- /*
- * RFC 5915, or SEC1 Appendix C.4
- *
- * ECPrivateKey ::= SEQUENCE {
- * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
- * privateKey OCTET STRING,
- * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
- * publicKey [1] BIT STRING OPTIONAL
- * }
- */
-
- /* publicKey */
- MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, ec));
-
- if (c - buf < 1) {
- return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ if (mbedtls_pk_is_rfc8410(key)) {
+ return pk_write_ec_rfc8410_der(&c, buf, key);
}
- *--c = 0;
- pub_len += 1;
-
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING));
-
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len));
- MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 1));
- len += pub_len;
-
- /* parameters */
- MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec));
-
- MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len));
- MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf,
- MBEDTLS_ASN1_CONTEXT_SPECIFIC |
- MBEDTLS_ASN1_CONSTRUCTED | 0));
- len += par_len;
-
- /* privateKey */
- MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec));
-
- /* version */
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1));
-
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len));
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED |
- MBEDTLS_ASN1_SEQUENCE));
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+ return pk_write_ec_der(&c, buf, key);
} else
-#endif /* MBEDTLS_ECP_C */
+#endif /* MBEDTLS_ECP_LIGHT */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
return (int) len;
@@ -472,6 +745,8 @@
#define PEM_END_PRIVATE_KEY_RSA "-----END RSA PRIVATE KEY-----\n"
#define PEM_BEGIN_PRIVATE_KEY_EC "-----BEGIN EC PRIVATE KEY-----\n"
#define PEM_END_PRIVATE_KEY_EC "-----END EC PRIVATE KEY-----\n"
+#define PEM_BEGIN_PRIVATE_KEY_PKCS8 "-----BEGIN PRIVATE KEY-----\n"
+#define PEM_END_PRIVATE_KEY_PKCS8 "-----END PRIVATE KEY-----\n"
#define PUB_DER_MAX_BYTES \
(MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES > MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES ? \
@@ -506,21 +781,58 @@
unsigned char output_buf[PRV_DER_MAX_BYTES];
const char *begin, *end;
size_t olen = 0;
+#if defined(MBEDTLS_ECP_LIGHT)
+ int is_ec_opaque = 0;
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ int is_montgomery_opaque = 0;
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+#endif /* MBEDTLS_ECP_LIGHT */
+#if defined(MBEDTLS_RSA_C)
+ int is_rsa_opaque = 0;
+#endif
if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) {
return ret;
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) {
+ psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key);
+
#if defined(MBEDTLS_RSA_C)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
+ is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type);
+#endif
+#if defined(MBEDTLS_ECP_LIGHT)
+ is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type);
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) {
+ is_montgomery_opaque = 1;
+ }
+#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */
+#endif /* MBEDTLS_ECP_LIGHT */
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_RSA_C)
+ if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) {
begin = PEM_BEGIN_PRIVATE_KEY_RSA;
end = PEM_END_PRIVATE_KEY_RSA;
} else
#endif
#if defined(MBEDTLS_ECP_LIGHT)
- if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) {
- begin = PEM_BEGIN_PRIVATE_KEY_EC;
- end = PEM_END_PRIVATE_KEY_EC;
+ if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) {
+#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES)
+ if (is_montgomery_opaque ||
+ ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) &&
+ (mbedtls_pk_is_rfc8410(key)))) {
+ begin = PEM_BEGIN_PRIVATE_KEY_PKCS8;
+ end = PEM_END_PRIVATE_KEY_PKCS8;
+ } else
+#endif
+ {
+ begin = PEM_BEGIN_PRIVATE_KEY_EC;
+ end = PEM_END_PRIVATE_KEY_EC;
+ }
} else
#endif
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
diff --git a/library/pkwrite.h b/library/pkwrite.h
index 8aebd0c..8db2333 100644
--- a/library/pkwrite.h
+++ b/library/pkwrite.h
@@ -73,7 +73,7 @@
#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_ECP_LIGHT)
/*
* EC public keys:
* SubjectPublicKeyInfo ::= SEQUENCE { 1 + 2
@@ -98,11 +98,10 @@
*/
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES (29 + 3 * MBEDTLS_ECP_MAX_BYTES)
-#else /* MBEDTLS_ECP_C */
+#else /* MBEDTLS_ECP_LIGHT */
#define MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES 0
#define MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES 0
-#endif /* MBEDTLS_ECP_C */
-
+#endif /* MBEDTLS_ECP_LIGHT */
#endif /* MBEDTLS_PK_WRITE_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 20918bc..399e7f3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -35,6 +35,7 @@
#include "psa_crypto_invasive.h"
#include "psa_crypto_driver_wrappers.h"
#include "psa_crypto_ecp.h"
+#include "psa_crypto_ffdh.h"
#include "psa_crypto_hash.h"
#include "psa_crypto_mac.h"
#include "psa_crypto_rsa.h"
@@ -81,7 +82,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "hash_info.h"
+#include "md_psa.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
@@ -91,10 +92,6 @@
#define BUILTIN_ALG_ANY_HKDF 1
#endif
-/* The only two JPAKE user/peer identifiers supported for the time being. */
-static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
-static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-
/****************************************************************/
/* Global data, support functions and library management */
/****************************************************************/
@@ -132,6 +129,21 @@
(void) hash_alg;
return global_data.drivers_initialized;
}
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \
+ defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
+static int psa_is_dh_key_size_valid(size_t bits)
+{
+ if (bits != 2048 && bits != 3072 && bits != 4096 &&
+ bits != 6144 && bits != 8192) {
+ return 0;
+ }
+
+ return 1;
+}
+#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR ||
+ MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY ||
+ PSA_WANT_KEY_TYPE_DH_KEY_PAIR */
psa_status_t mbedtls_to_psa_error(int ret)
{
@@ -628,6 +640,20 @@
return PSA_SUCCESS;
} else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) {
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
+ if (PSA_KEY_TYPE_IS_DH(type)) {
+ if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+ return mbedtls_psa_ffdh_import_key(attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length,
+ bits);
+ }
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
if (PSA_KEY_TYPE_IS_ECC(type)) {
@@ -1330,7 +1356,8 @@
if (key_type_is_raw_bytes(type) ||
PSA_KEY_TYPE_IS_RSA(type) ||
- PSA_KEY_TYPE_IS_ECC(type)) {
+ PSA_KEY_TYPE_IS_ECC(type) ||
+ PSA_KEY_TYPE_IS_DH(type)) {
return psa_export_key_buffer_internal(
key_buffer, key_buffer_size,
data, data_size, data_length);
@@ -1396,47 +1423,59 @@
{
psa_key_type_t type = attributes->core.type;
- if (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type)) {
- if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
- /* Exporting public -> public */
- return psa_export_key_buffer_internal(
- key_buffer, key_buffer_size,
- data, data_size, data_length);
- }
-
- if (PSA_KEY_TYPE_IS_RSA(type)) {
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
+ (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) ||
+ PSA_KEY_TYPE_IS_DH(type))) {
+ /* Exporting public -> public */
+ return psa_export_key_buffer_internal(
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+ } else if (PSA_KEY_TYPE_IS_RSA(type)) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_rsa_export_public_key(attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length);
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ return mbedtls_psa_rsa_export_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#else
- /* We don't know how to convert a private RSA key to public. */
- return PSA_ERROR_NOT_SUPPORTED;
+ /* We don't know how to convert a private RSA key to public. */
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
- } else {
+ } else if (PSA_KEY_TYPE_IS_ECC(type)) {
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return mbedtls_psa_ecp_export_public_key(attributes,
- key_buffer,
- key_buffer_size,
- data,
- data_size,
- data_length);
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
+ return mbedtls_psa_ecp_export_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data,
+ data_size,
+ data_length);
#else
- /* We don't know how to convert a private ECC key to public */
- return PSA_ERROR_NOT_SUPPORTED;
+ /* We don't know how to convert a private ECC key to public */
+ return PSA_ERROR_NOT_SUPPORTED;
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) */
- }
+ } else if (PSA_KEY_TYPE_IS_DH(type)) {
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
+ return mbedtls_psa_export_ffdh_public_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ data, data_size,
+ data_length);
+#else
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) ||
+ * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */
} else {
- /* This shouldn't happen in the reference implementation, but
- it is valid for a special-purpose implementation to omit
- support for exporting certain key types. */
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) data;
+ (void) data_size;
+ (void) data_length;
return PSA_ERROR_NOT_SUPPORTED;
}
}
@@ -3571,7 +3610,7 @@
operation->ctx->grp.nbits);
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
operation->alg = alg;
/* We only need to store the same length of hash as the private key size
@@ -4993,7 +5032,8 @@
#if defined(BUILTIN_ALG_ANY_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
#define AT_LEAST_ONE_BUILTIN_KDF
#endif /* At least one builtin KDF */
@@ -5097,6 +5137,17 @@
sizeof(operation->ctx.tls12_ecjpake_to_pms.data));
} else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ if (operation->ctx.pbkdf2.salt != NULL) {
+ mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt,
+ operation->ctx.pbkdf2.salt_length);
+ mbedtls_free(operation->ctx.pbkdf2.salt);
+ }
+
+ status = PSA_SUCCESS;
+ } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */
{
status = PSA_ERROR_BAD_STATE;
}
@@ -5476,6 +5527,15 @@
&operation->ctx.tls12_ecjpake_to_pms, output, output_length);
} else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ /* As output functionality is not added yet return
+ * PSA_ERROR_NOT_SUPPORTED for now if inputs are passed correctly.
+ * If input validation fails operation is aborted and output_bytes
+ * will return PSA_ERROR_BAD_STATE */
+ status = PSA_ERROR_NOT_SUPPORTED;
+ } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
{
(void) kdf_alg;
@@ -5894,6 +5954,11 @@
return 1;
}
#endif
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ return 1;
+ }
+#endif
return 0;
}
@@ -5962,6 +6027,11 @@
return PSA_SUCCESS;
}
#endif
+#if defined(PSA_WANT_ALG_FFDH)
+ if (alg == PSA_ALG_FFDH) {
+ return PSA_SUCCESS;
+ }
+#endif
(void) alg;
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -6382,6 +6452,130 @@
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+static psa_status_t psa_pbkdf2_set_input_cost(
+ psa_pbkdf2_key_derivation_t *pbkdf2,
+ psa_key_derivation_step_t step,
+ uint64_t data)
+{
+ if (step != PSA_KEY_DERIVATION_INPUT_COST) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
+ if (data > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ if (data == 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ pbkdf2->input_cost = data;
+ pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET;
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2,
+ const uint8_t *data,
+ size_t data_length)
+{
+ if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET &&
+ pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
+ if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) {
+ pbkdf2->salt = mbedtls_calloc(1, data_length);
+ if (pbkdf2->salt == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ memcpy(pbkdf2->salt, data, data_length);
+ pbkdf2->salt_length = data_length;
+ } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) {
+ uint8_t *next_salt;
+
+ next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length);
+ if (next_salt == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length);
+ memcpy(next_salt + pbkdf2->salt_length, data, data_length);
+ pbkdf2->salt_length += data_length;
+ mbedtls_free(pbkdf2->salt);
+ pbkdf2->salt = next_salt;
+ }
+
+ pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET;
+
+ return PSA_SUCCESS;
+}
+
+static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg,
+ const uint8_t *input,
+ size_t input_len,
+ uint8_t *output,
+ size_t *output_len)
+{
+ psa_status_t status = PSA_SUCCESS;
+ if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) {
+ status = psa_hash_compute(hash_alg, input, input_len, output,
+ PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len);
+ } else {
+ memcpy(output, input, input_len);
+ *output_len = PSA_HASH_BLOCK_LENGTH(hash_alg);
+ }
+ return status;
+}
+
+static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2,
+ psa_algorithm_t kdf_alg,
+ const uint8_t *data,
+ size_t data_length)
+{
+ psa_status_t status = PSA_SUCCESS;
+ if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) {
+ return PSA_ERROR_BAD_STATE;
+ }
+
+ if (data_length != 0) {
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg);
+ status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length,
+ pbkdf2->password,
+ &pbkdf2->password_length);
+ }
+ }
+
+ pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET;
+
+ return status;
+}
+
+static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2,
+ psa_algorithm_t kdf_alg,
+ psa_key_derivation_step_t step,
+ const uint8_t *data,
+ size_t data_length)
+{
+ switch (step) {
+ case PSA_KEY_DERIVATION_INPUT_SALT:
+ return psa_pbkdf2_set_salt(pbkdf2, data, data_length);
+ case PSA_KEY_DERIVATION_INPUT_PASSWORD:
+ return psa_pbkdf2_set_password(pbkdf2, kdf_alg, data, data_length);
+ default:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+
/** Check whether the given key type is acceptable for the given
* input step of a key derivation.
*
@@ -6423,6 +6617,17 @@
return PSA_SUCCESS;
}
break;
+ case PSA_KEY_DERIVATION_INPUT_PASSWORD:
+ if (key_type == PSA_KEY_TYPE_PASSWORD) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_DERIVE) {
+ return PSA_SUCCESS;
+ }
+ if (key_type == PSA_KEY_TYPE_NONE) {
+ return PSA_SUCCESS;
+ }
+ break;
}
return PSA_ERROR_INVALID_ARGUMENT;
}
@@ -6466,6 +6671,12 @@
&operation->ctx.tls12_ecjpake_to_pms, step, data, data_length);
} else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg,
+ step, data, data_length);
+ } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
{
/* This can't happen unless the operation object was not initialized */
(void) data;
@@ -6481,6 +6692,33 @@
return status;
}
+static psa_status_t psa_key_derivation_input_integer_internal(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ uint64_t value)
+{
+ psa_status_t status;
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation);
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC)
+ if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+ status = psa_pbkdf2_set_input_cost(
+ &operation->ctx.pbkdf2, step, value);
+ } else
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
+ {
+ (void) step;
+ (void) value;
+ (void) kdf_alg;
+ status = PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (status != PSA_SUCCESS) {
+ psa_key_derivation_abort(operation);
+ }
+ return status;
+}
+
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
@@ -6492,6 +6730,14 @@
data, data_length);
}
+psa_status_t psa_key_derivation_input_integer(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ uint64_t value)
+{
+ return psa_key_derivation_input_integer_internal(operation, step, value);
+}
+
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
@@ -6508,9 +6754,10 @@
return status;
}
- /* Passing a key object as a SECRET input unlocks the permission
- * to output to a key object. */
- if (step == PSA_KEY_DERIVATION_INPUT_SECRET) {
+ /* Passing a key object as a SECRET or PASSWORD input unlocks the
+ * permission to output to a key object. */
+ if (step == PSA_KEY_DERIVATION_INPUT_SECRET ||
+ step == PSA_KEY_DERIVATION_INPUT_PASSWORD) {
operation->can_output_key = 1;
}
@@ -6550,6 +6797,19 @@
shared_secret_size,
shared_secret_length);
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
+ case PSA_ALG_FFDH:
+ return mbedtls_psa_key_agreement_ffdh(attributes,
+ peer_key,
+ peer_key_length,
+ key_buffer,
+ key_buffer_size,
+ shared_secret,
+ shared_secret_size,
+ shared_secret_length);
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */
+
default:
(void) attributes;
(void) key_buffer;
@@ -6931,6 +7191,14 @@
return PSA_SUCCESS;
} else
#endif /* defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
+ if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ if (psa_is_dh_key_size_valid(bits) == 0) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ } else
+#endif /* defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) */
{
return PSA_ERROR_NOT_SUPPORTED;
}
@@ -6982,6 +7250,15 @@
key_buffer_length);
} else
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
+ if (PSA_KEY_TYPE_IS_DH(type) && PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
+ return mbedtls_psa_ffdh_generate_key(attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length);
+ } else
+#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) */
{
(void) key_buffer_length;
return PSA_ERROR_NOT_SUPPORTED;
@@ -7208,19 +7485,6 @@
return PSA_SUCCESS;
}
-psa_status_t psa_crypto_driver_pake_get_role(
- const psa_crypto_driver_pake_inputs_t *inputs,
- psa_pake_role_t *role)
-{
- if (inputs->role == PSA_PAKE_ROLE_NONE) {
- return PSA_ERROR_BAD_STATE;
- }
-
- *role = inputs->role;
-
- return PSA_SUCCESS;
-}
-
psa_status_t psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *inputs,
size_t *user_len)
@@ -7296,6 +7560,7 @@
return PSA_SUCCESS;
}
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t psa_pake_setup(
psa_pake_operation_t *operation,
const psa_pake_cipher_suite_t *cipher_suite)
@@ -7415,15 +7680,6 @@
goto exit;
}
- /* Allow only "client" or "server" values (temporary restriction). */
- if ((user_id_len != sizeof(jpake_server_id) ||
- memcmp(user_id, jpake_server_id, user_id_len) != 0) &&
- (user_id_len != sizeof(jpake_client_id) ||
- memcmp(user_id, jpake_client_id, user_id_len) != 0)) {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
operation->data.inputs.user = mbedtls_calloc(1, user_id_len);
if (operation->data.inputs.user == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -7461,15 +7717,6 @@
goto exit;
}
- /* Allow only "client" or "server" values (temporary restriction). */
- if ((peer_id_len != sizeof(jpake_server_id) ||
- memcmp(peer_id, jpake_server_id, peer_id_len) != 0) &&
- (peer_id_len != sizeof(jpake_client_id) ||
- memcmp(peer_id, jpake_client_id, peer_id_len) != 0)) {
- status = PSA_ERROR_NOT_SUPPORTED;
- goto exit;
- }
-
operation->data.inputs.peer = mbedtls_calloc(1, peer_id_len);
if (operation->data.inputs.peer == NULL) {
status = PSA_ERROR_INSUFFICIENT_MEMORY;
@@ -7587,19 +7834,6 @@
if (inputs.user_len == 0 || inputs.peer_len == 0) {
return PSA_ERROR_BAD_STATE;
}
- if (memcmp(inputs.user, jpake_client_id, inputs.user_len) == 0 &&
- memcmp(inputs.peer, jpake_server_id, inputs.peer_len) == 0) {
- inputs.role = PSA_PAKE_ROLE_CLIENT;
- } else
- if (memcmp(inputs.user, jpake_server_id, inputs.user_len) == 0 &&
- memcmp(inputs.peer, jpake_client_id, inputs.peer_len) == 0) {
- inputs.role = PSA_PAKE_ROLE_SERVER;
- }
-
- if (inputs.role != PSA_PAKE_ROLE_CLIENT &&
- inputs.role != PSA_PAKE_ROLE_SERVER) {
- return PSA_ERROR_NOT_SUPPORTED;
- }
}
/* Clear driver context */
@@ -8043,5 +8277,6 @@
return status;
}
+#endif /* PSA_WANT_ALG_SOME_PAKE */
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h
index 7d672d6..cf8fe69 100644
--- a/library/psa_crypto_driver_wrappers.h
+++ b/library/psa_crypto_driver_wrappers.h
@@ -24,6 +24,10 @@
#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+#include "../3rdparty/p256-m/p256-m_driver_entrypoints.h"
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
+
/*
* Initialization and termination functions
*/
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index f70d804..4880208 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -26,7 +26,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_random_impl.h"
-#include "hash_info.h"
+#include "md_psa.h"
#include <stdlib.h>
#include <string.h>
@@ -366,7 +366,7 @@
if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext(
&ecp->grp, &r, &s,
&ecp->d, hash,
diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
new file mode 100644
index 0000000..4550a72
--- /dev/null
+++ b/library/psa_crypto_ffdh.c
@@ -0,0 +1,299 @@
+/*
+ * PSA FFDH layer on top of Mbed TLS crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+
+#include <psa/crypto.h>
+#include "psa_crypto_core.h"
+#include "psa_crypto_ffdh.h"
+#include "psa_crypto_random_impl.h"
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
+static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size,
+ mbedtls_mpi *P,
+ mbedtls_mpi *G)
+{
+ const unsigned char *dhm_P = NULL;
+ const unsigned char *dhm_G = NULL;
+ size_t dhm_size_P = 0;
+ size_t dhm_size_G = 0;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ if (P == NULL && G == NULL) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ static const unsigned char dhm_P_2048[] =
+ MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN;
+ static const unsigned char dhm_P_3072[] =
+ MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN;
+ static const unsigned char dhm_P_4096[] =
+ MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN;
+ static const unsigned char dhm_P_6144[] =
+ MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN;
+ static const unsigned char dhm_P_8192[] =
+ MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN;
+ static const unsigned char dhm_G_2048[] =
+ MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN;
+ static const unsigned char dhm_G_3072[] =
+ MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN;
+ static const unsigned char dhm_G_4096[] =
+ MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN;
+ static const unsigned char dhm_G_6144[] =
+ MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN;
+ static const unsigned char dhm_G_8192[] =
+ MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN;
+
+ switch (key_size) {
+ case sizeof(dhm_P_2048):
+ dhm_P = dhm_P_2048;
+ dhm_G = dhm_G_2048;
+ dhm_size_P = sizeof(dhm_P_2048);
+ dhm_size_G = sizeof(dhm_G_2048);
+ break;
+ case sizeof(dhm_P_3072):
+ dhm_P = dhm_P_3072;
+ dhm_G = dhm_G_3072;
+ dhm_size_P = sizeof(dhm_P_3072);
+ dhm_size_G = sizeof(dhm_G_3072);
+ break;
+ case sizeof(dhm_P_4096):
+ dhm_P = dhm_P_4096;
+ dhm_G = dhm_G_4096;
+ dhm_size_P = sizeof(dhm_P_4096);
+ dhm_size_G = sizeof(dhm_G_4096);
+ break;
+ case sizeof(dhm_P_6144):
+ dhm_P = dhm_P_6144;
+ dhm_G = dhm_G_6144;
+ dhm_size_P = sizeof(dhm_P_6144);
+ dhm_size_G = sizeof(dhm_G_6144);
+ break;
+ case sizeof(dhm_P_8192):
+ dhm_P = dhm_P_8192;
+ dhm_G = dhm_G_8192;
+ dhm_size_P = sizeof(dhm_P_8192);
+ dhm_size_G = sizeof(dhm_G_8192);
+ break;
+ default:
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (P != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(P, dhm_P,
+ dhm_size_P));
+ }
+ if (G != NULL) {
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(G, dhm_G,
+ dhm_size_G));
+ }
+
+cleanup:
+ if (ret != 0) {
+ return mbedtls_to_psa_error(ret);
+ }
+
+ return PSA_SUCCESS;
+}
+#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR ||
+ MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY ||
+ MBEDTLS_PSA_BUILTIN_ALG_FFDH */
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
+psa_status_t mbedtls_psa_export_ffdh_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi GX, G, X, P;
+ psa_key_type_t type = attributes->core.type;
+
+ if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
+ if (key_buffer_size > data_size) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(data, key_buffer, key_buffer_size);
+ memset(data + key_buffer_size, 0,
+ data_size - key_buffer_size);
+ *data_length = key_buffer_size;
+ return PSA_SUCCESS;
+ }
+
+ mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G);
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&P);
+
+ status = mbedtls_psa_ffdh_set_prime_generator(data_size, &P, &G);
+
+ if (status != PSA_SUCCESS) {
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer,
+ key_buffer_size));
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&GX, &G, &X, &P, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&GX, data, data_size));
+
+ *data_length = data_size;
+
+ ret = 0;
+cleanup:
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&G);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&GX);
+
+ if (status == PSA_SUCCESS && ret != 0) {
+ status = mbedtls_to_psa_error(ret);
+ }
+
+ return status;
+}
+
+psa_status_t mbedtls_psa_ffdh_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
+{
+ mbedtls_mpi X, P;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&X);
+ (void) attributes;
+
+ status = mbedtls_psa_ffdh_set_prime_generator(key_buffer_size, &P, NULL);
+
+ if (status != PSA_SUCCESS) {
+ goto cleanup;
+ }
+
+ /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their
+ secret exponent from the range [2, P-2].
+ Select random value in range [3, P-1] and decrease it by 1. */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&X, key_buffer, key_buffer_size));
+ *key_buffer_length = key_buffer_size;
+
+cleanup:
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&X);
+ if (status == PSA_SUCCESS && ret != 0) {
+ return mbedtls_to_psa_error(ret);
+ }
+
+ return status;
+}
+
+psa_status_t mbedtls_psa_ffdh_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data, size_t data_length,
+ uint8_t *key_buffer, size_t key_buffer_size,
+ size_t *key_buffer_length, size_t *bits)
+{
+ (void) attributes;
+
+ if (key_buffer_size < data_length) {
+ return PSA_ERROR_BUFFER_TOO_SMALL;
+ }
+ memcpy(key_buffer, data, data_length);
+ *key_buffer_length = data_length;
+ *bits = PSA_BYTES_TO_BITS(data_length);
+
+ return PSA_SUCCESS;
+}
+
+#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR ||
+ MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */
+
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
+psa_status_t mbedtls_psa_key_agreement_ffdh(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_mpi P, G, X, GY, K;
+ const size_t calculated_shared_secret_size = peer_key_length;
+
+ if (peer_key_length != key_buffer_size ||
+ calculated_shared_secret_size > shared_secret_size) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY);
+ mbedtls_mpi_init(&K);
+
+ status = mbedtls_psa_ffdh_set_prime_generator(
+ PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G);
+
+ if (status != PSA_SUCCESS) {
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer,
+ key_buffer_size));
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key,
+ peer_key_length));
+
+ /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL));
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret,
+ calculated_shared_secret_size));
+
+ *shared_secret_length = calculated_shared_secret_size;
+
+ ret = 0;
+
+cleanup:
+ mbedtls_mpi_free(&P); mbedtls_mpi_free(&G);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY);
+ mbedtls_mpi_free(&K);
+
+ if (status == PSA_SUCCESS && ret != 0) {
+ status = mbedtls_to_psa_error(ret);
+ }
+
+ return status;
+}
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */
+
+#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h
new file mode 100644
index 0000000..5d7d951
--- /dev/null
+++ b/library/psa_crypto_ffdh.h
@@ -0,0 +1,144 @@
+/*
+ * PSA FFDH layer on top of Mbed TLS crypto
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_FFDH_H
+#define PSA_CRYPTO_FFDH_H
+
+#include <psa/crypto.h>
+#include <mbedtls/dhm.h>
+
+/** Perform a key agreement and return the FFDH shared secret.
+ *
+ * \param[in] attributes The attributes of the key to use for the
+ * operation.
+ * \param[in] peer_key The buffer containing the key context
+ * of the peer's public key.
+ * \param[in] peer_key_length Size of the \p peer_key buffer in
+ * bytes.
+ * \param[in] key_buffer The buffer containing the private key
+ * context.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in
+ * bytes.
+ * \param[out] shared_secret The buffer to which the shared secret
+ * is to be written.
+ * \param[in] shared_secret_size Size of the \p shared_secret buffer in
+ * bytes.
+ * \param[out] shared_secret_length On success, the number of bytes that make
+ * up the returned shared secret.
+ * \retval #PSA_SUCCESS
+ * Success. Shared secret successfully calculated.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key_buffer_size, \p peer_key_length, \p shared_secret_size
+ * do not match
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_key_agreement_ffdh(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *peer_key,
+ size_t peer_key_length,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *shared_secret,
+ size_t shared_secret_size,
+ size_t *shared_secret_length);
+
+/** Export a public key or the public part of a DH key pair in binary format.
+ *
+ * \param[in] attributes The attributes for the key to export.
+ * \param[in] key_buffer Material or context of the key to export.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
+ * \param[out] data Buffer where the key data is to be written.
+ * \param[in] data_size Size of the \p data buffer in bytes.
+ * \param[out] data_length On success, the number of bytes written in
+ * \p data
+ *
+ * \retval #PSA_SUCCESS The public key was exported successfully.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of \p key_buffer is too small.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_export_ffdh_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer,
+ size_t key_buffer_size,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
+/**
+ * \brief Generate DH key.
+ *
+ * \note The signature of the function is that of a PSA driver generate_key
+ * entry point.
+ *
+ * \param[in] attributes The attributes for the key to generate.
+ * \param[out] key_buffer Buffer where the key data is to be written.
+ * \param[in] key_buffer_size Size of \p key_buffer in bytes.
+ * \param[out] key_buffer_length On success, the number of bytes written in
+ * \p key_buffer.
+ *
+ * \retval #PSA_SUCCESS
+ * The key was generated successfully.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * Key size in bits is invalid.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of \p key_buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ */
+psa_status_t mbedtls_psa_ffdh_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length);
+
+/**
+ * \brief Import DH key.
+ *
+ * \note The signature of the function is that of a PSA driver import_key
+ * entry point.
+ *
+ * \param[in] attributes The attributes for the key to import.
+ * \param[in] data The buffer containing the key data in import
+ * format.
+ * \param[in] data_length Size of the \p data buffer in bytes.
+ * \param[out] key_buffer The buffer containing the key data in output
+ * format.
+ * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This
+ * size is greater or equal to \p data_length.
+ * \param[out] key_buffer_length The length of the data written in \p
+ * key_buffer in bytes.
+ * \param[out] bits The key size in number of bits.
+ *
+ * \retval #PSA_SUCCESS
+ * The key was generated successfully.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of \p key_buffer is too small.
+ */
+psa_status_t mbedtls_psa_ffdh_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data, size_t data_length,
+ uint8_t *key_buffer, size_t key_buffer_size,
+ size_t *key_buffer_length, size_t *bits);
+
+#endif /* PSA_CRYPTO_FFDH_H */
diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c
index a537184..4136614 100644
--- a/library/psa_crypto_pake.c
+++ b/library/psa_crypto_pake.c
@@ -168,13 +168,11 @@
static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ?
- MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER;
mbedtls_ecjpake_init(&operation->ctx.jpake);
ret = mbedtls_ecjpake_setup(&operation->ctx.jpake,
- role,
+ operation->role,
MBEDTLS_MD_SHA256,
MBEDTLS_ECP_DP_SECP256R1,
operation->password,
@@ -190,21 +188,30 @@
}
#endif
+/* The only two JPAKE user/peer identifiers supported in built-in implementation. */
+static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
+static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
+
psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation,
const psa_crypto_driver_pake_inputs_t *inputs)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t password_len = 0;
- psa_pake_role_t role = PSA_PAKE_ROLE_NONE;
+ size_t user_len = 0, peer_len = 0, password_len = 0;
+ uint8_t *peer = NULL, *user = NULL;
+ size_t actual_user_len = 0, actual_peer_len = 0, actual_password_len = 0;
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- size_t actual_password_len = 0;
status = psa_crypto_driver_pake_get_password_len(inputs, &password_len);
if (status != PSA_SUCCESS) {
return status;
}
- status = psa_crypto_driver_pake_get_role(inputs, &role);
+ psa_crypto_driver_pake_get_user_len(inputs, &user_len);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ psa_crypto_driver_pake_get_peer_len(inputs, &peer_len);
if (status != PSA_SUCCESS) {
return status;
}
@@ -216,7 +223,20 @@
operation->password = mbedtls_calloc(1, password_len);
if (operation->password == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto error;
+ }
+
+ user = mbedtls_calloc(1, user_len);
+ if (user == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto error;
+ }
+
+ peer = mbedtls_calloc(1, peer_len);
+ if (peer == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto error;
}
status = psa_crypto_driver_pake_get_password(inputs, operation->password,
@@ -225,6 +245,18 @@
goto error;
}
+ status = psa_crypto_driver_pake_get_user(inputs, user,
+ user_len, &actual_user_len);
+ if (status != PSA_SUCCESS) {
+ goto error;
+ }
+
+ status = psa_crypto_driver_pake_get_peer(inputs, peer,
+ peer_len, &actual_peer_len);
+ if (status != PSA_SUCCESS) {
+ goto error;
+ }
+
operation->password_len = actual_password_len;
operation->alg = cipher_suite.algorithm;
@@ -238,7 +270,24 @@
goto error;
}
- operation->role = role;
+ const size_t user_peer_len = sizeof(jpake_client_id); // client and server have the same length
+ if (actual_user_len != user_peer_len ||
+ actual_peer_len != user_peer_len) {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto error;
+ }
+
+ if (memcmp(user, jpake_client_id, actual_user_len) == 0 &&
+ memcmp(peer, jpake_server_id, actual_peer_len) == 0) {
+ operation->role = MBEDTLS_ECJPAKE_CLIENT;
+ } else
+ if (memcmp(user, jpake_server_id, actual_user_len) == 0 &&
+ memcmp(peer, jpake_client_id, actual_peer_len) == 0) {
+ operation->role = MBEDTLS_ECJPAKE_SERVER;
+ } else {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ goto error;
+ }
operation->buffer_length = 0;
operation->buffer_offset = 0;
@@ -248,6 +297,9 @@
goto error;
}
+ /* Role has been set, release user/peer buffers. */
+ mbedtls_free(user); mbedtls_free(peer);
+
return PSA_SUCCESS;
} else
#else
@@ -257,6 +309,7 @@
{ status = PSA_ERROR_NOT_SUPPORTED; }
error:
+ mbedtls_free(user); mbedtls_free(peer);
/* In case of failure of the setup of a multipart operation, the PSA driver interface
* specifies that the core does not call any other driver entry point thus does not
* call mbedtls_psa_pake_abort(). Therefore call it here to do the needed clean
@@ -332,7 +385,7 @@
* information is already available.
*/
if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE &&
- operation->role == PSA_PAKE_ROLE_SERVER) {
+ operation->role == MBEDTLS_ECJPAKE_SERVER) {
/* Skip ECParameters, with is 3 bytes (RFC 8422) */
operation->buffer_offset += 3;
}
@@ -423,7 +476,7 @@
* we're a client.
*/
if (step == PSA_JPAKE_X4S_STEP_KEY_SHARE &&
- operation->role == PSA_PAKE_ROLE_CLIENT) {
+ operation->role == MBEDTLS_ECJPAKE_CLIENT) {
/* We only support secp256r1. */
/* This is the ECParameters structure defined by RFC 8422. */
unsigned char ecparameters[3] = {
@@ -541,7 +594,7 @@
#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
if (operation->alg == PSA_ALG_JPAKE) {
- operation->role = PSA_PAKE_ROLE_NONE;
+ operation->role = MBEDTLS_ECJPAKE_NONE;
mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer));
operation->buffer_length = 0;
operation->buffer_offset = 0;
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 3ff589d..ab93146 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -28,6 +28,7 @@
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_hash.h"
+#include "md_psa.h"
#include <stdlib.h>
#include <string.h>
@@ -37,7 +38,6 @@
#include <mbedtls/error.h>
#include <mbedtls/pk.h>
#include "pk_wrap.h"
-#include "hash_info.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
@@ -318,7 +318,7 @@
mbedtls_md_type_t *md_alg)
{
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- *md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ *md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
/* The Mbed TLS RSA module uses an unsigned int for hash length
* parameters. Validate that it fits so that we don't risk an
@@ -332,7 +332,7 @@
if (*md_alg == MBEDTLS_MD_NONE) {
return PSA_ERROR_NOT_SUPPORTED;
}
- if (mbedtls_hash_info_get_size(*md_alg) != hash_length) {
+ if (mbedtls_md_get_size_from_type(*md_alg) != hash_length) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -527,7 +527,7 @@
mbedtls_rsa_context *rsa)
{
psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg);
- mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
}
diff --git a/library/psa_util.c b/library/psa_util.c
index 43a10a3..c354f34 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -33,7 +33,7 @@
/* PSA_SUCCESS is kept at the top of each error table since
* it's the most common status when everything functions properly. */
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_MD_LIGHT)
const mbedtls_error_pair_t psa_to_md_errors[] =
{
{ PSA_SUCCESS, 0 },
diff --git a/library/rsa.c b/library/rsa.c
index 87b3311..8126ae9 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -46,7 +46,7 @@
#include "mbedtls/error.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
-#include "hash_info.h"
+#include "md_psa.h"
#include <string.h>
@@ -478,7 +478,7 @@
if ((padding == MBEDTLS_RSA_PKCS_V21) &&
(hash_id != MBEDTLS_MD_NONE)) {
/* Just make sure this hash is supported in this build. */
- if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) {
+ if (mbedtls_md_info_from_type(hash_id) == NULL) {
return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
@@ -1076,7 +1076,7 @@
unsigned char *p;
unsigned int hlen;
size_t i, use_len;
- unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char mask[MBEDTLS_MD_MAX_SIZE];
int ret = 0;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -1229,7 +1229,7 @@
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1380,7 +1380,7 @@
size_t ilen, i, pad_len;
unsigned char *p, bad, pad_done;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
/*
@@ -1396,7 +1396,7 @@
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1596,7 +1596,7 @@
if (md_alg != MBEDTLS_MD_NONE) {
/* Gather length of hash to sign */
- size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+ size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
if (exp_hashlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1606,7 +1606,7 @@
}
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1744,7 +1744,7 @@
/* Are we signing hashed or raw data? */
if (md_alg != MBEDTLS_MD_NONE) {
- unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
+ unsigned char md_size = mbedtls_md_get_size_from_type(md_alg);
if (md_size == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1966,7 +1966,7 @@
size_t siglen;
unsigned char *p;
unsigned char *hash_start;
- unsigned char result[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char result[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
size_t observed_salt_len, msb;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
@@ -1995,7 +1995,7 @@
if (md_alg != MBEDTLS_MD_NONE) {
/* Gather length of hash to sign */
- size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+ size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
if (exp_hashlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -2005,7 +2005,7 @@
}
}
- hlen = mbedtls_hash_info_get_size(mgf1_hash_id);
+ hlen = mbedtls_md_get_size_from_type(mgf1_hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
diff --git a/library/sha256.c b/library/sha256.c
index 08822f4..169229c 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -399,6 +399,8 @@
SHA256_BLOCK_SIZE) ? 0 : -1;
}
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
#if defined(MBEDTLS_POP_TARGET_PRAGMA)
#if defined(__clang__)
#pragma clang attribute pop
@@ -408,8 +410,6 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
-
#if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
#define mbedtls_internal_sha256_process_many_c mbedtls_internal_sha256_process_many
#define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process
diff --git a/library/sha3.c b/library/sha3.c
new file mode 100644
index 0000000..4b97a85
--- /dev/null
+++ b/library/sha3.c
@@ -0,0 +1,631 @@
+/*
+ * FIPS-202 compliant SHA3 implementation
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * The SHA-3 Secure Hash Standard was published by NIST in 2015.
+ *
+ * https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.202.pdf
+ */
+
+#include "common.h"
+
+#if defined(MBEDTLS_SHA3_C)
+
+#include "mbedtls/sha3.h"
+#include "mbedtls/platform_util.h"
+#include "mbedtls/error.h"
+
+#include <string.h>
+
+#if defined(MBEDTLS_SELF_TEST)
+#include "mbedtls/platform.h"
+#endif /* MBEDTLS_SELF_TEST */
+
+#define XOR_BYTE 0x6
+
+typedef struct mbedtls_sha3_family_functions {
+ mbedtls_sha3_id id;
+
+ uint16_t r;
+ uint16_t olen;
+}
+mbedtls_sha3_family_functions;
+
+/*
+ * List of supported SHA-3 families
+ */
+static mbedtls_sha3_family_functions sha3_families[] = {
+ { MBEDTLS_SHA3_224, 1152, 224 },
+ { MBEDTLS_SHA3_256, 1088, 256 },
+ { MBEDTLS_SHA3_384, 832, 384 },
+ { MBEDTLS_SHA3_512, 576, 512 },
+ { MBEDTLS_SHA3_NONE, 0, 0 }
+};
+
+static const uint64_t rc[24] = {
+ 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000,
+ 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
+ 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
+ 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003,
+ 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a,
+ 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
+};
+
+static const uint8_t rho[24] = {
+ 1, 62, 28, 27, 36, 44, 6, 55, 20,
+ 3, 10, 43, 25, 39, 41, 45, 15,
+ 21, 8, 18, 2, 61, 56, 14
+};
+
+static const uint8_t pi[24] = {
+ 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
+ 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1,
+};
+
+#define ROT64(x, y) (((x) << (y)) | ((x) >> (64U - (y))))
+#define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3); \
+} while (0)
+#define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3)))
+#define SWAP(x, y) do { uint64_t tmp = (x); (x) = (y); (y) = tmp; } while (0)
+
+/* The permutation function. */
+static void keccak_f1600(mbedtls_sha3_context *ctx)
+{
+ uint64_t lane[5];
+ uint64_t *s = ctx->state;
+ int i;
+
+ for (int round = 0; round < 24; round++) {
+ uint64_t t;
+
+ /* Theta */
+ lane[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20];
+ lane[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21];
+ lane[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22];
+ lane[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23];
+ lane[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24];
+
+ t = lane[4] ^ ROT64(lane[1], 1);
+ s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t;
+
+ t = lane[0] ^ ROT64(lane[2], 1);
+ s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t;
+
+ t = lane[1] ^ ROT64(lane[3], 1);
+ s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t;
+
+ t = lane[2] ^ ROT64(lane[4], 1);
+ s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t;
+
+ t = lane[3] ^ ROT64(lane[0], 1);
+ s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t;
+
+ /* Rho */
+ for (i = 1; i < 25; i++) {
+ s[i] = ROT64(s[i], rho[i-1]);
+ }
+
+ /* Pi */
+ t = s[1];
+ for (i = 0; i < 24; i++) {
+ SWAP(s[pi[i]], t);
+ }
+
+ /* Chi */
+ lane[0] = s[0]; lane[1] = s[1]; lane[2] = s[2]; lane[3] = s[3]; lane[4] = s[4];
+ s[0] ^= (~lane[1]) & lane[2];
+ s[1] ^= (~lane[2]) & lane[3];
+ s[2] ^= (~lane[3]) & lane[4];
+ s[3] ^= (~lane[4]) & lane[0];
+ s[4] ^= (~lane[0]) & lane[1];
+
+ lane[0] = s[5]; lane[1] = s[6]; lane[2] = s[7]; lane[3] = s[8]; lane[4] = s[9];
+ s[5] ^= (~lane[1]) & lane[2];
+ s[6] ^= (~lane[2]) & lane[3];
+ s[7] ^= (~lane[3]) & lane[4];
+ s[8] ^= (~lane[4]) & lane[0];
+ s[9] ^= (~lane[0]) & lane[1];
+
+ lane[0] = s[10]; lane[1] = s[11]; lane[2] = s[12]; lane[3] = s[13]; lane[4] = s[14];
+ s[10] ^= (~lane[1]) & lane[2];
+ s[11] ^= (~lane[2]) & lane[3];
+ s[12] ^= (~lane[3]) & lane[4];
+ s[13] ^= (~lane[4]) & lane[0];
+ s[14] ^= (~lane[0]) & lane[1];
+
+ lane[0] = s[15]; lane[1] = s[16]; lane[2] = s[17]; lane[3] = s[18]; lane[4] = s[19];
+ s[15] ^= (~lane[1]) & lane[2];
+ s[16] ^= (~lane[2]) & lane[3];
+ s[17] ^= (~lane[3]) & lane[4];
+ s[18] ^= (~lane[4]) & lane[0];
+ s[19] ^= (~lane[0]) & lane[1];
+
+ lane[0] = s[20]; lane[1] = s[21]; lane[2] = s[22]; lane[3] = s[23]; lane[4] = s[24];
+ s[20] ^= (~lane[1]) & lane[2];
+ s[21] ^= (~lane[2]) & lane[3];
+ s[22] ^= (~lane[3]) & lane[4];
+ s[23] ^= (~lane[4]) & lane[0];
+ s[24] ^= (~lane[0]) & lane[1];
+
+ /* Iota */
+ s[0] ^= rc[round];
+ }
+}
+
+void mbedtls_sha3_init(mbedtls_sha3_context *ctx)
+{
+ memset(ctx, 0, sizeof(mbedtls_sha3_context));
+}
+
+void mbedtls_sha3_free(mbedtls_sha3_context *ctx)
+{
+ if (ctx == NULL) {
+ return;
+ }
+
+ mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context));
+}
+
+void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
+ const mbedtls_sha3_context *src)
+{
+ *dst = *src;
+}
+
+/*
+ * SHA-3 context setup
+ */
+int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
+{
+ mbedtls_sha3_family_functions *p = NULL;
+
+ for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) {
+ if (p->id == id) {
+ break;
+ }
+ }
+
+ if (p == NULL || p->id == MBEDTLS_SHA3_NONE) {
+ return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ }
+
+ ctx->olen = p->olen / 8;
+ ctx->max_block_size = p->r / 8;
+
+ memset(ctx->state, 0, sizeof(ctx->state));
+ ctx->index = 0;
+
+ return 0;
+}
+
+/*
+ * SHA-3 process buffer
+ */
+int mbedtls_sha3_update(mbedtls_sha3_context *ctx,
+ const uint8_t *input,
+ size_t ilen)
+{
+ if (ilen >= 8) {
+ // 8-byte align index
+ int align_bytes = 8 - (ctx->index % 8);
+ if (align_bytes) {
+ for (; align_bytes > 0; align_bytes--) {
+ ABSORB(ctx, ctx->index, *input++);
+ ilen--;
+ ctx->index++;
+ }
+ if ((ctx->index = ctx->index % ctx->max_block_size) == 0) {
+ keccak_f1600(ctx);
+ }
+ }
+
+ // process input in 8-byte chunks
+ while (ilen >= 8) {
+ ABSORB(ctx, ctx->index, MBEDTLS_GET_UINT64_LE(input, 0));
+ input += 8;
+ ilen -= 8;
+ if ((ctx->index = (ctx->index + 8) % ctx->max_block_size) == 0) {
+ keccak_f1600(ctx);
+ }
+ }
+ }
+
+ // handle remaining bytes
+ while (ilen-- > 0) {
+ ABSORB(ctx, ctx->index, *input++);
+ if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) {
+ keccak_f1600(ctx);
+ }
+ }
+
+ return 0;
+}
+
+int mbedtls_sha3_finish(mbedtls_sha3_context *ctx,
+ uint8_t *output, size_t olen)
+{
+ /* Catch SHA-3 families, with fixed output length */
+ if (ctx->olen > 0) {
+ if (ctx->olen > olen) {
+ return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
+ }
+ olen = ctx->olen;
+ }
+
+ ABSORB(ctx, ctx->index, XOR_BYTE);
+ ABSORB(ctx, ctx->max_block_size - 1, 0x80);
+ keccak_f1600(ctx);
+ ctx->index = 0;
+
+ while (olen-- > 0) {
+ *output++ = SQUEEZE(ctx, ctx->index);
+
+ if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) {
+ keccak_f1600(ctx);
+ }
+ }
+
+ return 0;
+}
+
+/*
+ * output = SHA-3( input buffer )
+ */
+int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input,
+ size_t ilen, uint8_t *output, size_t olen)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_sha3_context ctx;
+
+ mbedtls_sha3_init(&ctx);
+
+ /* Sanity checks are performed in every mbedtls_sha3_xxx() */
+ if ((ret = mbedtls_sha3_starts(&ctx, id)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_sha3_update(&ctx, input, ilen)) != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_sha3_finish(&ctx, output, olen)) != 0) {
+ goto exit;
+ }
+
+exit:
+ mbedtls_sha3_free(&ctx);
+
+ return ret;
+}
+
+/**************** Self-tests ****************/
+
+#if defined(MBEDTLS_SELF_TEST)
+
+static const unsigned char test_data[2][4] =
+{
+ "",
+ "abc",
+};
+
+static const size_t test_data_len[2] =
+{
+ 0, /* "" */
+ 3 /* "abc" */
+};
+
+static const unsigned char test_hash_sha3_224[2][28] =
+{
+ { /* "" */
+ 0x6B, 0x4E, 0x03, 0x42, 0x36, 0x67, 0xDB, 0xB7,
+ 0x3B, 0x6E, 0x15, 0x45, 0x4F, 0x0E, 0xB1, 0xAB,
+ 0xD4, 0x59, 0x7F, 0x9A, 0x1B, 0x07, 0x8E, 0x3F,
+ 0x5B, 0x5A, 0x6B, 0xC7
+ },
+ { /* "abc" */
+ 0xE6, 0x42, 0x82, 0x4C, 0x3F, 0x8C, 0xF2, 0x4A,
+ 0xD0, 0x92, 0x34, 0xEE, 0x7D, 0x3C, 0x76, 0x6F,
+ 0xC9, 0xA3, 0xA5, 0x16, 0x8D, 0x0C, 0x94, 0xAD,
+ 0x73, 0xB4, 0x6F, 0xDF
+ }
+};
+
+static const unsigned char test_hash_sha3_256[2][32] =
+{
+ { /* "" */
+ 0xA7, 0xFF, 0xC6, 0xF8, 0xBF, 0x1E, 0xD7, 0x66,
+ 0x51, 0xC1, 0x47, 0x56, 0xA0, 0x61, 0xD6, 0x62,
+ 0xF5, 0x80, 0xFF, 0x4D, 0xE4, 0x3B, 0x49, 0xFA,
+ 0x82, 0xD8, 0x0A, 0x4B, 0x80, 0xF8, 0x43, 0x4A
+ },
+ { /* "abc" */
+ 0x3A, 0x98, 0x5D, 0xA7, 0x4F, 0xE2, 0x25, 0xB2,
+ 0x04, 0x5C, 0x17, 0x2D, 0x6B, 0xD3, 0x90, 0xBD,
+ 0x85, 0x5F, 0x08, 0x6E, 0x3E, 0x9D, 0x52, 0x5B,
+ 0x46, 0xBF, 0xE2, 0x45, 0x11, 0x43, 0x15, 0x32
+ }
+};
+
+static const unsigned char test_hash_sha3_384[2][48] =
+{
+ { /* "" */
+ 0x0C, 0x63, 0xA7, 0x5B, 0x84, 0x5E, 0x4F, 0x7D,
+ 0x01, 0x10, 0x7D, 0x85, 0x2E, 0x4C, 0x24, 0x85,
+ 0xC5, 0x1A, 0x50, 0xAA, 0xAA, 0x94, 0xFC, 0x61,
+ 0x99, 0x5E, 0x71, 0xBB, 0xEE, 0x98, 0x3A, 0x2A,
+ 0xC3, 0x71, 0x38, 0x31, 0x26, 0x4A, 0xDB, 0x47,
+ 0xFB, 0x6B, 0xD1, 0xE0, 0x58, 0xD5, 0xF0, 0x04
+ },
+ { /* "abc" */
+ 0xEC, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6F, 0xC9,
+ 0x26, 0x45, 0x9F, 0x58, 0xE2, 0xC6, 0xAD, 0x8D,
+ 0xF9, 0xB4, 0x73, 0xCB, 0x0F, 0xC0, 0x8C, 0x25,
+ 0x96, 0xDA, 0x7C, 0xF0, 0xE4, 0x9B, 0xE4, 0xB2,
+ 0x98, 0xD8, 0x8C, 0xEA, 0x92, 0x7A, 0xC7, 0xF5,
+ 0x39, 0xF1, 0xED, 0xF2, 0x28, 0x37, 0x6D, 0x25
+ }
+};
+
+static const unsigned char test_hash_sha3_512[2][64] =
+{
+ { /* "" */
+ 0xA6, 0x9F, 0x73, 0xCC, 0xA2, 0x3A, 0x9A, 0xC5,
+ 0xC8, 0xB5, 0x67, 0xDC, 0x18, 0x5A, 0x75, 0x6E,
+ 0x97, 0xC9, 0x82, 0x16, 0x4F, 0xE2, 0x58, 0x59,
+ 0xE0, 0xD1, 0xDC, 0xC1, 0x47, 0x5C, 0x80, 0xA6,
+ 0x15, 0xB2, 0x12, 0x3A, 0xF1, 0xF5, 0xF9, 0x4C,
+ 0x11, 0xE3, 0xE9, 0x40, 0x2C, 0x3A, 0xC5, 0x58,
+ 0xF5, 0x00, 0x19, 0x9D, 0x95, 0xB6, 0xD3, 0xE3,
+ 0x01, 0x75, 0x85, 0x86, 0x28, 0x1D, 0xCD, 0x26
+ },
+ { /* "abc" */
+ 0xB7, 0x51, 0x85, 0x0B, 0x1A, 0x57, 0x16, 0x8A,
+ 0x56, 0x93, 0xCD, 0x92, 0x4B, 0x6B, 0x09, 0x6E,
+ 0x08, 0xF6, 0x21, 0x82, 0x74, 0x44, 0xF7, 0x0D,
+ 0x88, 0x4F, 0x5D, 0x02, 0x40, 0xD2, 0x71, 0x2E,
+ 0x10, 0xE1, 0x16, 0xE9, 0x19, 0x2A, 0xF3, 0xC9,
+ 0x1A, 0x7E, 0xC5, 0x76, 0x47, 0xE3, 0x93, 0x40,
+ 0x57, 0x34, 0x0B, 0x4C, 0xF4, 0x08, 0xD5, 0xA5,
+ 0x65, 0x92, 0xF8, 0x27, 0x4E, 0xEC, 0x53, 0xF0
+ }
+};
+
+static const unsigned char long_kat_hash_sha3_224[28] =
+{
+ 0xD6, 0x93, 0x35, 0xB9, 0x33, 0x25, 0x19, 0x2E,
+ 0x51, 0x6A, 0x91, 0x2E, 0x6D, 0x19, 0xA1, 0x5C,
+ 0xB5, 0x1C, 0x6E, 0xD5, 0xC1, 0x52, 0x43, 0xE7,
+ 0xA7, 0xFD, 0x65, 0x3C
+};
+
+static const unsigned char long_kat_hash_sha3_256[32] =
+{
+ 0x5C, 0x88, 0x75, 0xAE, 0x47, 0x4A, 0x36, 0x34,
+ 0xBA, 0x4F, 0xD5, 0x5E, 0xC8, 0x5B, 0xFF, 0xD6,
+ 0x61, 0xF3, 0x2A, 0xCA, 0x75, 0xC6, 0xD6, 0x99,
+ 0xD0, 0xCD, 0xCB, 0x6C, 0x11, 0x58, 0x91, 0xC1
+};
+
+static const unsigned char long_kat_hash_sha3_384[48] =
+{
+ 0xEE, 0xE9, 0xE2, 0x4D, 0x78, 0xC1, 0x85, 0x53,
+ 0x37, 0x98, 0x34, 0x51, 0xDF, 0x97, 0xC8, 0xAD,
+ 0x9E, 0xED, 0xF2, 0x56, 0xC6, 0x33, 0x4F, 0x8E,
+ 0x94, 0x8D, 0x25, 0x2D, 0x5E, 0x0E, 0x76, 0x84,
+ 0x7A, 0xA0, 0x77, 0x4D, 0xDB, 0x90, 0xA8, 0x42,
+ 0x19, 0x0D, 0x2C, 0x55, 0x8B, 0x4B, 0x83, 0x40
+};
+
+static const unsigned char long_kat_hash_sha3_512[64] =
+{
+ 0x3C, 0x3A, 0x87, 0x6D, 0xA1, 0x40, 0x34, 0xAB,
+ 0x60, 0x62, 0x7C, 0x07, 0x7B, 0xB9, 0x8F, 0x7E,
+ 0x12, 0x0A, 0x2A, 0x53, 0x70, 0x21, 0x2D, 0xFF,
+ 0xB3, 0x38, 0x5A, 0x18, 0xD4, 0xF3, 0x88, 0x59,
+ 0xED, 0x31, 0x1D, 0x0A, 0x9D, 0x51, 0x41, 0xCE,
+ 0x9C, 0xC5, 0xC6, 0x6E, 0xE6, 0x89, 0xB2, 0x66,
+ 0xA8, 0xAA, 0x18, 0xAC, 0xE8, 0x28, 0x2A, 0x0E,
+ 0x0D, 0xB5, 0x96, 0xC9, 0x0B, 0x0A, 0x7B, 0x87
+};
+
+static int mbedtls_sha3_kat_test(int verbose,
+ const char *type_name,
+ mbedtls_sha3_id id,
+ int test_num)
+{
+ uint8_t hash[64];
+ int result;
+
+ result = mbedtls_sha3(id,
+ test_data[test_num], test_data_len[test_num],
+ hash, sizeof(hash));
+ if (result != 0) {
+ if (verbose != 0) {
+ mbedtls_printf(" %s test %d error code: %d\n",
+ type_name, test_num, result);
+ }
+
+ return result;
+ }
+
+ switch (id) {
+ case MBEDTLS_SHA3_224:
+ result = memcmp(hash, test_hash_sha3_224[test_num], 28);
+ break;
+ case MBEDTLS_SHA3_256:
+ result = memcmp(hash, test_hash_sha3_256[test_num], 32);
+ break;
+ case MBEDTLS_SHA3_384:
+ result = memcmp(hash, test_hash_sha3_384[test_num], 48);
+ break;
+ case MBEDTLS_SHA3_512:
+ result = memcmp(hash, test_hash_sha3_512[test_num], 64);
+ break;
+ default:
+ break;
+ }
+
+ if (0 != result) {
+ if (verbose != 0) {
+ mbedtls_printf(" %s test %d failed\n", type_name, test_num);
+ }
+
+ return -1;
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf(" %s test %d passed\n", type_name, test_num);
+ }
+
+ return 0;
+}
+
+static int mbedtls_sha3_long_kat_test(int verbose,
+ const char *type_name,
+ mbedtls_sha3_id id)
+{
+ mbedtls_sha3_context ctx;
+ unsigned char buffer[1000];
+ unsigned char hash[64];
+ int result = 0;
+
+ memset(buffer, 'a', 1000);
+
+ if (verbose != 0) {
+ mbedtls_printf(" %s long KAT test ", type_name);
+ }
+
+ mbedtls_sha3_init(&ctx);
+
+ result = mbedtls_sha3_starts(&ctx, id);
+ if (result != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("setup failed\n ");
+ }
+ }
+
+ /* Process 1,000,000 (one million) 'a' characters */
+ for (int i = 0; i < 1000; i++) {
+ result = mbedtls_sha3_update(&ctx, buffer, 1000);
+ if (result != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("update error code: %i\n", result);
+ }
+
+ goto cleanup;
+ }
+ }
+
+ result = mbedtls_sha3_finish(&ctx, hash, sizeof(hash));
+ if (result != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("finish error code: %d\n", result);
+ }
+
+ goto cleanup;
+ }
+
+ switch (id) {
+ case MBEDTLS_SHA3_224:
+ result = memcmp(hash, long_kat_hash_sha3_224, 28);
+ break;
+ case MBEDTLS_SHA3_256:
+ result = memcmp(hash, long_kat_hash_sha3_256, 32);
+ break;
+ case MBEDTLS_SHA3_384:
+ result = memcmp(hash, long_kat_hash_sha3_384, 48);
+ break;
+ case MBEDTLS_SHA3_512:
+ result = memcmp(hash, long_kat_hash_sha3_512, 64);
+ break;
+ default:
+ break;
+ }
+
+ if (result != 0) {
+ if (verbose != 0) {
+ mbedtls_printf("failed\n");
+ }
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf("passed\n");
+ }
+
+cleanup:
+ mbedtls_sha3_free(&ctx);
+ return result;
+}
+
+int mbedtls_sha3_self_test(int verbose)
+{
+ int i;
+
+ /* SHA-3 Known Answer Tests (KAT) */
+ for (i = 0; i < 2; i++) {
+ if (0 != mbedtls_sha3_kat_test(verbose,
+ "SHA3-224", MBEDTLS_SHA3_224, i)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_kat_test(verbose,
+ "SHA3-256", MBEDTLS_SHA3_256, i)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_kat_test(verbose,
+ "SHA3-384", MBEDTLS_SHA3_384, i)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_kat_test(verbose,
+ "SHA3-512", MBEDTLS_SHA3_512, i)) {
+ return 1;
+ }
+ }
+
+ /* SHA-3 long KAT tests */
+ if (0 != mbedtls_sha3_long_kat_test(verbose,
+ "SHA3-224", MBEDTLS_SHA3_224)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_long_kat_test(verbose,
+ "SHA3-256", MBEDTLS_SHA3_256)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_long_kat_test(verbose,
+ "SHA3-384", MBEDTLS_SHA3_384)) {
+ return 1;
+ }
+
+ if (0 != mbedtls_sha3_long_kat_test(verbose,
+ "SHA3-512", MBEDTLS_SHA3_512)) {
+ return 1;
+ }
+
+ if (verbose != 0) {
+ mbedtls_printf("\n");
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_SELF_TEST */
+
+#endif /* MBEDTLS_SHA3_C */
diff --git a/library/sha512.c b/library/sha512.c
index 67acfee..b8b2485 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -569,6 +569,8 @@
SHA512_BLOCK_SIZE) ? 0 : -1;
}
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
#if defined(MBEDTLS_POP_TARGET_PRAGMA)
#if defined(__clang__)
#pragma clang attribute pop
@@ -578,8 +580,6 @@
#undef MBEDTLS_POP_TARGET_PRAGMA
#endif
-#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
-
#if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
#define mbedtls_internal_sha512_process_many_c mbedtls_internal_sha512_process_many
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9cef3fe..793ec6a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -28,6 +28,9 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
+#endif
#include <string.h>
@@ -1966,10 +1969,10 @@
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return PSA_ALG_RSA_PKCS1V15_SIGN(
- mbedtls_hash_info_psa_from_md(info->mac));
+ mbedtls_md_psa_alg_from_type(info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac));
+ return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index ba25389..ae7a420 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -36,6 +36,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
@@ -114,7 +115,7 @@
(void) f_rng;
(void) p_rng;
- alg = mbedtls_hash_info_psa_from_md(COOKIE_MD);
+ alg = mbedtls_md_psa_alg_from_type(COOKIE_MD);
if (alg == 0) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -364,10 +365,7 @@
cur_time = ctx->serial;
#endif
- cookie_time = ((unsigned long) cookie[0] << 24) |
- ((unsigned long) cookie[1] << 16) |
- ((unsigned long) cookie[2] << 8) |
- ((unsigned long) cookie[3]);
+ cookie_time = (unsigned long) MBEDTLS_GET_UINT32_BE(cookie, 0);
if (ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout) {
ret = -1;
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d7c47e6..2d6d7ba 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -30,7 +30,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "hash_info.h"
#endif
#if defined(MBEDTLS_MD_CAN_MD5)
@@ -55,6 +54,7 @@
#endif
#include "mbedtls/pk.h"
+#include "pk_internal.h"
#include "common.h"
/* Shorthand for restartable ECC */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 331bb79..f0067f4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -41,6 +41,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
@@ -843,11 +844,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha256);
@@ -868,11 +869,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha384);
@@ -910,7 +911,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
@@ -923,7 +924,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
@@ -940,8 +941,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return PSA_TO_MD_ERR(psa_hash_update(
- &ssl->handshake->fin_sha256_psa, buf, len));
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha256_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
#endif
@@ -953,8 +954,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return PSA_TO_MD_ERR(psa_hash_update(
- &ssl->handshake->fin_sha384_psa, buf, len));
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha384_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
#endif
@@ -1155,8 +1156,7 @@
size_t length;
const mbedtls_ecp_group_id *curve_list = ssl->conf->curve_list;
- for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE) &&
- (length < MBEDTLS_ECP_DP_MAX); length++) {
+ for (length = 0; (curve_list[length] != MBEDTLS_ECP_DP_NONE); length++) {
}
/* Leave room for zero termination */
@@ -4613,10 +4613,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session_len = ((size_t) p[0] << 24) |
- ((size_t) p[1] << 16) |
- ((size_t) p[2] << 8) |
- ((size_t) p[3]);
+ session_len = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
/* This has been allocated by ssl_handshake_init(), called by
@@ -4711,10 +4708,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- ssl->badmac_seen = ((uint32_t) p[0] << 24) |
- ((uint32_t) p[1] << 16) |
- ((uint32_t) p[2] << 8) |
- ((uint32_t) p[3]);
+ ssl->badmac_seen = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -4722,24 +4716,10 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- ssl->in_window_top = ((uint64_t) p[0] << 56) |
- ((uint64_t) p[1] << 48) |
- ((uint64_t) p[2] << 40) |
- ((uint64_t) p[3] << 32) |
- ((uint64_t) p[4] << 24) |
- ((uint64_t) p[5] << 16) |
- ((uint64_t) p[6] << 8) |
- ((uint64_t) p[7]);
+ ssl->in_window_top = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
- ssl->in_window = ((uint64_t) p[0] << 56) |
- ((uint64_t) p[1] << 48) |
- ((uint64_t) p[2] << 40) |
- ((uint64_t) p[3] << 32) |
- ((uint64_t) p[4] << 24) |
- ((uint64_t) p[5] << 16) |
- ((uint64_t) p[6] << 8) |
- ((uint64_t) p[7]);
+ ssl->in_window = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
@@ -4973,7 +4953,7 @@
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
};
-static int ssl_preset_suiteb_ciphersuites[] = {
+static const int ssl_preset_suiteb_ciphersuites[] = {
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
0
@@ -6647,7 +6627,7 @@
exit:
psa_hash_abort(&sha256_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha256;
@@ -6709,7 +6689,7 @@
exit:
psa_hash_abort(&sha384_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha384;
@@ -7388,13 +7368,12 @@
/* and in the unlikely case the above assumption no longer holds
* we are making sure that pk_ec() here does not return a NULL
*/
- const mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk);
- if (ec == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec() returned NULL"));
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk);
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
+ MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID"));
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
-
- if (mbedtls_ssl_check_curve(ssl, ec->grp.id) != 0) {
+ if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
ssl->session_negotiate->verify_result |=
MBEDTLS_X509_BADCERT_BAD_KEY;
@@ -7763,7 +7742,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha256_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
mbedtls_md_free(&sha256);
return ret;
@@ -7852,7 +7831,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha384_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
mbedtls_md_free(&sha384);
return ret;
@@ -8314,9 +8293,9 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
if (mac_alg == 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found",
+ MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
(unsigned) ciphersuite_info->mac));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -8763,7 +8742,7 @@
{
psa_status_t status;
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg);
MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange"));
@@ -8892,7 +8871,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
psa_algorithm_t psa_hash_alg =
- mbedtls_hash_info_psa_from_md(hash_alg_received);
+ mbedtls_md_psa_alg_from_type(hash_alg_received);
if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
!mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
@@ -9102,14 +9081,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- start = ((uint64_t) p[0] << 56) |
- ((uint64_t) p[1] << 48) |
- ((uint64_t) p[2] << 40) |
- ((uint64_t) p[3] << 32) |
- ((uint64_t) p[4] << 24) |
- ((uint64_t) p[5] << 16) |
- ((uint64_t) p[6] << 8) |
- ((uint64_t) p[7]);
+ start = MBEDTLS_GET_UINT64_BE(p, 0);
p += 8;
session->start = (time_t) start;
@@ -9132,10 +9104,7 @@
memcpy(session->master, p, 48);
p += 48;
- session->verify_result = ((uint32_t) p[0] << 24) |
- ((uint32_t) p[1] << 16) |
- ((uint32_t) p[2] << 8) |
- ((uint32_t) p[3]);
+ session->verify_result = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
/* Immediately clear invalid pointer values that have been read, in case
@@ -9254,10 +9223,7 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
- session->ticket_lifetime = ((uint32_t) p[0] << 24) |
- ((uint32_t) p[1] << 16) |
- ((uint32_t) p[2] << 8) |
- ((uint32_t) p[3]);
+ session->ticket_lifetime = MBEDTLS_GET_UINT32_BE(p, 0);
p += 4;
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index d94d829..fc96dae 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -50,8 +50,6 @@
#include "mbedtls/platform_util.h"
#endif
-#include "hash_info.h"
-
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
@@ -1986,7 +1984,6 @@
static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_ecp_keypair *peer_key;
mbedtls_pk_context *peer_pk;
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
@@ -2007,22 +2004,24 @@
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- peer_key = mbedtls_pk_ec(*peer_pk);
+#if defined(MBEDTLS_ECP_C)
+ const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk);
+#endif /* MBEDTLS_ECP_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- size_t olen = 0;
uint16_t tls_id = 0;
psa_ecc_family_t ecc_family;
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk);
- if (mbedtls_ssl_check_curve(ssl, peer_key->grp.id) != 0) {
+ if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
- tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(peer_key->grp.id);
+ tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
if (tls_id == 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported",
- peer_key->grp.id));
+ grp_id));
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
}
@@ -2034,6 +2033,12 @@
ssl->handshake->ecdh_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(ecc_family);
/* Store peer's public key in psa format. */
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
+ ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len;
+ ret = 0;
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
+ size_t olen = 0;
ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q,
MBEDTLS_ECP_PF_UNCOMPRESSED, &olen,
ssl->handshake->ecdh_psa_peerkey,
@@ -2043,9 +2048,9 @@
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecp_point_write_binary"), ret);
return ret;
}
-
ssl->handshake->ecdh_psa_peerkey_len = olen;
-#else
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+#else /* MBEDTLS_USE_PSA_CRYPTO */
if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key,
MBEDTLS_ECDH_THEIRS)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
@@ -2056,7 +2061,7 @@
MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
}
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
/* We don't need the peer's public key anymore. Free it,
* so that more RAM is available for upcoming expensive
@@ -2284,7 +2289,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
size_t sig_len, hashlen;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
@@ -2401,7 +2406,7 @@
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
rsassa_pss_options.mgf1_hash_id = md_alg;
rsassa_pss_options.expected_salt_len =
- mbedtls_hash_info_get_size(md_alg);
+ mbedtls_md_get_size_from_type(md_alg);
if (rsassa_pss_options.expected_salt_len == 0) {
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 42f5fe9..30c35f3 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -30,7 +30,6 @@
#include "mbedtls/platform_util.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
-#include "hash_info.h"
#include <string.h>
@@ -666,7 +665,7 @@
uint16_t *curves_tls_id)
{
uint16_t *curr_tls_id = curves_tls_id;
- mbedtls_ecp_group_id grp_id = mbedtls_pk_ec(*pk)->grp.id;
+ mbedtls_ecp_group_id grp_id = mbedtls_pk_ec_ro(*pk)->grp.id;
mbedtls_ecp_group_id curr_grp_id;
while (*curr_tls_id != 0) {
@@ -1088,9 +1087,7 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if (ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS) {
/* This couldn't be done in ssl_prepare_handshake_record() */
- unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
- ssl->in_msg[5];
-
+ unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
if (cli_msg_seq != ssl->handshake->in_msg_seq) {
MBEDTLS_SSL_DEBUG_MSG(1, ("bad client hello message_seq: "
"%u (expected %u)", cli_msg_seq,
@@ -1102,8 +1099,7 @@
} else
#endif
{
- unsigned int cli_msg_seq = (ssl->in_msg[4] << 8) |
- ssl->in_msg[5];
+ unsigned int cli_msg_seq = (unsigned int) MBEDTLS_GET_UINT16_BE(ssl->in_msg, 4);
ssl->handshake->out_msg_seq = cli_msg_seq;
ssl->handshake->in_msg_seq = cli_msg_seq + 1;
}
@@ -2600,7 +2596,7 @@
psa_ecc_family_t ecc_family;
size_t key_len;
mbedtls_pk_context *pk;
- mbedtls_ecp_keypair *key;
+ mbedtls_ecp_group_id grp_id;
pk = mbedtls_ssl_own_key(ssl);
@@ -2608,14 +2604,17 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk);
+#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */
+
switch (mbedtls_pk_get_type(pk)) {
case MBEDTLS_PK_OPAQUE:
if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
}
- ssl->handshake->ecdh_psa_privkey =
- *((mbedtls_svc_key_id_t *) pk->pk_ctx);
+ ssl->handshake->ecdh_psa_privkey = pk->priv_id;
/* Key should not be destroyed in the TLS library */
ssl->handshake->ecdh_psa_privkey_is_external = 1;
@@ -2637,12 +2636,11 @@
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
case MBEDTLS_PK_ECDSA:
- key = mbedtls_pk_ec(*pk);
- if (key == NULL) {
+ grp_id = mbedtls_pk_get_group_id(pk);
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
-
- tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(key->grp.id);
+ tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
if (tls_id == 0) {
/* This elliptic curve is not supported */
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@@ -2662,11 +2660,19 @@
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type));
psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
+ if (status != PSA_SUCCESS) {
+ ret = PSA_TO_MBEDTLS_ERR(status);
+ goto cleanup;
+ }
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
ret = mbedtls_ecp_write_key(key, buf, key_len);
if (ret != 0) {
goto cleanup;
}
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
status = psa_import_key(&key_attributes, buf, key_len,
&ssl->handshake->ecdh_psa_privkey);
@@ -2705,7 +2711,7 @@
}
if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx,
- mbedtls_pk_ec(*mbedtls_ssl_own_key(ssl)),
+ mbedtls_pk_ec_ro(*mbedtls_ssl_own_key(ssl)),
MBEDTLS_ECDH_OURS)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret);
return ret;
@@ -3074,7 +3080,7 @@
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e1d0c6c..3dffc1d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -33,6 +33,7 @@
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
@@ -672,7 +673,7 @@
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
if (ciphersuite_info != NULL) {
- return mbedtls_psa_translate_md(ciphersuite_info->mac);
+ return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
}
return PSA_ALG_NONE;
@@ -850,7 +851,7 @@
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
- ssl, mbedtls_hash_info_md_from_psa(hash_alg),
+ ssl, mbedtls_md_type_from_psa_alg(hash_alg),
transcript, sizeof(transcript), &transcript_len);
if (ret != 0) {
return ret;
@@ -1126,7 +1127,7 @@
return ret;
}
- if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
+ if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac)
!= hash_alg) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Invalid ciphersuite for external psk."));
@@ -1696,7 +1697,7 @@
cipher_suite, ciphersuite_info->name));
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = time(NULL);
+ ssl->session_negotiate->start = mbedtls_time(NULL);
#endif /* MBEDTLS_HAVE_TIME */
/* ...
@@ -2844,7 +2845,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index a00785b..a59f01c 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,7 +29,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#include "ssl_misc.h"
#include "ssl_tls13_invasive.h"
@@ -274,7 +274,7 @@
goto error;
}
- hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ hash_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (hash_alg == 0) {
goto error;
}
@@ -1076,7 +1076,7 @@
}
/* Hash verify buffer with indicated hash function */
- psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg);
status = psa_hash_compute(psa_algorithm,
verify_buffer,
verify_buffer_len,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 46caa45..540f854 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -34,6 +34,7 @@
#include "ssl_tls13_invasive.h"
#include "psa/crypto.h"
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
@@ -677,7 +678,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
handshake->ciphersuite_info->mac);
/*
@@ -792,7 +793,7 @@
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(
ssl->handshake->ciphersuite_info->mac);
size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
@@ -1163,7 +1164,7 @@
md_type = ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1291,7 +1292,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
@@ -1365,7 +1366,7 @@
md_type = ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1472,7 +1473,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
handshake->ciphersuite_info->mac);
unsigned char *shared_secret = NULL;
size_t shared_secret_len = 0;
@@ -1608,7 +1609,7 @@
md_type = handshake->ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
/* Compute current handshake transcript. It's the caller's responsibility
@@ -1766,7 +1767,7 @@
}
ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
- mbedtls_psa_translate_md(md_type),
+ mbedtls_md_psa_alg_from_type(md_type),
handshake->tls13_master_secrets.app,
transcript, transcript_len,
&ssl->session_negotiate->app_secrets);
@@ -1781,7 +1782,7 @@
MBEDTLS_SSL_DEBUG_BUF(
4, "Resumption master secret",
ssl->session_negotiate->app_secrets.resumption_master_secret,
- PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type)));
+ PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type)));
MBEDTLS_SSL_DEBUG_MSG(
2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret"));
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 33121af..cf61191 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -25,6 +25,7 @@
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
+#include "md_psa.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
@@ -332,7 +333,7 @@
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
- ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg),
+ ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg),
transcript, sizeof(transcript), &transcript_len);
if (ret != 0) {
return ret;
@@ -406,7 +407,7 @@
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
* Otherwise, client should reject.
*/
- if (psk_hash_alg == mbedtls_psa_translate_md(ciphersuite_info->mac)) {
+ if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) {
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return 0;
@@ -612,7 +613,7 @@
ret = ssl_tls13_offered_psks_check_binder_match(
ssl, binder, binder_len, psk_type,
- mbedtls_psa_translate_md(ciphersuite_info->mac));
+ mbedtls_md_psa_alg_from_type(ciphersuite_info->mac));
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
/* For security reasons, the handshake should be aborted when we
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
@@ -1846,7 +1847,7 @@
MBEDTLS_SERVER_HELLO_RANDOM_LEN);
#if defined(MBEDTLS_HAVE_TIME)
- ssl->session_negotiate->start = time(NULL);
+ ssl->session_negotiate->start = mbedtls_time(NULL);
#endif /* MBEDTLS_HAVE_TIME */
return ret;
@@ -2783,7 +2784,7 @@
ciphersuite_info =
(mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
- psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
diff --git a/library/x509.c b/library/x509.c
index c9524c9..6e16c4c 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1201,6 +1201,87 @@
return 0;
}
+/* Check mbedtls_x509_get_subject_alt_name for detailed description.
+ *
+ * In some cases while parsing subject alternative names the sequence tag is optional
+ * (e.g. CertSerialNumber). This function is designed to handle such case.
+ */
+int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_sequence *subject_alt_name)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t tag_len;
+ mbedtls_asn1_sequence *cur = subject_alt_name;
+
+ while (*p < end) {
+ mbedtls_x509_subject_alternative_name tmp_san_name;
+ mbedtls_x509_buf tmp_san_buf;
+ memset(&tmp_san_name, 0, sizeof(tmp_san_name));
+
+ tmp_san_buf.tag = **p;
+ (*p)++;
+
+ if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ tmp_san_buf.p = *p;
+ tmp_san_buf.len = tag_len;
+
+ if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
+ }
+
+ /*
+ * Check that the SAN is structured correctly by parsing it.
+ * The SAN structure is discarded afterwards.
+ */
+ ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name);
+ /*
+ * In case the extension is malformed, return an error,
+ * and clear the allocated sequences.
+ */
+ if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
+ mbedtls_asn1_sequence_free(subject_alt_name->next);
+ subject_alt_name->next = NULL;
+ return ret;
+ }
+
+ mbedtls_x509_free_subject_alt_name(&tmp_san_name);
+ /* Allocate and assign next pointer */
+ if (cur->buf.p != NULL) {
+ if (cur->next != NULL) {
+ return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
+ }
+
+ cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
+
+ if (cur->next == NULL) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_ALLOC_FAILED);
+ }
+
+ cur = cur->next;
+ }
+
+ cur->buf = tmp_san_buf;
+ *p += tmp_san_buf.len;
+ }
+
+ /* Set final sequence entry's next pointer to NULL */
+ cur->next = NULL;
+
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ return 0;
+}
+
/*
* SubjectAltName ::= GeneralNames
*
@@ -1234,8 +1315,7 @@
mbedtls_x509_sequence *subject_alt_name)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t len, tag_len;
- mbedtls_asn1_sequence *cur = subject_alt_name;
+ size_t len;
/* Get main sequence tag */
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
@@ -1248,71 +1328,7 @@
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
- while (*p < end) {
- mbedtls_x509_subject_alternative_name dummy_san_buf;
- mbedtls_x509_buf tmp_san_buf;
- memset(&dummy_san_buf, 0, sizeof(dummy_san_buf));
-
- tmp_san_buf.tag = **p;
- (*p)++;
-
- if ((ret = mbedtls_asn1_get_len(p, end, &tag_len)) != 0) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
- }
-
- tmp_san_buf.p = *p;
- tmp_san_buf.len = tag_len;
-
- if ((tmp_san_buf.tag & MBEDTLS_ASN1_TAG_CLASS_MASK) !=
- MBEDTLS_ASN1_CONTEXT_SPECIFIC) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
- }
-
- /*
- * Check that the SAN is structured correctly.
- */
- ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf);
- /*
- * In case the extension is malformed, return an error,
- * and clear the allocated sequences.
- */
- if (ret != 0 && ret != MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE) {
- mbedtls_asn1_sequence_free(subject_alt_name->next);
- subject_alt_name->next = NULL;
- return ret;
- }
-
- mbedtls_x509_free_subject_alt_name(&dummy_san_buf);
- /* Allocate and assign next pointer */
- if (cur->buf.p != NULL) {
- if (cur->next != NULL) {
- return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
- }
-
- cur->next = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
-
- if (cur->next == NULL) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_ALLOC_FAILED);
- }
-
- cur = cur->next;
- }
-
- cur->buf = tmp_san_buf;
- *p += tmp_san_buf.len;
- }
-
- /* Set final sequence entry's next pointer to NULL */
- cur->next = NULL;
-
- if (*p != end) {
- return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
- }
-
- return 0;
+ return mbedtls_x509_get_subject_alt_name_ext(p, end, subject_alt_name);
}
int mbedtls_x509_get_ns_cert_type(unsigned char **p,
@@ -1422,9 +1438,24 @@
san_buf, sizeof(*san_buf));
}
break;
-
/*
- * RFC822 Name
+ * IP address
+ */
+ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS):
+ {
+ memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
+ san->type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported
+ if (san_buf->len == 4 || san_buf->len == 16) {
+ memcpy(&san->san.unstructured_name,
+ san_buf, sizeof(*san_buf));
+ } else {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
+ }
+ break;
+ /*
+ * rfc822Name
*/
case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME):
{
@@ -1433,7 +1464,6 @@
memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf));
}
break;
-
/*
* directoryName
*/
@@ -1548,7 +1578,9 @@
ret = mbedtls_snprintf(p, n, "\n%s uniformResourceIdentifier : ", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
if (san.san.unstructured_name.len >= n) {
- *p = '\0';
+ if (n > 0) {
+ *p = '\0';
+ }
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
@@ -1574,7 +1606,9 @@
MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name);
MBEDTLS_X509_SAFE_SNPRINTF;
if (san.san.unstructured_name.len >= n) {
- *p = '\0';
+ if (n > 0) {
+ *p = '\0';
+ }
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
@@ -1583,7 +1617,41 @@
n -= san.san.unstructured_name.len;
}
break;
+ /*
+ * iPAddress
+ */
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
+ {
+ ret = mbedtls_snprintf(p, n, "\n%s %s : ",
+ prefix, "iPAddress");
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ if (san.san.unstructured_name.len >= n) {
+ if (n > 0) {
+ *p = '\0';
+ }
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ unsigned char *ip = san.san.unstructured_name.p;
+ // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported
+ if (san.san.unstructured_name.len == 4) {
+ ret = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ } else if (san.san.unstructured_name.len == 16) {
+ ret = mbedtls_snprintf(p, n,
+ "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X",
+ ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6],
+ ip[7], ip[8], ip[9], ip[10], ip[11], ip[12], ip[13],
+ ip[14], ip[15]);
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ } else {
+ if (n > 0) {
+ *p = '\0';
+ }
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
+ }
+ break;
/*
* directoryName
*/
@@ -1599,6 +1667,9 @@
if (ret < 0) {
mbedtls_x509_free_subject_alt_name(&san);
+ if (n > 0) {
+ *p = '\0';
+ }
return ret;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 874d8f6..9b3414a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -47,9 +47,10 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
#include "x509_invasive.h"
+#include "pk_internal.h"
#include "mbedtls/platform.h"
@@ -237,7 +238,7 @@
if (pk_alg == MBEDTLS_PK_ECDSA ||
pk_alg == MBEDTLS_PK_ECKEY ||
pk_alg == MBEDTLS_PK_ECKEY_DH) {
- const mbedtls_ecp_group_id gid = mbedtls_pk_ec(*pk)->grp.id;
+ const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk);
if (gid == MBEDTLS_ECP_DP_NONE) {
return -1;
@@ -592,6 +593,114 @@
}
/*
+ * SubjectKeyIdentifier ::= KeyIdentifier
+ *
+ * KeyIdentifier ::= OCTET STRING
+ */
+static int x509_get_subject_key_id(unsigned char **p,
+ const unsigned char *end,
+ mbedtls_x509_buf *subject_key_id)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0u;
+
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_OCTET_STRING)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ subject_key_id->len = len;
+ subject_key_id->tag = MBEDTLS_ASN1_OCTET_STRING;
+ subject_key_id->p = *p;
+ *p += len;
+
+ if (*p != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ return 0;
+}
+
+/*
+ * AuthorityKeyIdentifier ::= SEQUENCE {
+ * keyIdentifier [0] KeyIdentifier OPTIONAL,
+ * authorityCertIssuer [1] GeneralNames OPTIONAL,
+ * authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
+ *
+ * KeyIdentifier ::= OCTET STRING
+ */
+static int x509_get_authority_key_id(unsigned char **p,
+ unsigned char *end,
+ mbedtls_x509_authority *authority_key_id)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len = 0u;
+
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ if (*p + len != end) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
+ }
+
+ ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC);
+
+ /* KeyIdentifier is an OPTIONAL field */
+ if (ret == 0) {
+ authority_key_id->keyIdentifier.len = len;
+ authority_key_id->keyIdentifier.p = *p;
+ /* Setting tag of the keyIdentfier intentionally to 0x04.
+ * Although the .keyIdentfier field is CONTEXT_SPECIFIC ([0] OPTIONAL),
+ * its tag with the content is the payload of on OCTET STRING primitive */
+ authority_key_id->keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING;
+
+ *p += len;
+ } else if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+
+ if (*p < end) {
+ /* Getting authorityCertIssuer using the required specific class tag [1] */
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED |
+ 1)) != 0) {
+ /* authorityCertIssuer and authorityCertSerialNumber MUST both
+ be present or both be absent. At this point we expect to have both. */
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+ /* "end" also includes the CertSerialNumber field so "len" shall be used */
+ ret = mbedtls_x509_get_subject_alt_name_ext(p,
+ (*p+len),
+ &authority_key_id->authorityCertIssuer);
+ if (ret != 0) {
+ return ret;
+ }
+
+ /* Getting authorityCertSerialNumber using the required specific class tag [2] */
+ if ((ret = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | 2)) != 0) {
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
+ }
+ authority_key_id->authorityCertSerialNumber.len = len;
+ authority_key_id->authorityCertSerialNumber.p = *p;
+ authority_key_id->authorityCertSerialNumber.tag = MBEDTLS_ASN1_INTEGER;
+ *p += len;
+ }
+
+ if (*p != end) {
+ return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ }
+
+ return 0;
+}
+
+/*
* id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
*
* anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
@@ -889,8 +998,25 @@
}
break;
+ case MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER:
+ /* Parse subject key identifier */
+ if ((ret = x509_get_subject_key_id(p, end_ext_data,
+ &crt->subject_key_id)) != 0) {
+ return ret;
+ }
+ break;
+
+ case MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER:
+ /* Parse authority key identifier */
+ if ((ret = x509_get_authority_key_id(p, end_ext_octet,
+ &crt->authority_key_id)) != 0) {
+ return ret;
+ }
+ break;
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
- /* Parse subject alt name */
+ /* Parse subject alt name
+ * SubjectAltName ::= GeneralNames
+ */
if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_octet,
&crt->subject_alt_names)) != 0) {
return ret;
@@ -1550,6 +1676,27 @@
#endif /* MBEDTLS_FS_IO */
#if !defined(MBEDTLS_X509_REMOVE_INFO)
+#define PRINT_ITEM(i) \
+ do { \
+ ret = mbedtls_snprintf(p, n, "%s" i, sep); \
+ MBEDTLS_X509_SAFE_SNPRINTF; \
+ sep = ", "; \
+ } while (0)
+
+#define CERT_TYPE(type, name) \
+ do { \
+ if (ns_cert_type & (type)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
+
+#define KEY_USAGE(code, name) \
+ do { \
+ if (key_usage & (code)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
+
static int x509_info_ext_key_usage(char **buf, size_t *size,
const mbedtls_x509_sequence *extended_key_usage)
{
@@ -1877,7 +2024,7 @@
const mbedtls_x509_crt_profile *profile)
{
int flags = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_algorithm;
#else
@@ -1917,7 +2064,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
if (psa_hash_compute(psa_algorithm,
crl_list->tbs.p,
crl_list->tbs.len,
@@ -1986,7 +2133,7 @@
mbedtls_x509_crt_restart_ctx *rs_ctx)
{
size_t hash_len;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type(child->sig_md);
@@ -1997,7 +2144,7 @@
return -1;
}
#else
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_hash_compute(hash_alg,
@@ -2667,7 +2814,6 @@
static int x509_inet_pton_ipv4(const char *src, void *dst)
{
- /* note: allows leading 0's, e.g. 000.000.000.000 */
const unsigned char *p = (const unsigned char *) src;
uint8_t *res = (uint8_t *) dst;
uint8_t digit, num_digits = 0;
@@ -2681,13 +2827,20 @@
if (digit > 9) {
break;
}
+
+ /* Don't allow leading zeroes. These might mean octal format,
+ * which this implementation does not support. */
+ if (octet == 0 && num_digits > 0) {
+ return -1;
+ }
+
octet = octet * 10 + digit;
num_digits++;
p++;
} while (num_digits < 3);
if (octet >= 256 || num_digits > 3 || num_digits == 0) {
- break;
+ return -1;
}
*res++ = (uint8_t) octet;
num_octets++;
@@ -2758,6 +2911,21 @@
return -1;
}
+static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san,
+ const char *cn, size_t cn_len)
+{
+ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
+ const unsigned char san_type = (unsigned char) cur->buf.tag &
+ MBEDTLS_ASN1_TAG_VALUE_MASK;
+ if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER &&
+ cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) {
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
/*
* Check for SAN match, see RFC 5280 Section 4.2.1.6
*/
@@ -2765,23 +2933,38 @@
const char *cn, size_t cn_len)
{
int san_ip = 0;
+ int san_uri = 0;
+ /* Prioritize DNS name over other subtypes due to popularity */
for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) {
switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) {
- case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */
+ case MBEDTLS_X509_SAN_DNS_NAME:
if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) {
return 0;
}
break;
- case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
san_ip = 1;
break;
+ case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+ san_uri = 1;
+ break;
/* (We may handle other types here later.) */
default: /* Unrecognized type */
break;
}
}
+ if (san_ip) {
+ if (x509_crt_check_san_ip(san, cn, cn_len) == 0) {
+ return 0;
+ }
+ }
+ if (san_uri) {
+ if (x509_crt_check_san_uri(san, cn, cn_len) == 0) {
+ return 0;
+ }
+ }
- return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1;
+ return -1;
}
/*
@@ -3049,6 +3232,7 @@
mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
mbedtls_asn1_sequence_free(cert_cur->subject_alt_names.next);
mbedtls_asn1_sequence_free(cert_cur->certificate_policies.next);
+ mbedtls_asn1_sequence_free(cert_cur->authority_key_id.authorityCertIssuer.next);
if (cert_cur->raw.p != NULL && cert_cur->own_buffer) {
mbedtls_platform_zeroize(cert_cur->raw.p, cert_cur->raw.len);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 70d7e93..59fd589 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -31,10 +31,12 @@
#include "mbedtls/asn1write.h"
#include "mbedtls/error.h"
#include "mbedtls/oid.h"
+#include "mbedtls/platform.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/md.h"
#include <string.h>
+#include <stdint.h>
#if defined(MBEDTLS_PEM_WRITE_C)
#include "mbedtls/pem.h"
@@ -43,9 +45,18 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
+#define CHECK_OVERFLOW_ADD(a, b) \
+ do \
+ { \
+ if (a > SIZE_MAX - (b)) \
+ { \
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \
+ } \
+ a += b; \
+ } while (0)
void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
{
@@ -152,6 +163,137 @@
return 0;
}
+int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx,
+ const mbedtls_x509_san_list *san_list)
+{
+ int ret = 0;
+ const mbedtls_x509_san_list *cur;
+ unsigned char *buf;
+ unsigned char *p;
+ size_t len;
+ size_t buflen = 0;
+
+ /* Determine the maximum size of the SubjectAltName list */
+ for (cur = san_list; cur != NULL; cur = cur->next) {
+ /* Calculate size of the required buffer */
+ switch (cur->node.type) {
+ case MBEDTLS_X509_SAN_DNS_NAME:
+ case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
+ case MBEDTLS_X509_SAN_RFC822_NAME:
+ /* length of value for each name entry,
+ * maximum 4 bytes for the length field,
+ * 1 byte for the tag/type.
+ */
+ CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len);
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+ break;
+ case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+ {
+ const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name;
+ while (chunk != NULL) {
+ // Max 4 bytes for length, +1 for tag,
+ // additional 4 max for length, +1 for tag.
+ // See x509_write_name for more information.
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1);
+ CHECK_OVERFLOW_ADD(buflen, chunk->oid.len);
+ CHECK_OVERFLOW_ADD(buflen, chunk->val.len);
+ chunk = chunk->next;
+ }
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+ break;
+ }
+ default:
+ /* Not supported - return. */
+ return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ }
+ }
+
+ /* Add the extra length field and tag */
+ CHECK_OVERFLOW_ADD(buflen, 4 + 1);
+
+ /* Allocate buffer */
+ buf = mbedtls_calloc(1, buflen);
+ if (buf == NULL) {
+ return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+ }
+ p = buf + buflen;
+
+ /* Write ASN.1-based structure */
+ cur = san_list;
+ len = 0;
+ while (cur != NULL) {
+ size_t single_san_len = 0;
+ switch (cur->node.type) {
+ case MBEDTLS_X509_SAN_DNS_NAME:
+ case MBEDTLS_X509_SAN_RFC822_NAME:
+ case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER:
+ case MBEDTLS_X509_SAN_IP_ADDRESS:
+ {
+ const unsigned char *unstructured_name =
+ (const unsigned char *) cur->node.san.unstructured_name.p;
+ size_t unstructured_name_len = cur->node.san.unstructured_name.len;
+
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_raw_buffer(
+ &p, buf,
+ unstructured_name, unstructured_name_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len(
+ &p, buf, unstructured_name_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_tag(
+ &p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type));
+ }
+ break;
+ case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_x509_write_names(&p, buf,
+ (mbedtls_asn1_named_data *) &
+ cur->node
+ .san.directory_name));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_len(&p, buf, single_san_len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len,
+ mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONTEXT_SPECIFIC |
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_X509_SAN_DIRECTORY_NAME));
+ break;
+ default:
+ /* Error out on an unsupported SAN */
+ ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
+ goto cleanup;
+ }
+ cur = cur->next;
+ /* check for overflow */
+ if (len > SIZE_MAX - single_san_len) {
+ ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ goto cleanup;
+ }
+ len += single_san_len;
+ }
+
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
+ MBEDTLS_ASN1_CHK_CLEANUP_ADD(len,
+ mbedtls_asn1_write_tag(&p, buf,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE));
+
+ ret = mbedtls_x509write_crt_set_extension(
+ ctx,
+ MBEDTLS_OID_SUBJECT_ALT_NAME,
+ MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME),
+ 0,
+ buf + buflen - len,
+ len);
+
+cleanup:
+ mbedtls_free(buf);
+ return ret;
+}
+
+
int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
const char *oid, size_t oid_len,
int critical,
@@ -426,7 +568,7 @@
unsigned char *c, *c2;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t hash_length = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t psa_algorithm;
@@ -585,7 +727,7 @@
/* Compute hash of CRT. */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg);
status = psa_hash_compute(psa_algorithm,
c,
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index deb6617..d792d34 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -36,8 +36,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
#include <string.h>
#include <stdlib.h>
@@ -243,13 +243,13 @@
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_len;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Write the CSR backwards starting from the end of buf */
diff --git a/programs/.gitignore b/programs/.gitignore
index 398152d..d11db9e 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -9,9 +9,6 @@
/psa/psa_constant_names_generated.c
/test/query_config.c
-*.o
-*.exe
-
aes/crypt_and_hash
cipher/cipher_aead_demo
hash/generic_sum
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 56a5efe..d4e1d74 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -78,6 +78,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -175,6 +182,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index a58f6f4..3659026 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -61,6 +61,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
srand(1);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -119,6 +126,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index cdd69c0..1632e9d 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -50,6 +50,20 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -58,8 +72,7 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init(&srvcert);
- mbedtls_pk_init(&pkey);
+
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
@@ -78,9 +91,6 @@
initialized = 1;
}
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_config_init(&conf);
- mbedtls_ssl_cookie_init(&cookie_ctx);
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
@@ -154,9 +164,16 @@
exit:
mbedtls_ssl_cookie_free(&cookie_ctx);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert);
+#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index 39c23e2..ce75624 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -30,13 +30,20 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
- return 1;
+ goto exit;
}
- mbedtls_pk_init(&pk);
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
dummy_random, &ctr_drbg);
if (ret == 0) {
@@ -83,7 +90,13 @@
abort();
}
}
+exit:
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 7f5e4aa..9203b4e 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -11,6 +11,12 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
@@ -66,6 +72,10 @@
abort();
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pk);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index cd021e1..e767859 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -58,6 +58,21 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_init(&ticket_ctx);
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -67,8 +82,6 @@
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
- mbedtls_x509_crt_init(&srvcert);
- mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len) != 0) {
return 1;
@@ -92,11 +105,6 @@
initialized = 1;
}
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_config_init(&conf);
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
- mbedtls_ssl_ticket_init(&ticket_ctx);
-#endif
if (mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_SERVER,
@@ -193,8 +201,14 @@
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+#endif
mbedtls_ssl_free(&ssl);
-
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 6ff0c05..313540d 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crl_free(&crl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index 858c1ff..8442090 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_crt_init(&crt);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crt_free(&crt);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index 39fb4cb..395d3c2 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -11,6 +11,12 @@
unsigned char buf[4096];
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
#if !defined(MBEDTLS_X509_REMOVE_INFO)
if (ret == 0) {
@@ -20,6 +26,11 @@
((void) ret);
((void) buf);
#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_csr_free(&csr);
#else
(void) Data;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 029558d..9bee275 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -200,6 +200,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -407,6 +416,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index c80dcd0..cd16e33 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -99,6 +99,15 @@
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto cleanup;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -305,8 +314,10 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
-
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 862c93f..e8f3e85 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -216,6 +216,15 @@
memset(buf, 0, sizeof(buf));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -422,6 +431,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 8862636..f60c946 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -67,6 +67,15 @@
memset(result, 0, sizeof(result));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 2) {
mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
@@ -139,6 +148,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index eab3f08..04e5cc7 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -63,6 +63,15 @@
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
@@ -140,6 +149,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 82cb6a1..57bd796 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -63,6 +63,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
@@ -140,6 +149,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 0c549e0..bca985b 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -55,6 +55,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
@@ -114,6 +123,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 03882cd..999669e 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -64,6 +64,15 @@
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
@@ -153,6 +162,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index e21e927..8a1fb59 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -58,6 +58,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
@@ -129,6 +138,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
index 67de085..e21d1ab 100755
--- a/programs/psa/key_ladder_demo.sh
+++ b/programs/psa/key_ladder_demo.sh
@@ -17,9 +17,27 @@
set -e -u
-program="${0%/*}"/key_ladder_demo
+program_name="key_ladder_demo"
+program="${0%/*}/$program_name"
files_to_clean=
+if [ ! -e "$program" ]; then
+ # Look for programs in the current directory and the directories above it
+ for dir in "." ".." "../.."; do
+ program="$dir/programs/psa/$program_name"
+ if [ -e "$program" ]; then
+ break
+ fi
+ done
+ if [ ! -e "$program" ]; then
+ echo "Could not find $program_name executable"
+
+ echo "If building out-of-tree, this script must be run" \
+ "from the project build directory."
+ exit 1
+ fi
+fi
+
run () {
echo
echo "# $1"
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 44a135f..e47715c 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -109,11 +109,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -324,12 +334,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 6f8c841..f218130 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -119,6 +119,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -394,6 +404,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Shell can not handle large exit numbers -> 1 for errors */
if (ret < 0) {
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 6dbbc6d..e8f4797 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -175,8 +175,16 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init(&ca);
#endif
-
mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
@@ -262,7 +270,6 @@
exit:
mbedtls_net_free(&server_fd);
-
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
@@ -270,6 +277,9 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index ea96a4d..259b8f9 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -91,11 +91,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
+
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -274,12 +284,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index 0ba0d2c..a5f0650 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -21,6 +21,7 @@
#include "mbedtls/build_info.h"
#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
#include <stdio.h>
#include <stdlib.h>
@@ -933,6 +934,15 @@
size_t ssl_max_len = SSL_INIT_LEN;
size_t ssl_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/* The 'b64_file' is opened when parsing arguments to check that the
* file name is correct */
parse_arguments(argc, argv);
@@ -1001,6 +1011,10 @@
printf("Finished. No valid base64 code found\n");
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
return 0;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 7ee880d..4777ee0 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -105,6 +105,15 @@
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
signal(SIGCHLD, SIG_IGN);
/*
@@ -366,13 +375,15 @@
exit:
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 3b040aa..fb6f371 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -369,6 +369,16 @@
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -458,7 +468,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -796,6 +805,9 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 2b3baff..9416c3c 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -332,6 +332,16 @@
*/
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* 1a. Seed the random number generator
*/
@@ -473,14 +483,14 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
-
mbedtls_net_free(&listen_fd);
-
mbedtls_mutex_free(&debug_mutex);
-
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 7dabda8..bb49155 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -104,6 +104,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -343,7 +353,6 @@
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
@@ -353,6 +362,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7cfcc9b..5f8bea9 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -73,7 +73,7 @@
/* Size of memory to be allocated for the heap, when using the library's memory
* management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
-#define MEMORY_HEAP_SIZE 120000
+#define MEMORY_HEAP_SIZE 180000
#define DFL_SERVER_ADDR NULL
#define DFL_SERVER_PORT "4433"
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 773c538..ecc4e94 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -39,6 +39,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
@@ -113,11 +114,12 @@
#define TITLE_LEN 25
#define OPTIONS \
- "md5, ripemd160, sha1, sha256, sha512,\n" \
- "des3, des, camellia, chacha20,\n" \
+ "md5, ripemd160, sha1, sha256, sha512,\n" \
+ "sha3_224, sha3_256, sha3_384, sha3_512,\n" \
+ "des3, des, camellia, chacha20,\n" \
"aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \
"aes_cmac, des3_cmac, poly1305\n" \
- "ctr_drbg, hmac_drbg\n" \
+ "ctr_drbg, hmac_drbg\n" \
"rsa, dhm, ecdsa, ecdh.\n"
#if defined(MBEDTLS_ERROR_C)
@@ -363,7 +365,7 @@
#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
__GNUC__ && __ia64__ */
-#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \
+#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \
!defined(EFIX64) && !defined(EFI32)
#define HAVE_HARDCLOCK
@@ -376,7 +378,7 @@
return (unsigned long) (offset.QuadPart);
}
-#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */
+#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */
#if !defined(HAVE_HARDCLOCK)
@@ -506,6 +508,7 @@
typedef struct {
char md5, ripemd160, sha1, sha256, sha512,
+ sha3_224, sha3_256, sha3_384, sha3_512,
des3, des,
aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,
aes_cmac, des3_cmac,
@@ -553,6 +556,14 @@
todo.sha256 = 1;
} else if (strcmp(argv[i], "sha512") == 0) {
todo.sha512 = 1;
+ } else if (strcmp(argv[i], "sha3_224") == 0) {
+ todo.sha3_224 = 1;
+ } else if (strcmp(argv[i], "sha3_256") == 0) {
+ todo.sha3_256 = 1;
+ } else if (strcmp(argv[i], "sha3_384") == 0) {
+ todo.sha3_384 = 1;
+ } else if (strcmp(argv[i], "sha3_512") == 0) {
+ todo.sha3_512 = 1;
} else if (strcmp(argv[i], "des3") == 0) {
todo.des3 = 1;
} else if (strcmp(argv[i], "des") == 0) {
@@ -645,6 +656,20 @@
TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0));
}
#endif
+#if defined(MBEDTLS_SHA3_C)
+ if (todo.sha3_224) {
+ TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28));
+ }
+ if (todo.sha3_256) {
+ TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32));
+ }
+ if (todo.sha3_384) {
+ TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48));
+ }
+ if (todo.sha3_512) {
+ TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64));
+ }
+#endif
#if defined(MBEDTLS_DES_C)
#if defined(MBEDTLS_CIPHER_MODE_CBC)
diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh
index 2dde3eb..a6a9022 100755
--- a/programs/test/dlopen_demo.sh
+++ b/programs/test/dlopen_demo.sh
@@ -20,8 +20,29 @@
set -e -u
+program_name="dlopen"
program_dir="${0%/*}"
-program="$program_dir/dlopen"
+program="$program_dir/$program_name"
+
+if [ ! -e "$program" ]; then
+ # Look for programs in the current directory and the directories above it
+ for dir in "." ".." "../.."; do
+ program_dir="$dir/programs/test"
+ program="$program_dir/$program_name"
+ if [ -e "$program" ]; then
+ break
+ fi
+ done
+ if [ ! -e "$program" ]; then
+ echo "Could not find $program_name program"
+
+ echo "Make sure that Mbed TLS is built as a shared library." \
+ "If building out-of-tree, this script must be run" \
+ "from the project build directory."
+ exit 1
+ fi
+fi
+
top_dir="$program_dir/../.."
library_dir="$top_dir/library"
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 13423a1..f896d4f 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -33,6 +33,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
#include "mbedtls/des.h"
#include "mbedtls/aes.h"
#include "mbedtls/camellia.h"
@@ -251,6 +252,9 @@
#if defined(MBEDTLS_SHA512_C)
{ "sha512", mbedtls_sha512_self_test },
#endif
+#if defined(MBEDTLS_SHA3_C)
+ { "sha3", mbedtls_sha3_self_test },
+#endif
#if defined(MBEDTLS_DES_C)
{ "des", mbedtls_des_self_test },
#endif
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a9656c6..51a79ec 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -153,6 +153,7 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
+ mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init(&cacrl);
#else
@@ -161,6 +162,15 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -338,7 +348,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -448,6 +457,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 396aaf3..fe060f3 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -66,7 +66,7 @@
" output_file=%%s default: cert.req\n" \
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
" san=%%s default: (none)\n" \
- " Comma-separated-list of values:\n" \
+ " Semicolon-separated-list of values:\n" \
" DNS:value\n" \
" URI:value\n" \
" IP:value (Only IPv4 is supported)\n" \
@@ -119,7 +119,7 @@
static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
{
for (int i = 0; i < maxBytes; i++) {
- bytes[i] = (uint8_t) strtoul(str, NULL, 16);
+ bytes[i] = (uint8_t) strtoul(str, NULL, 10);
str = strchr(str, '.');
if (str == NULL || *str == '\0') {
break;
@@ -179,6 +179,16 @@
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -388,7 +398,6 @@
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -460,6 +469,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
cur = opt.san_list;
while (cur != NULL) {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index a822684..e4f8886 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -79,6 +79,7 @@
#define DFL_NOT_AFTER "20301231235959"
#define DFL_SERIAL "1"
#define DFL_SERIAL_HEX "1"
+#define DFL_EXT_SUBJECTALTNAME ""
#define DFL_SELFSIGN 0
#define DFL_IS_CA 0
#define DFL_MAX_PATHLEN -1
@@ -134,6 +135,13 @@
" subject_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \
" (Considered for v3 only)\n" \
+ " san=%%s default: (none)\n" \
+ " Semicolon-separated-list of values:\n" \
+ " DNS:value\n" \
+ " URI:value\n" \
+ " RFC822:value\n" \
+ " IP:value (Only IPv4 is supported)\n" \
+ " DN:list of comma separated key=value pairs\n" \
" authority_identifier=%%s default: 1\n" \
" Possible values: 0, 1\n" \
" (Considered for v3 only)\n" \
@@ -188,6 +196,7 @@
const char *issuer_pwd; /* password for the issuer key file */
const char *output_file; /* where to store the constructed CRT */
const char *subject_name; /* subject name for certificate */
+ mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */
const char *issuer_name; /* issuer name for certificate */
const char *not_before; /* validity period not before */
const char *not_after; /* validity period not after */
@@ -207,6 +216,18 @@
int format; /* format */
} opt;
+static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes)
+{
+ for (int i = 0; i < maxBytes; i++) {
+ bytes[i] = (uint8_t) strtoul(str, NULL, 10);
+ str = strchr(str, '.');
+ if (str == NULL || *str == '\0') {
+ break;
+ }
+ str++;
+ }
+}
+
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng)
@@ -314,7 +335,9 @@
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
const char *pers = "crt example app";
-
+ mbedtls_x509_san_list *cur, *prev;
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
+ uint8_t ip[4] = { 0 };
/*
* Set to sane values
*/
@@ -330,6 +353,15 @@
memset(buf, 0, sizeof(buf));
memset(serial, 0, sizeof(serial));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -361,6 +393,7 @@
opt.authority_identifier = DFL_AUTH_IDENT;
opt.basic_constraints = DFL_CONSTRAINTS;
opt.format = DFL_FORMAT;
+ opt.san_list = NULL;
for (i = 1; i < argc; i++) {
@@ -519,6 +552,92 @@
q = r;
}
+ } else if (strcmp(p, "san") == 0) {
+ char *subtype_value;
+ prev = NULL;
+
+ while (q != NULL) {
+ char *semicolon;
+ r = q;
+
+ /* Find the first non-escaped ; occurrence and remove escaped ones */
+ do {
+ if ((semicolon = strchr(r, ';')) != NULL) {
+ if (*(semicolon-1) != '\\') {
+ r = semicolon;
+ break;
+ }
+ /* Remove the escape character */
+ size_t size_left = strlen(semicolon);
+ memmove(semicolon-1, semicolon, size_left);
+ *(semicolon + size_left - 1) = '\0';
+ /* r will now point at the character after the semicolon */
+ r = semicolon;
+ }
+
+ } while (semicolon != NULL);
+
+ if (semicolon != NULL) {
+ *r++ = '\0';
+ } else {
+ r = NULL;
+ }
+
+ cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list));
+ if (cur == NULL) {
+ mbedtls_printf("Not enough memory for subjectAltName list\n");
+ goto usage;
+ }
+
+ cur->next = NULL;
+
+ if ((subtype_value = strchr(q, ':')) != NULL) {
+ *subtype_value++ = '\0';
+ }
+ if (strcmp(q, "RFC822") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ } else if (strcmp(q, "URI") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
+ } else if (strcmp(q, "DNS") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
+ } else if (strcmp(q, "IP") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ ip_string_to_bytes(subtype_value, ip, 4);
+ cur->node.san.unstructured_name.p = (unsigned char *) ip;
+ cur->node.san.unstructured_name.len = sizeof(ip);
+ } else if (strcmp(q, "DN") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ subtype_value)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_string_to_names "
+ "returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+ cur->node.san.directory_name = *ext_san_dirname;
+ } else {
+ mbedtls_free(cur);
+ goto usage;
+ }
+
+ if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
+ cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
+ cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
+ cur->node.san.unstructured_name.p = (unsigned char *) subtype_value;
+ cur->node.san.unstructured_name.len = strlen(subtype_value);
+ }
+
+ if (prev == NULL) {
+ opt.san_list = cur;
+ } else {
+ prev->next = cur;
+ }
+
+ prev = cur;
+ q = r;
+ }
} else if (strcmp(p, "ns_cert_type") == 0) {
while (q != NULL) {
if ((r = strchr(q, ',')) != NULL) {
@@ -824,6 +943,17 @@
mbedtls_printf(" ok\n");
}
+ if (opt.san_list != NULL) {
+ ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list);
+
+ if (ret != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d",
+ ret);
+ goto exit;
+ }
+ }
+
if (opt.ext_key_usage) {
mbedtls_printf(" . Adding the Extended Key Usage extension ...");
fflush(stdout);
@@ -879,12 +1009,16 @@
#if defined(MBEDTLS_X509_CSR_PARSE_C)
mbedtls_x509_csr_free(&csr);
#endif /* MBEDTLS_X509_CSR_PARSE_C */
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_x509_crt_free(&issuer_crt);
mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&loaded_subject_key);
mbedtls_pk_free(&loaded_issuer_key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index d74a488..6c671ff 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -70,6 +70,15 @@
*/
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -125,6 +134,9 @@
exit:
mbedtls_x509_crl_free(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 237bd7c..d024e98 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -123,6 +123,15 @@
struct mbedtls_timing_hr_time timer;
unsigned long ms;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc <= 1) {
mbedtls_printf(USAGE);
goto exit;
@@ -187,6 +196,9 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 83e2546..64b9f0b 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -70,6 +70,15 @@
*/
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -125,6 +134,9 @@
exit:
mbedtls_x509_csr_free(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt
index 1ad983f..3ddc417 100644
--- a/scripts/ci.requirements.txt
+++ b/scripts/ci.requirements.txt
@@ -10,3 +10,9 @@
# Use the earliest version of mypy that works with our code base.
# See https://github.com/Mbed-TLS/mbedtls/pull/3953 .
mypy >= 0.780
+
+# Install cryptography to avoid import-error reported by pylint.
+# What we really need is cryptography >= 35.0.0, which is only
+# available for Python >= 3.6.
+cryptography >= 35.0.0; sys_platform == 'linux' and python_version >= '3.6'
+cryptography; sys_platform == 'linux' and python_version < '3.6'
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index af6ddd4..de5249a 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -1,8 +1,6 @@
#!/usr/bin/env python3
"""
-Purpose
-
This script is for comparing the size of the library files from two
different Git revisions within an Mbed TLS repository.
The results of the comparison is formatted as csv and stored at a
@@ -29,18 +27,103 @@
import os
import subprocess
import sys
+from enum import Enum
from mbedtls_dev import build_tree
+class SupportedArch(Enum):
+ """Supported architecture for code size measurement."""
+ AARCH64 = 'aarch64'
+ AARCH32 = 'aarch32'
+ ARMV8_M = 'armv8-m'
+ X86_64 = 'x86_64'
+ X86 = 'x86'
+
+CONFIG_TFM_MEDIUM_MBEDCRYPTO_H = "../configs/tfm_mbedcrypto_config_profile_medium.h"
+CONFIG_TFM_MEDIUM_PSA_CRYPTO_H = "../configs/crypto_config_profile_medium.h"
+class SupportedConfig(Enum):
+ """Supported configuration for code size measurement."""
+ DEFAULT = 'default'
+ TFM_MEDIUM = 'tfm-medium'
+
+DETECT_ARCH_CMD = "cc -dM -E - < /dev/null"
+def detect_arch() -> str:
+ """Auto-detect host architecture."""
+ cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode()
+ if "__aarch64__" in cc_output:
+ return SupportedArch.AARCH64.value
+ if "__arm__" in cc_output:
+ return SupportedArch.AARCH32.value
+ if "__x86_64__" in cc_output:
+ return SupportedArch.X86_64.value
+ if "__x86__" in cc_output:
+ return SupportedArch.X86.value
+ else:
+ print("Unknown host architecture, cannot auto-detect arch.")
+ sys.exit(1)
+
+class CodeSizeInfo: # pylint: disable=too-few-public-methods
+ """Gather information used to measure code size.
+
+ It collects information about architecture, configuration in order to
+ infer build command for code size measurement.
+ """
+
+ SupportedArchConfig = [
+ "-a " + SupportedArch.AARCH64.value + " -c " + SupportedConfig.DEFAULT.value,
+ "-a " + SupportedArch.AARCH32.value + " -c " + SupportedConfig.DEFAULT.value,
+ "-a " + SupportedArch.X86_64.value + " -c " + SupportedConfig.DEFAULT.value,
+ "-a " + SupportedArch.X86.value + " -c " + SupportedConfig.DEFAULT.value,
+ "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value,
+ ]
+
+ def __init__(self, arch: str, config: str, sys_arch: str) -> None:
+ """
+ arch: architecture to measure code size on.
+ config: configuration type to measure code size with.
+ make_command: command to build library (Inferred from arch and config).
+ """
+ self.arch = arch
+ self.config = config
+ self.sys_arch = sys_arch
+ self.make_command = self.set_make_command()
+
+ def set_make_command(self) -> str:
+ """Infer build command based on architecture and configuration."""
+
+ if self.config == SupportedConfig.DEFAULT.value and \
+ self.arch == self.sys_arch:
+ return 'make -j lib CFLAGS=\'-Os \' '
+ elif self.arch == SupportedArch.ARMV8_M.value and \
+ self.config == SupportedConfig.TFM_MEDIUM.value:
+ return \
+ 'make -j lib CC=armclang \
+ CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \
+ -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \
+ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \''
+ else:
+ print("Unsupported combination of architecture: {} and configuration: {}"
+ .format(self.arch, self.config))
+ print("\nPlease use supported combination of architecture and configuration:")
+ for comb in CodeSizeInfo.SupportedArchConfig:
+ print(comb)
+ print("\nFor your system, please use:")
+ for comb in CodeSizeInfo.SupportedArchConfig:
+ if "default" in comb and self.sys_arch not in comb:
+ continue
+ print(comb)
+ sys.exit(1)
+
class CodeSizeComparison:
"""Compare code size between two Git revisions."""
- def __init__(self, old_revision, new_revision, result_dir):
+ def __init__(self, old_revision, new_revision, result_dir, code_size_info):
"""
- old_revision: revision to compare against
+ old_revision: revision to compare against.
new_revision:
- result_dir: directory for comparison result
+ result_dir: directory for comparison result.
+ code_size_info: an object containing information to build library.
"""
self.repo_path = "."
self.result_dir = os.path.abspath(result_dir)
@@ -52,7 +135,9 @@
self.old_rev = old_revision
self.new_rev = new_revision
self.git_command = "git"
- self.make_command = "make"
+ self.make_command = code_size_info.make_command
+ self.fname_suffix = "-" + code_size_info.arch + "-" +\
+ code_size_info.config
@staticmethod
def validate_revision(revision):
@@ -75,21 +160,25 @@
git_worktree_path, revision], cwd=self.repo_path,
stderr=subprocess.STDOUT
)
+
return git_worktree_path
def _build_libraries(self, git_worktree_path):
"""Build libraries in the specified worktree."""
my_environment = os.environ.copy()
- subprocess.check_output(
- [self.make_command, "-j", "lib"], env=my_environment,
- cwd=git_worktree_path, stderr=subprocess.STDOUT,
- )
+ try:
+ subprocess.check_output(
+ self.make_command, env=my_environment, shell=True,
+ cwd=git_worktree_path, stderr=subprocess.STDOUT,
+ )
+ except subprocess.CalledProcessError as e:
+ self._handle_called_process_error(e, git_worktree_path)
def _gen_code_size_csv(self, revision, git_worktree_path):
"""Generate code size csv file."""
- csv_fname = revision + ".csv"
+ csv_fname = revision + self.fname_suffix + ".csv"
if revision == "current":
print("Measuring code size in current work directory.")
else:
@@ -117,7 +206,7 @@
"""Generate code size csv file for the specified git revision."""
# Check if the corresponding record exists
- csv_fname = revision + ".csv"
+ csv_fname = revision + self.fname_suffix + ".csv"
if (revision != "current") and \
os.path.exists(os.path.join(self.csv_dir, csv_fname)):
print("Code size csv file for", revision, "already exists.")
@@ -132,16 +221,20 @@
old and new. Measured code size results of these two revisions
must be available."""
- old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r")
- new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r")
- res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev
- + "-" + self.new_rev + ".csv"), "w")
+ old_file = open(os.path.join(self.csv_dir, self.old_rev +
+ self.fname_suffix + ".csv"), "r")
+ new_file = open(os.path.join(self.csv_dir, self.new_rev +
+ self.fname_suffix + ".csv"), "r")
+ res_file = open(os.path.join(self.result_dir, "compare-" +
+ self.old_rev + "-" + self.new_rev +
+ self.fname_suffix +
+ ".csv"), "w")
res_file.write("file_name, this_size, old_size, change, change %\n")
print("Generating comparison results.")
old_ds = {}
- for line in old_file.readlines()[1:]:
+ for line in old_file.readlines():
cols = line.split(", ")
fname = cols[0]
size = int(cols[1])
@@ -149,7 +242,7 @@
old_ds[fname] = size
new_ds = {}
- for line in new_file.readlines()[1:]:
+ for line in new_file.readlines():
cols = line.split(", ")
fname = cols[0]
size = int(cols[1])
@@ -175,30 +268,50 @@
self._get_code_size_for_rev(self.new_rev)
return self.compare_code_size()
+ def _handle_called_process_error(self, e: subprocess.CalledProcessError,
+ git_worktree_path):
+ """Handle a CalledProcessError and quit the program gracefully.
+ Remove any extra worktrees so that the script may be called again."""
+
+ # Tell the user what went wrong
+ print("The following command: {} failed and exited with code {}"
+ .format(e.cmd, e.returncode))
+ print("Process output:\n {}".format(str(e.output, "utf-8")))
+
+ # Quit gracefully by removing the existing worktree
+ self._remove_worktree(git_worktree_path)
+ sys.exit(-1)
+
def main():
- parser = argparse.ArgumentParser(
- description=(
- """This script is for comparing the size of the library files
- from two different Git revisions within an Mbed TLS repository.
- The results of the comparison is formatted as csv, and stored at
- a configurable location.
- Note: must be run from Mbed TLS root."""
- )
- )
- parser.add_argument(
+ parser = argparse.ArgumentParser(description=(__doc__))
+ group_required = parser.add_argument_group(
+ 'required arguments',
+ 'required arguments to parse for running ' + os.path.basename(__file__))
+ group_required.add_argument(
+ "-o", "--old-rev", type=str, required=True,
+ help="old revision for comparison.")
+
+ group_optional = parser.add_argument_group(
+ 'optional arguments',
+ 'optional arguments to parse for running ' + os.path.basename(__file__))
+ group_optional.add_argument(
"-r", "--result-dir", type=str, default="comparison",
help="directory where comparison result is stored, \
- default is comparison",
- )
- parser.add_argument(
- "-o", "--old-rev", type=str, help="old revision for comparison.",
- required=True,
- )
- parser.add_argument(
+ default is comparison")
+ group_optional.add_argument(
"-n", "--new-rev", type=str, default=None,
help="new revision for comparison, default is the current work \
- directory, including uncommitted changes."
- )
+ directory, including uncommitted changes.")
+ group_optional.add_argument(
+ "-a", "--arch", type=str, default=detect_arch(),
+ choices=list(map(lambda s: s.value, SupportedArch)),
+ help="specify architecture for code size comparison, default is the\
+ host architecture.")
+ group_optional.add_argument(
+ "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value,
+ choices=list(map(lambda s: s.value, SupportedConfig)),
+ help="specify configuration type for code size comparison,\
+ default is the current MbedTLS configuration.")
comp_args = parser.parse_args()
if os.path.isfile(comp_args.result_dir):
@@ -214,8 +327,13 @@
else:
new_revision = "current"
+ code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config,
+ detect_arch())
+ print("Measure code size for architecture: {}, configuration: {}"
+ .format(code_size_info.arch, code_size_info.config))
result_dir = comp_args.result_dir
- size_compare = CodeSizeComparison(old_revision, new_revision, result_dir)
+ size_compare = CodeSizeComparison(old_revision, new_revision, result_dir,
+ code_size_info)
return_code = size_compare.get_comparision_results()
sys.exit(return_code)
diff --git a/scripts/config.py b/scripts/config.py
index b6eac71..8587b3b 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -2,7 +2,7 @@
"""Mbed TLS configuration file manipulation library and tool
-Basic usage, to read the Mbed TLS or Mbed Crypto configuration:
+Basic usage, to read the Mbed TLS configuration:
config = ConfigFile()
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
"""
@@ -217,6 +217,7 @@
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
'MBEDTLS_SSL_RECORD_SIZE_LIMIT', # in development, currently breaks other tests
+ 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED' # influences SECP256R1 KeyGen/ECDH/ECDSA
])
def is_seamless_alt(name):
@@ -467,7 +468,7 @@
def main():
"""Command line mbedtls_config.h manipulation tool."""
parser = argparse.ArgumentParser(description="""
- Mbed TLS and Mbed Crypto configuration file manipulation tool.
+ Mbed TLS configuration file manipulation tool.
""")
parser.add_argument('--file', '-f',
help="""File to read (and modify if requested).
diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
index 32e6bfe..3ecd74d 100644
--- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
+++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
@@ -316,6 +316,26 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+ !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256_transparent_sign_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_size,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Fell through, meaning no accelerator supports this operation */
return( psa_sign_hash_builtin( attributes,
@@ -400,6 +420,25 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDSA(alg) &&
+ !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256_transparent_verify_hash( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ hash,
+ hash_length,
+ signature,
+ signature_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
return( psa_verify_hash_builtin( attributes,
@@ -814,6 +853,20 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
break;
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
+ attributes->core.bits == 256 )
+ {
+ status = p256_transparent_generate_key( attributes,
+ key_buffer,
+ key_buffer_size,
+ key_buffer_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED )
+ break;
+ }
+
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
}
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
@@ -2752,6 +2805,25 @@
if( status != PSA_ERROR_NOT_SUPPORTED )
return( status );
#endif /* PSA_CRYPTO_DRIVER_TEST */
+#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)
+ if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
+ PSA_ALG_IS_ECDH(alg) &&
+ PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
+ attributes->core.bits == 256 )
+ {
+ status = p256_transparent_key_agreement( attributes,
+ key_buffer,
+ key_buffer_size,
+ alg,
+ peer_key,
+ peer_key_length,
+ shared_secret,
+ shared_secret_size,
+ shared_secret_length );
+ if( status != PSA_ERROR_NOT_SUPPORTED)
+ return( status );
+ }
+#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
/* Software Fallback */
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 878cfba..664a349 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -49,7 +49,7 @@
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5
NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
- SHA1 SHA256 SHA512 THREADING );
+ SHA1 SHA256 SHA512 SHA3 THREADING );
my @high_level_modules = qw( CIPHER DHM ECP MD
PEM PK PKCS12 PKCS5
RSA SSL X509 PKCS7 );
diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py
index d8ef4a8..51b25a3 100644
--- a/scripts/mbedtls_dev/bignum_common.py
+++ b/scripts/mbedtls_dev/bignum_common.py
@@ -80,6 +80,23 @@
""" Retrun the hex digits need for a number of limbs. """
return 2 * (limbs * bits_in_limb // 8)
+def hex_digits_max_int(val: str, bits_in_limb: int) -> int:
+ """ Return the first number exceeding maximum the limb space
+ required to store the input hex-string value. This method
+ weights on the input str_len rather than numerical value
+ and works with zero-padded inputs"""
+ n = ((1 << (len(val) * 4)) - 1)
+ l = limbs_mpi(n, bits_in_limb)
+ return bound_mpi_limbs(l, bits_in_limb)
+
+def zfill_match(reference: str, target: str) -> str:
+ """ Zero pad target hex-string to match the limb size of
+ the reference input """
+ lt = len(target)
+ lr = len(reference)
+ target_len = lr if lt < lr else lt
+ return "{:x}".format(int(target, 16)).zfill(target_len)
+
class OperationCommon(test_data_generation.BaseTest):
"""Common features for bignum binary operations.
diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py
index 5801cae..ff3fd23 100644
--- a/scripts/mbedtls_dev/bignum_core.py
+++ b/scripts/mbedtls_dev/bignum_core.py
@@ -68,6 +68,68 @@
for count in counts:
yield cls(input_hex, descr, count).create_test_case()
+
+class BignumCoreShiftL(BignumCoreTarget, bignum_common.ModOperationCommon):
+ """Test cases for mbedtls_bignum_core_shift_l()."""
+
+ BIT_SHIFT_VALUES = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a',
+ '1f', '20', '21', '3f', '40', '41', '47', '48', '4f',
+ '50', '51', '58', '80', '81', '88']
+ DATA = ["0", "1", "40", "dee5ca1a7ef10a75", "a1055eb0bb1efa1150ff",
+ "002e7ab0070ad57001", "020100000000000000001011121314151617",
+ "1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a222"
+ "7a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe"
+ "9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a51"
+ "1698b5dad0416305db7fcf"]
+ arity = 1
+ test_function = "mpi_core_shift_l"
+ test_name = "Core shift(L)"
+ input_style = "arch_split"
+ symbol = "<<"
+ input_values = BIT_SHIFT_VALUES
+ moduli = DATA
+
+ @property
+ def val_n_max_limbs(self) -> int:
+ """ Return the limb count required to store the maximum number that can
+ fit in a the number of digits used by val_n """
+ m = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) - 1
+ return bignum_common.limbs_mpi(m, self.bits_in_limb)
+
+ def arguments(self) -> List[str]:
+ return [bignum_common.quote_str(self.val_n),
+ str(self.int_a)
+ ] + self.result()
+
+ def description(self) -> str:
+ """ Format the output as:
+ #{count} {hex input} ({input bits} {limbs capacity}) << {bit shift} """
+ bits = "({} bits in {} limbs)".format(self.int_n.bit_length(), self.val_n_max_limbs)
+ return "{} #{} {} {} {} {}".format(self.test_name,
+ self.count,
+ self.val_n,
+ bits,
+ self.symbol,
+ self.int_a)
+
+ def format_result(self, res: int) -> str:
+ # Override to match zero-pading for leading digits between the output and input.
+ res_str = bignum_common.zfill_match(self.val_n, "{:x}".format(res))
+ return bignum_common.quote_str(res_str)
+
+ def result(self) -> List[str]:
+ result = (self.int_n << self.int_a)
+ # Calculate if there is space for shifting to the left(leading zero limbs)
+ mx = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb)
+ # If there are empty limbs ahead, adjust the bitmask accordingly
+ result = result & (mx - 1)
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+
class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest):
"""Test cases for mbedtls_mpi_core_ct_uint_table_lookup()."""
test_function = "mpi_core_ct_uint_table_lookup"
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
index b7b66e4..02db438 100644
--- a/scripts/mbedtls_dev/ecp.py
+++ b/scripts/mbedtls_dev/ecp.py
@@ -97,7 +97,7 @@
def is_valid(self) -> bool:
return True
- def arguments(self):
+ def arguments(self)-> List[str]:
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP192R1"] + args
@@ -174,7 +174,7 @@
def is_valid(self) -> bool:
return True
- def arguments(self):
+ def arguments(self)-> List[str]:
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP224R1"] + args
@@ -258,7 +258,7 @@
def is_valid(self) -> bool:
return True
- def arguments(self):
+ def arguments(self)-> List[str]:
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP256R1"] + args
@@ -380,7 +380,7 @@
def is_valid(self) -> bool:
return True
- def arguments(self):
+ def arguments(self)-> List[str]:
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP384R1"] + args
@@ -485,7 +485,7 @@
def is_valid(self) -> bool:
return True
- def arguments(self):
+ def arguments(self)-> List[str]:
args = super().arguments()
return ["MBEDTLS_ECP_DP_SECP521R1"] + args
@@ -494,8 +494,8 @@
EcpTarget):
"""Test cases for ECP P192K1 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p192k1"
- test_name = "ecp_mod_p192k1"
+ test_function = "ecp_mod_p_generic_raw"
+ test_name = "ecp_mod_p192k1_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"]
@@ -518,6 +518,10 @@
("fffffffffffffffffffffffffffffffffffffffdffffdc6c"
"0000000000000000000000000000000100002394013c7364"),
+ # Test case for overflow during addition
+ ("00000007ffff71b809e27dd832cfd5e04d9d2dbb9f8da217"
+ "0000000000000000000000000000000000000000520834f0"),
+
# First 8 number generated by random.getrandbits(384) - seed(2,2)
("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
"177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
@@ -553,13 +557,17 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP192K1"] + args
+
class EcpP224K1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P224 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p224k1"
- test_name = "ecp_mod_p224k1"
+ test_function = "ecp_mod_p_generic_raw"
+ test_name = "ecp_mod_p224k1_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
@@ -578,10 +586,14 @@
# 2^224 - 1
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- # Maximum canonical P224 multiplication result
+ # Maximum canonical P224K1 multiplication result
("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8"
"00000000000000000000000000000000000000010000352802c26590"),
+ # Test case for overflow during addition
+ ("0000007ffff2b68161180fd8cd92e1a109be158a19a99b1809db8032"
+ "0000000000000000000000000000000000000000000000000bf04f49"),
+
# First 8 number generated by random.getrandbits(448) - seed(2,2)
("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337"
"15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
@@ -618,13 +630,17 @@
def is_valid(self) -> bool:
return True
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP224K1"] + args
+
class EcpP256K1Raw(bignum_common.ModOperationCommon,
EcpTarget):
"""Test cases for ECP P256 fast reduction."""
symbol = "-"
- test_function = "ecp_mod_p256k1"
- test_name = "ecp_mod_p256k1"
+ test_function = "ecp_mod_p_generic_raw"
+ test_name = "ecp_mod_p256k1_raw"
input_style = "fixed"
arity = 1
dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"]
@@ -643,9 +659,17 @@
# 2^256 - 1
"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- # Maximum canonical P256 multiplication result
- ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c0"
- "00000000000000000000000000000000000000000000001000007a4000e9844"),
+ # Maximum canonical P256K1 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c"
+ "000000000000000000000000000000000000000000000001000007a4000e9844"),
+
+ # Test case for overflow during addition
+ ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
+ "00000000000000000000000000000000000000000000000000000000585674fd"),
+
+ # Test case for overflow during addition
+ ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
+ "00000000000000000000000000000000000000000000000000000000585674fd"),
# First 8 number generated by random.getrandbits(512) - seed(2,2)
("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
@@ -672,8 +696,169 @@
@property
def arg_a(self) -> str:
- hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb)
- return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+ def arguments(self):
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_SECP256K1"] + args
+
+
+class EcpP255Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP 25519 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p_generic_raw"
+ test_name = "mbedtls_ecp_mod_p255_raw"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"]
+
+ moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffed")] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),
+
+ # Modulus + 1
+ ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"),
+
+ # 2^255 - 1
+ ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
+
+ # Maximum canonical P255 multiplication result
+ ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"
+ "0000000000000000000000000000000000000000000000000000000000000190"),
+
+ # First 8 number generated by random.getrandbits(510) - seed(2,2)
+ ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
+ "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
+ ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"
+ "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"),
+ ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626"
+ "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"),
+ ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"
+ "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
+ ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"
+ "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"),
+ ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0"
+ "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"),
+ ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9"
+ "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
+ ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"
+ "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
+
+ # Next 2 number generated by random.getrandbits(255)
+ ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"),
+ ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"),
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return True
+
+ def arguments(self)-> List[str]:
+ args = super().arguments()
+ return ["MBEDTLS_ECP_DP_CURVE25519"] + args
+
+
+class EcpP448Raw(bignum_common.ModOperationCommon,
+ EcpTarget):
+ """Test cases for ECP P448 fast reduction."""
+ symbol = "-"
+ test_function = "ecp_mod_p448"
+ test_name = "ecp_mod_p448"
+ input_style = "fixed"
+ arity = 1
+ dependencies = ["MBEDTLS_ECP_DP_CURVE448_ENABLED"]
+
+ moduli = [("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff")] # type: List[str]
+
+ input_values = [
+ "0", "1",
+
+ # Modulus - 1
+ ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"),
+
+ # Modulus + 1
+ ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "00000000000000000000000000000000000000000000000000000000"),
+
+ # 2^448 - 1
+ ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
+
+ # Maximum canonical P448 multiplication result
+ ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffd"
+ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffd"
+ "00000000000000000000000000000000000000000000000000000004"
+ "00000000000000000000000000000000000000000000000000000004"),
+
+ # First 8 number generated by random.getrandbits(896) - seed(2,2)
+ ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
+ "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"
+ "a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
+ "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
+ ("4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48"
+ "e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460"
+ "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"
+ "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
+ ("bc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da7"
+ "0569c018eb2b5693babb7fbb0a76c196067cfdcb11457d9cf45e2fa0"
+ "1d7f4275153924800600571fac3a5b263fdf57cd2c0064975c374746"
+ "5cc36c270e8a35b10828d569c268a20eb78ac332e5e138e26c4454b9"),
+ ("8d2f527e72daf0a54ef25c0707e338687d1f71575653a45c49390aa5"
+ "1cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71581d8e83"
+ "0112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec"
+ "0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981ae"),
+ ("84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da"
+ "1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd"
+ "f572df00790813e32748dd1db4917fc09f20dbb0dcc93f0e66dfe717"
+ "c17313394391b6e2e6eacb0f0bb7be72bd6d25009aeb7fa0c4169b14"),
+ ("2bb3b36f29421c4021b7379f0897246a40c270b00e893302aba9e7b8"
+ "23fc5ad2f58105748ed5d1b7b310b730049dd332a73fa0b26b75196c"
+ "f87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb8394"
+ "24d201e653f53d6883ca1c107ca6e706649889c0c7f3860895bfa813"),
+ ("af3f5d7841b1256d5c1dc12fb5a1ae519fb8883accda6559caa538a0"
+ "9fc9370d3a6b86a7975b54a31497024640332b0612d4050771d7b14e"
+ "b6c004cc3b8367dc3f2bb31efe9934ad0809eae3ef232a32b5459d83"
+ "fbc46f1aea990e94821d46063b4dbf2ca294523d74115c86188b1044"),
+ ("7430051376e31f5aab63ad02854efa600641b4fa37a47ce41aeffafc"
+ "3b45402ac02659fe2e87d4150511baeb198ababb1a16daff3da95cd2"
+ "167b75dfb948f82a8317cba01c75f67e290535d868a24b7f627f2855"
+ "09167d4126af8090013c3273c02c6b9586b4625b475b51096c4ad652"),
+
+ # Next 2 number generated by random.getrandbits(448)
+ ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
+ "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
+ ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
+ "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
+
+ ]
+
+ @property
+ def arg_a(self) -> str:
+ return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
def result(self) -> List[str]:
result = self.int_a % self.int_n
diff --git a/tests/.gitignore b/tests/.gitignore
index 40ad061..6db65d1 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -17,9 +17,6 @@
include/alt-extra/psa/crypto_struct_alt.h
include/test/instrument_record_status.h
-src/*.o
-src/test_helpers/*.o
-src/drivers/*.o
src/libmbed*
libtestdriver1/*
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 47370b4..0c2fa141 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -41,6 +41,10 @@
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
+$(test_ca_key_file_rsa):
+ $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
+all_final += $(test_ca_key_file_rsa)
+
test-ca.req.sha256: $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
all_intermediate += test-ca.req.sha256
@@ -167,7 +171,30 @@
test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
-all_final += test-ca.crt
+all_final += test-ca2.crt
+
+test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
+ issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
+ not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@
+all_intermediate += test-ca2-future.crt
+
+test_ca_ec_cat := # files that concatenate different crt
+test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt
+test_ca_ec_cat += test-ca2_cat-future-invalid.crt
+test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt
+test_ca_ec_cat += test-ca2_cat-future-present.crt
+test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt
+test_ca_ec_cat += test-ca2_cat-present-future.crt
+test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt
+test_ca_ec_cat += test-ca2_cat-present-past.crt
+test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt
+test_ca_ec_cat += test-ca2_cat-past-invalid.crt
+test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt
+test_ca_ec_cat += test-ca2_cat-past-present.crt
+$(test_ca_ec_cat):
+ cat $^ > $@
+all_final += $(test_ca_ec_cat)
test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
@@ -225,10 +252,37 @@
test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
$(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
-all_intermediate += test-int-ca.csr
+
+test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \
+ -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@
+
+test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \
+ -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@
+
+all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr
+
+test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \
+ -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
+
+test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \
+ -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \
+ -passin "pass:$(test_ca_pwd_rsa)" -out $@
+
+# Note: This requests openssl version >= 3.x.xx
+test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \
+ -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \
+ -sha256 -in test-int-ca3.csr -out $@
+
test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
-all_final += test-int-ca-exp.crt
+
+all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt
enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
$(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
@@ -267,23 +321,74 @@
all_final += cli-rsa.key.der
test_ca_int_rsa1 = test-int-ca.crt
+test_ca_int_ec = test-int-ca2.crt
+test_ca_int_key_file_ec = test-int-ca2.key
+
+# server7*
server7.csr: server7.key
$(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server7.csr
+
+server7.crt: server7.csr $(test_ca_int_rsa1)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \
+ -set_serial 16 -days 3653 -sha256 -in server7.csr > $@
+all_final += server7.crt
+
server7-expired.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-expired.crt
+
server7-future.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-future.crt
+
server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
all_final += server7-badsign.crt
+
+server7_int-ca.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) > $@
+all_final += server7_int-ca.crt
+
+server7_pem_space.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@
+all_final += server7_pem_space.crt
+
+server7_all_space.crt: server7.crt $(test_ca_int_rsa1)
+ { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@
+all_final += server7_all_space.crt
+
+server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@
+all_final += server7_trailing_space.crt
+
+server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec)
+ cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@
+all_final += server7_int-ca_ca2.crt
+
server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
cat server7.crt test-int-ca-exp.crt > $@
all_final += server7_int-ca-exp.crt
+server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@
+all_final += server7_spurious_int-ca.crt
+
+# server8*
+
+server8.crt: server8.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \
+ issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 output_file=$@
+all_final += server8.crt
+
+server8_int-ca2.crt: server8.crt $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server8_int-ca2.crt
+
cli2.req.sha256: cli2.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
@@ -335,8 +440,12 @@
server5-fan.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
-server5-tricky-ip-san.crt: server5.key
- $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
+server5-tricky-ip-san.crt.der: server5.key
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@
+
+# malformed IP length
+server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@
server5-directoryname.crt.der: server5.key
$(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@
@@ -344,6 +453,30 @@
server5-two-directorynames.crt.der: server5.key
$(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@
+server5-der0.crt: server5.crt.der
+ cp $< $@
+server5-der1a.crt: server5.crt.der
+ cp $< $@
+ echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der1b.crt: server5.crt.der
+ cp $< $@
+ echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der2.crt: server5.crt.der
+ cp $< $@
+ echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der4.crt: server5.crt.der
+ cp $< $@
+ echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der8.crt: server5.crt.der
+ cp $< $@
+ echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der9.crt: server5.crt.der
+ cp $< $@
+ echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \
+ server5-der9.crt server5-der1a.crt server5-der2.crt \
+ server5-der8.crt
+
# directoryname sequence tag malformed
server5-directoryname-seq-malformed.crt.der: server5-two-directorynames.crt.der
hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@
@@ -360,18 +493,37 @@
rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key
$(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
+test-int-ca3-badsign.crt: test-int-ca3.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += test-int-ca3-badsign.crt
+
+# server10*
+
+server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \
+ issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \
+ subject_identifier=0 authority_identifier=0 \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 output_file=$@
+all_final += server10.crt
server10-badsign.crt: server10.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server10-badsign.crt
server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
cat server10-badsign.crt test-int-ca3.crt > $@
all_final += server10-bs_int3.pem
-test-int-ca3-badsign.crt: test-int-ca3.crt
- { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
-all_final += test-int-ca3-badsign.crt
server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
cat server10.crt test-int-ca3-badsign.crt > $@
all_final += server10_int3-bs.pem
+server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server10_int3_int-ca2.crt
+server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt)
+ cat $^ > $@
+all_final += server10_int3_int-ca2_ca.crt
+server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server10_int3_spurious_int-ca2.crt
rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
@@ -389,6 +541,61 @@
$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
all_final += rsa_pkcs8_2048_public.der
+# Generate crl_cat_*.pem
+# - crt_cat_*.pem: (1+2) concatenations in various orders:
+# ec = crl-ec-sha256.pem, ecfut = crl-future.pem
+# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
+
+crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem
+ cat $^ > $@
+
+crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem
+ cat $^ > $@
+
+all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem
+
+authorityKeyId_subjectKeyId.crt.der:
+ $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req' -set_serial 593828494303792449134898749208168108403991951034
+
+authorityKeyId_no_keyid.crt.der:
+ $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_keyid' -set_serial 593828494303792449134898749208168108403991951034
+
+authorityKeyId_no_issuer.crt.der:
+ $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_authorityKeyId_no_issuer'
+
+authorityKeyId_no_authorityKeyId.crt.der:
+ $(OPENSSL) req -x509 -nodes -days 7300 -key server2.key -outform DER -out $@ -config authorityKeyId_subjectKeyId.conf -extensions 'v3_req_no_authorityKeyId'
+
+authorityKeyId_subjectKeyId_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0114A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/0414A505E864B8DCDF600F50124D60A864AF4D8B4393/0413A505E864B8DCDF600F50124D60A864AF4D8B4393/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_length_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306C8014A505E864B8DC/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/6F306D8014A505E864B8/6F006D8014A505E864B8/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D0014A505E864B8DC/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/306D8014A505E864B8DC/306D80FFA505E864B8DC/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/A13FA43D303B310B3009/003FA43D303B310B3009/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/A43D303B310B30090603/003D303B310B30090603/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8114680430CD074DE63F/" | xxd -r -p > $@
+
+authorityKeyId_subjectKeyId_sn_len_malformed.crt.der: authorityKeyId_subjectKeyId.crt.der
+ hexdump -ve '1/1 "%.2X"' $< | sed "s/8214680430CD074DE63F/8213680430CD074DE63F/" | xxd -r -p > $@
+
################################################################
#### Generate various RSA keys
################################################################
@@ -935,6 +1142,10 @@
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
+ec_pub.pem: ec_prv.sec1.der
+ $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@
+all_final += ec_pub.pem
+
ec_prv.sec1.comp.pem: ec_prv.sec1.pem
$(OPENSSL) ec -in $< -out $@ -conv_form compressed
all_final += ec_prv.sec1.comp.pem
@@ -999,6 +1210,38 @@
$(OPENSSL) ec -pubin -in $< -out $@ -conv_form compressed
all_final += ec_bp512_pub.comp.pem
+ec_x25519_prv.der:
+ $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER
+all_final += ec_x25519_prv.der
+
+ec_x25519_pub.der: ec_x25519_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout
+all_final += ec_x25519_pub.der
+
+ec_x25519_prv.pem: ec_x25519_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_x25519_prv.pem
+
+ec_x25519_pub.pem: ec_x25519_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout
+all_final += ec_x25519_pub.pem
+
+ec_x448_prv.der:
+ $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER
+all_final += ec_x448_prv.der
+
+ec_x448_pub.der: ec_x448_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout
+all_final += ec_x448_pub.der
+
+ec_x448_prv.pem: ec_x448_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@
+all_final += ec_x448_prv.pem
+
+ec_x448_pub.pem: ec_x448_prv.der
+ $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout
+all_final += ec_x448_pub.pem
+
################################################################
#### Convert PEM keys to DER format
################################################################
@@ -1133,11 +1376,39 @@
# server5*
+server5.csr: server5.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+all_intermediate += server5.csr
+server5.crt: server5-sha256.crt
+ cp $< $@
+all_intermediate += server5-sha256.crt
+server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext
+ $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \
+ -sha$(@:server5-sha%.crt=%) -in $< -out $@
+all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt
+
+server5-badsign.crt: server5.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server5-badsign.crt
+
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1: server5.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
all_final += server5.req.ku.sha1
+# server6*
+
+server6.csr: server6.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+all_intermediate += server6.csr
+server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
+ $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
+all_final += server6.crt
+
################################################################
### Generate certificates for CRT write check tests
################################################################
@@ -1158,6 +1429,8 @@
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com
server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial
$(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
@@ -1284,6 +1557,24 @@
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
+# server3*
+
+server3.crt: server3.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA1 version=3 output_file=$@
+all_final += server3.crt
+
+# server4*
+
+server4.crt: server4.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \
+ issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \
+ not_before=20190210144400 not_after=20290210144400 \
+ md=SHA256 version=3 output_file=$@
+all_final += server4.crt
+
# MD5 test certificate
cert_md_test_key = $(cli_crt_key_file_rsa)
@@ -1354,17 +1645,17 @@
# Generate signing cert
pkcs7-rsa-sha256-1.crt:
- $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt
+ $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt
cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem
all_final += pkcs7-rsa-sha256-1.crt
pkcs7-rsa-sha256-2.crt:
- $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt
+ $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt
cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem
all_final += pkcs7-rsa-sha256-2.crt
pkcs7-rsa-sha256-3.crt:
- $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt
+ $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt
cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem
all_final += pkcs7-rsa-sha256-3.crt
@@ -1479,17 +1770,17 @@
pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der
cp pkcs7_data_3_signed.der $@
echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc
-all_final += pkcs7_data_signed_badsigner2_badsize
+all_final += pkcs7_data_signed_badsigner2_badsize.der
pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der
cp pkcs7_data_3_signed.der $@
echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc
-all_final += pkcs7_data_signed_badsigner2_badtag
+all_final += pkcs7_data_signed_badsigner2_badtag.der
pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der
cp pkcs7_data_3_signed.der $@
echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc
-all_final += pkcs7_data_signed_badsigner2_fuzzbad
+all_final += pkcs7_data_signed_badsigner2_fuzzbad.der
# pkcs7 file with version 2
pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der
@@ -1562,3 +1853,5 @@
neat: clean
rm -f $(all_final)
.PHONY: clean neat
+
+.SECONDARY: $(all_intermediate)
diff --git a/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der b/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der
new file mode 100644
index 0000000..452d9d1
--- /dev/null
+++ b/tests/data_files/authorityKeyId_no_authorityKeyId.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_no_issuer.crt.der b/tests/data_files/authorityKeyId_no_issuer.crt.der
new file mode 100644
index 0000000..175ee3f
--- /dev/null
+++ b/tests/data_files/authorityKeyId_no_issuer.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_no_keyid.crt.der b/tests/data_files/authorityKeyId_no_keyid.crt.der
new file mode 100644
index 0000000..4ac5f00
--- /dev/null
+++ b/tests/data_files/authorityKeyId_no_keyid.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId.conf b/tests/data_files/authorityKeyId_subjectKeyId.conf
new file mode 100644
index 0000000..296fac8
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId.conf
@@ -0,0 +1,19 @@
+[req]
+distinguished_name = req_distinguished_name
+x509_extensions = v3_req
+prompt = no
+[req_distinguished_name]
+countryName = NL
+organizationalUnitName = PolarSSL
+commonName = PolarSSL Test CA
+[v3_req]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+[v3_req_authorityKeyId_no_keyid]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = issuer:always
+[v3_req_authorityKeyId_no_issuer]
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always
+[v3_req_no_authorityKeyId]
+subjectKeyIdentifier = hash
diff --git a/tests/data_files/authorityKeyId_subjectKeyId.crt.der b/tests/data_files/authorityKeyId_subjectKeyId.crt.der
new file mode 100644
index 0000000..a6ca469
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der
new file mode 100644
index 0000000..0e3f578
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der
new file mode 100644
index 0000000..1c8519b
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der
new file mode 100644
index 0000000..469493e
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der
new file mode 100644
index 0000000..3e36086
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der
new file mode 100644
index 0000000..55d5dd0
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der
new file mode 100644
index 0000000..45ac8f4
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der
new file mode 100644
index 0000000..009fcf2
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der
new file mode 100644
index 0000000..93fb1e3
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der
new file mode 100644
index 0000000..89e1f4b
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der b/tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der
new file mode 100644
index 0000000..53063f8
--- /dev/null
+++ b/tests/data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der
Binary files differ
diff --git a/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der b/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der
new file mode 100644
index 0000000..64a4900
--- /dev/null
+++ b/tests/data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der
Binary files differ
diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem
index 8358640..f82d946 100644
--- a/tests/data_files/crl-ec-sha1.pem
+++ b/tests/data_files/crl-ec-sha1.pem
@@ -1,10 +1,10 @@
-----BEGIN X509 CRL-----
-MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
-b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
-MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
+MIIBbjCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQ
+b2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMjMwNTE3MDcx
+NDM5WhcNMzMwNTE3MDcxNDM5WjAUMBICAQoXDTIzMDUxNzA3MTQzOVqgcjBwMG4G
A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
-Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
-svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
-56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
+TDERMA8GA1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMg
+Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gAMGUCMQCRAtXd7kXgijlMXHXr6m0B
+IzDbpAAwDwCJtgOzarF5hZKGDZeDp6vptGZK0y40NsoCMACxRrXIV+6KUBipFarI
+36yXDoBNol2xzst6p9fOg+prl6p7vO1sRYrIGg1WJGA5wQ==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem
index adfd5f8..b9fad50 100644
--- a/tests/data_files/crl-ec-sha256.pem
+++ b/tests/data_files/crl-ec-sha256.pem
@@ -1,10 +1,10 @@
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem
index df7417e..5a1bdd3 100644
--- a/tests/data_files/crl.pem
+++ b/tests/data_files/crl.pem
@@ -1,11 +1,11 @@
-----BEGIN X509 CRL-----
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
-UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0
-NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx
-MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg
-I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt
-4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b
-WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP
-Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs
-oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w=
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem
index 3cda8ff..cafa1d4 100644
--- a/tests/data_files/crl_cat_ec-rsa.pem
+++ b/tests/data_files/crl_cat_ec-rsa.pem
@@ -1,21 +1,21 @@
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem
index ded369d..92ecccc 100644
--- a/tests/data_files/crl_cat_rsa-ec.pem
+++ b/tests/data_files/crl_cat_rsa-ec.pem
@@ -1,21 +1,21 @@
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
diff --git a/tests/data_files/ec_pub.comp.pem b/tests/data_files/ec_pub.comp.pem
index a3742a3..55fac08 100644
--- a/tests/data_files/ec_pub.comp.pem
+++ b/tests/data_files/ec_pub.comp.pem
@@ -1,4 +1,4 @@
-----BEGIN PUBLIC KEY-----
-MDEwEwYHKoZIzj0CAQYIKoZIzj0DAQEDGgACvHl9s65/COw9SWtPtBGz9iClWKUB
-4CIt
+MDEwEwYHKoZIzj0CAQYIKoZIzj0DAQEDGgADUXW83zCjcPOdU5PmEnKI2AFntfS0
+t3bG
-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_pub.der b/tests/data_files/ec_pub.der
index 74c5951..e4e5915 100644
--- a/tests/data_files/ec_pub.der
+++ b/tests/data_files/ec_pub.der
Binary files differ
diff --git a/tests/data_files/ec_pub.pem b/tests/data_files/ec_pub.pem
index d677d27..d54dc94 100644
--- a/tests/data_files/ec_pub.pem
+++ b/tests/data_files/ec_pub.pem
@@ -1,4 +1,4 @@
-----BEGIN PUBLIC KEY-----
-MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEvHl9s65/COw9SWtPtBGz9iClWKUB
-4CItCM/g3Irsixp78kvpKVHMW6G+uyR0kJrg
+MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEUXW83zCjcPOdU5PmEnKI2AFntfS0
+t3bGdPfG81S30iQGLB9oVLWnrw/leOryWPAn
-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_x25519_prv.der b/tests/data_files/ec_x25519_prv.der
new file mode 100644
index 0000000..ea23733
--- /dev/null
+++ b/tests/data_files/ec_x25519_prv.der
Binary files differ
diff --git a/tests/data_files/ec_x25519_prv.pem b/tests/data_files/ec_x25519_prv.pem
new file mode 100644
index 0000000..0072240
--- /dev/null
+++ b/tests/data_files/ec_x25519_prv.pem
@@ -0,0 +1,3 @@
+-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VuBCIEILBtgpZVVDpRy6NuU1IrwKz9YK9ZRmVV+z4eeWhyqxpZ
+-----END PRIVATE KEY-----
diff --git a/tests/data_files/ec_x25519_pub.der b/tests/data_files/ec_x25519_pub.der
new file mode 100644
index 0000000..922cb76
--- /dev/null
+++ b/tests/data_files/ec_x25519_pub.der
Binary files differ
diff --git a/tests/data_files/ec_x25519_pub.pem b/tests/data_files/ec_x25519_pub.pem
new file mode 100644
index 0000000..2a36b5b
--- /dev/null
+++ b/tests/data_files/ec_x25519_pub.pem
@@ -0,0 +1,3 @@
+-----BEGIN PUBLIC KEY-----
+MCowBQYDK2VuAyEAm8Ow6T2CM/5qi6YTiUjMEqkTYtXC7YFYTbBatUGcnRE=
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/ec_x448_prv.der b/tests/data_files/ec_x448_prv.der
new file mode 100644
index 0000000..f6d52f7
--- /dev/null
+++ b/tests/data_files/ec_x448_prv.der
Binary files differ
diff --git a/tests/data_files/ec_x448_prv.pem b/tests/data_files/ec_x448_prv.pem
new file mode 100644
index 0000000..7bca661
--- /dev/null
+++ b/tests/data_files/ec_x448_prv.pem
@@ -0,0 +1,4 @@
+-----BEGIN PRIVATE KEY-----
+MEYCAQAwBQYDK2VvBDoEOGTpCDYD9atLDMYwDnjdwUTkjO4ZMB/uacXKw+4iUiED
+oe50tXsIxi5REqWe2YOoL7eD7npOGRPt
+-----END PRIVATE KEY-----
diff --git a/tests/data_files/ec_x448_pub.der b/tests/data_files/ec_x448_pub.der
new file mode 100644
index 0000000..7c44c91
--- /dev/null
+++ b/tests/data_files/ec_x448_pub.der
Binary files differ
diff --git a/tests/data_files/ec_x448_pub.pem b/tests/data_files/ec_x448_pub.pem
new file mode 100644
index 0000000..306e10c
--- /dev/null
+++ b/tests/data_files/ec_x448_pub.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MEIwBQYDK2VvAzkAlrVhn5KDNBt3nL38B9mqGKqrPwnah3ynJgaWQ5IcLzv6zZT+
+TIjhGQ1NFGWwgtOV8UqU2tO4pYQ=
+-----END PUBLIC KEY-----
diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/parse_input/bitstring-in-dn.pem
similarity index 100%
rename from tests/data_files/bitstring-in-dn.pem
rename to tests/data_files/parse_input/bitstring-in-dn.pem
diff --git a/tests/data_files/parse_input/cert_example_multi.crt b/tests/data_files/parse_input/cert_example_multi.crt
new file mode 100644
index 0000000..0e3295d
--- /dev/null
+++ b/tests/data_files/parse_input/cert_example_multi.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICojCCAYqgAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNzEwMTEyNzUyWhcNMjkwNzEwMTEyNzUyWjA6MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6W
+ElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/
+hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi
+/33r/C0CAwEAAaM2MDQwMgYDVR0RBCswKYILZXhhbXBsZS5jb22CC2V4YW1wbGUu
+bmV0gg0qLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCJbFizurHz804x
+6NbsvsPPgLcESq0OcGOEXOCOe8seZqomhSYTXtHBzrFtRp2/gmtORq2oapoDDiq+
+I+xRLJYsUBut2NdkZmEIRSW4n4sXJwqb0fXTTkd7EAXBvGNWbERab5Sbf84oqd4t
+yjjz2u+Hvx8hZCHJG2V9qg3zaw5zJT1AfAsMbjXqi8CfU7U+Fcor+O3GeuUVgpJC
+QCXb2Qjj3ZmrCvGZA9x59XtnEN6m2O4pWkmqR/Z7MlQrZzQ80vcQMk9+qoKIr2EJ
+RcJhAtE+dLV19IlccwsDlGx5kT5N5zSYLK9nARV1/AjK48bUxGH353A1Y2MCfy0E
+dXDReJa1
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_example_multi_nocn.crt b/tests/data_files/parse_input/cert_example_multi_nocn.crt
new file mode 100644
index 0000000..1634846
--- /dev/null
+++ b/tests/data_files/parse_input/cert_example_multi_nocn.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE
+BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt
+WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz
+UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ
+81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3
+dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB
+ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB
+bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm
+EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_md5.crt b/tests/data_files/parse_input/cert_md5.crt
new file mode 100644
index 0000000..e514fd6
--- /dev/null
+++ b/tests/data_files/parse_input/cert_md5.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
+AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4
+imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/
+QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV
+90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF
+737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98
+6qG8UAYsSI7aMe1j7DZpkoPL9w==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha1.crt b/tests/data_files/parse_input/cert_sha1.crt
new file mode 100644
index 0000000..1e23585
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha1.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGzAZBgNVBAMMElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAFAHuWfjOp+GaM5dP3NBaUayXmjbrsY5fo/ysfOVV9xipzbPWvE2Bu679iU1
+Eg+5hME9VlMmQejGzG09ReXE+30gyhtO3vWA8U21YrsL3ybvS6EREHGKk238bIBh
+yDP/b0VuoNsS3xRn9WyH3TRu5re0vK68OSkLIWPd01fgvcfl6YyUY+WuuSrpYcDv
+nrgKvFZws/EE4RNldtRC1Blwy497AtmWBQWs65zj5JkNdNnm4JJqXZAArNh2GSZo
+83C/1ZSFrNo9GONsCJ0GVGEt7IK7FPqXYW7rXi30BRse33ziU7RPWGDT13bh9Rdz
+RqsoZ5h5VjtHOnMUUD99gIWinBE=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha224.crt b/tests/data_files/parse_input/cert_sha224.crt
new file mode 100644
index 0000000..c8a209d
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha224.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
+AAOCAQEATdo7p7dok8gcxS0dYGluXMOsAEALyHAgvAJSZUt0x8RxemJfpquv4XG/
+rppQmtA5aPf59Fo0z5GcS0zzYFLTQIcLHKnuuG0W6yjhx3e+5J1hjLbv///vvKGN
+jq55z+CANkragMk6XQ/t+iXkh/Fq00FS+zbf1JLaMXOLst5dfv3uPQaJHwzX/EaE
+VdognXxWudNQgIvemindk9TTQon27zBS/z6nwcBCIXMDfesAjcHuBCfxl6pofK6E
+28qs4up/JayptG2CX98LGsEyAgegwTMSYGLJoWcHhrUcbF0fNOcXPgQKGTcZO4Tg
+yPYGbkG9FjgaASc2gTrYVPRZ6mY19g==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha256.crt b/tests/data_files/parse_input/cert_sha256.crt
new file mode 100644
index 0000000..e56d428
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha256.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
+AAOCAQEAuo8kRDdQj3+rgqbz7bS3ZfBVCqgbQfruRZncP0s3IQJ6g7k6BNfCTO+N
+tIgnCDhnhjK9DS4l1LTkQJKfcd6sfuwBxjHKWGZUqTqHWFm/O5MJwfMpxI305xXE
+evDzh8LK1W3moX5OcT4bx3QsY9I4nqXQkOzjGidxhOXYA2v+X5OhRt3IJ2dzmQQu
+BVXnDbzuchUfP5aeCwW6l7VX+RJOE2zlqO5yt0ejT02E44qtC5sBf24V9ko5LORw
+1J7Zk34QwsKrSPSGxOuoWNwH3fJpgZQImKgJIQCsksJ+A45CK6iz0km8oTiI3Hoo
+2LpE6UNx2M8jiZWVzH1L4tkg4fcCoQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha384.crt b/tests/data_files/parse_input/cert_sha384.crt
new file mode 100644
index 0000000..f8ec10b
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha384.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
+AAOCAQEAeyHm+emo4/QHqEVKj/MYPOsPrrcr5MupNE7WmoUA7SilVUlceIy8ApWR
+MUdwnh7UPkCa6K1yvayknEbHzD2Lv9BLEf5A1/a+F/LmFXiV0kXIFue13u+z7laV
+N/s/jphPVgjPwZiC1ZtOoD7WvSkIInB53j4Q3VCH6EpZxZuDO/u8CGBQ0g+9Eqhn
+W3+4GFnxUPYeN17u/opt16mEPx6WFbRl9hs5wUvND/FCDEJ/9uVNiVYlPYyHKzzq
+e3WXCHLYUKGESQX+85IrnmlwbAb33bM+sAM6naFafXTZEimeEpX3iYrHzhoU7aR7
+piojwAE+Yb3Ac+Hu1fY4CRO4ZHL6Zg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha512.crt b/tests/data_files/parse_input/cert_sha512.crt
new file mode 100644
index 0000000..b2254fa
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha512.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
+AAOCAQEABnuq7gMU6EWqcmEcj2/wiqOFUBeH9ro0tni9JZzaDAKkBMwoeJ3RP/59
+wY92UZC/SoWPm0yLK25KTwxJhd645a5ZeRk+yi1SG+oXNgZFS03F1Orat0bM5u94
+RtzLRInGzTxhlVS8HPRya2+nEaPT9YNO25vORczPDjtrI82UnysaWiKx1OCPhdP3
+ZySAkX/zE1U8Te0+948C0vmg2aTWCSk5zutryFgHH5UojmmWAkBHpX3tIm8JMRG9
+tvp6fbIDan0LmSsVK8rq5OPSwAKMso6GF4Iuxou/jP2gI+NutenX26wrffSjlPiW
+KksLNj8oL6vIUap28Oh+Gwph02biSQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der
similarity index 100%
rename from tests/data_files/cli-rsa-sha256-badalg.crt.der
rename to tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/crl-ec-sha1.pem b/tests/data_files/parse_input/crl-ec-sha1.pem
new file mode 100644
index 0000000..8358640
--- /dev/null
+++ b/tests/data_files/parse_input/crl-ec-sha1.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
+b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
+MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
+A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
+TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
+Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
+svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
+56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/parse_input/crl-ec-sha224.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha224.pem
rename to tests/data_files/parse_input/crl-ec-sha224.pem
diff --git a/tests/data_files/parse_input/crl-ec-sha256.pem b/tests/data_files/parse_input/crl-ec-sha256.pem
new file mode 100644
index 0000000..adfd5f8
--- /dev/null
+++ b/tests/data_files/parse_input/crl-ec-sha256.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/parse_input/crl-ec-sha384.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha384.pem
rename to tests/data_files/parse_input/crl-ec-sha384.pem
diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/parse_input/crl-ec-sha512.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha512.pem
rename to tests/data_files/parse_input/crl-ec-sha512.pem
diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/parse_input/crl-idp.pem
similarity index 100%
rename from tests/data_files/crl-idp.pem
rename to tests/data_files/parse_input/crl-idp.pem
diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/parse_input/crl-idpnc.pem
similarity index 100%
rename from tests/data_files/crl-idpnc.pem
rename to tests/data_files/parse_input/crl-idpnc.pem
diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem
similarity index 100%
rename from tests/data_files/crl-malformed-trailing-spaces.pem
rename to tests/data_files/parse_input/crl-malformed-trailing-spaces.pem
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha1.pem b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem
new file mode 100644
index 0000000..59ca4f7
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
+NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
+WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
+MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
+4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
+MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
+mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
+7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
+y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha224.pem b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem
new file mode 100644
index 0000000..a51d5d9
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI
+i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v
+TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e
+Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9
+NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB
+f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D
+a6JSqCIMRCQY2JOUn0A=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha256.pem b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem
new file mode 100644
index 0000000..f16a491
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4
+oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC
+FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo
+IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X
+ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB
+r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb
+XLdJyyak33CLBKu+nJc=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha384.pem b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem
new file mode 100644
index 0000000..50f7e4c
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco
+SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR
+a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1
+EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs
+y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k
+q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u
+KUH/xf1jEnNzbYNGiZw=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha512.pem b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem
new file mode 100644
index 0000000..0f1d651
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F
+ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq
+1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2
+t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU
+p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0
+sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8
+enMfMvwScA5AImzu9xA=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl_expired.pem b/tests/data_files/parse_input/crl_expired.pem
new file mode 100644
index 0000000..cf60ae4
--- /dev/null
+++ b/tests/data_files/parse_input/crl_expired.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx
+OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir
+jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct
+wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ
+SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS
+IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k
+OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_md5.pem b/tests/data_files/parse_input/crl_md5.pem
similarity index 100%
rename from tests/data_files/crl_md5.pem
rename to tests/data_files/parse_input/crl_md5.pem
diff --git a/tests/data_files/crl_sha1.pem b/tests/data_files/parse_input/crl_sha1.pem
similarity index 100%
rename from tests/data_files/crl_sha1.pem
rename to tests/data_files/parse_input/crl_sha1.pem
diff --git a/tests/data_files/crl_sha224.pem b/tests/data_files/parse_input/crl_sha224.pem
similarity index 100%
rename from tests/data_files/crl_sha224.pem
rename to tests/data_files/parse_input/crl_sha224.pem
diff --git a/tests/data_files/parse_input/crl_sha256.pem b/tests/data_files/parse_input/crl_sha256.pem
new file mode 100644
index 0000000..c3ca256
--- /dev/null
+++ b/tests/data_files/parse_input/crl_sha256.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
+N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore
+mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb
+0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi
+lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake
+EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F
+5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_sha384.pem b/tests/data_files/parse_input/crl_sha384.pem
similarity index 100%
rename from tests/data_files/crl_sha384.pem
rename to tests/data_files/parse_input/crl_sha384.pem
diff --git a/tests/data_files/crl_sha512.pem b/tests/data_files/parse_input/crl_sha512.pem
similarity index 100%
rename from tests/data_files/crl_sha512.pem
rename to tests/data_files/parse_input/crl_sha512.pem
diff --git a/tests/data_files/parse_input/keyUsage.decipherOnly.crt b/tests/data_files/parse_input/keyUsage.decipherOnly.crt
new file mode 100644
index 0000000..7c37978
--- /dev/null
+++ b/tests/data_files/parse_input/keyUsage.decipherOnly.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV
+BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t
+cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD
+VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv
+bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4
+6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1
+HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ
+CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud
+DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH
+bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL
+tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk
+fLtpo9y79XD00QY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/parse_input/multiple_san.crt
similarity index 100%
rename from tests/data_files/multiple_san.crt
rename to tests/data_files/parse_input/multiple_san.crt
diff --git a/tests/data_files/non-ascii-string-in-issuer.crt b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt
similarity index 100%
rename from tests/data_files/non-ascii-string-in-issuer.crt
rename to tests/data_files/parse_input/non-ascii-string-in-issuer.crt
diff --git a/tests/data_files/rsa_multiple_san_uri.crt.der b/tests/data_files/parse_input/rsa_multiple_san_uri.crt.der
similarity index 100%
rename from tests/data_files/rsa_multiple_san_uri.crt.der
rename to tests/data_files/parse_input/rsa_multiple_san_uri.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/rsa_single_san_uri.crt.der b/tests/data_files/parse_input/rsa_single_san_uri.crt.der
new file mode 100644
index 0000000..22308c6
--- /dev/null
+++ b/tests/data_files/parse_input/rsa_single_san_uri.crt.der
Binary files differ
diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/parse_input/server1-ms.req.sha256
similarity index 100%
rename from tests/data_files/server1-ms.req.sha256
rename to tests/data_files/parse_input/server1-ms.req.sha256
diff --git a/tests/data_files/parse_input/server1.cert_type.crt b/tests/data_files/parse_input/server1.cert_type.crt
new file mode 100644
index 0000000..34fe4f6
--- /dev/null
+++ b/tests/data_files/parse_input/server1.cert_type.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
+BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t
+TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1
+XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx
+lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH
+iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2
+DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server1.crt b/tests/data_files/parse_input/server1.crt
new file mode 100644
index 0000000..258da5e
--- /dev/null
+++ b/tests/data_files/parse_input/server1.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
+AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr
+UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw
+Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf
+gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY
+C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2
+nUaulRRpGt/ZTISw6uSIumNoNA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.crt.der b/tests/data_files/parse_input/server1.crt.der
similarity index 100%
rename from tests/data_files/server1.crt.der
rename to tests/data_files/parse_input/server1.crt.der
Binary files differ
diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/parse_input/server1.ext_ku.crt
similarity index 100%
rename from tests/data_files/server1.ext_ku.crt
rename to tests/data_files/parse_input/server1.ext_ku.crt
diff --git a/tests/data_files/parse_input/server1.key_usage.crt b/tests/data_files/parse_input/server1.key_usage.crt
new file mode 100644
index 0000000..9d70b00
--- /dev/null
+++ b/tests/data_files/parse_input/server1.key_usage.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
+DQYJKoZIhvcNAQEFBQADggEBAHM8eESmE8CQvuCw2/w1JSWKaU9cJIvrtpJXavRC
+yMEv6SQL0hxrNZBhFPM8vAiq6zBdic2HwuiZ9N/iEXuCf92SOcK4b/2/Flos0JI5
+quu4eGkwoNrOvfZUcO7SB8JHUvmJtTP+avF3QeRfHo9bHRtnyOs9GXqq+CMZiNgO
+Bw+/tAOml3tV1Uf+yjp6XroWLRNMbvY1Sor4UW6FFMpOii/vlJ4450OlpcJdRU70
+LpHfxjmPNvc9YOPWve75/+CNF9lMi29UoEUYslxMPylZ/L0vYxi+xuvQBTaLiZeP
+CJ59Mc63LEmJNSAwnnV8s2KXL/Okm32lf6sy0fjsrvAdoCc=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.req.commas.sha256 b/tests/data_files/parse_input/server1.req.commas.sha256
similarity index 100%
rename from tests/data_files/server1.req.commas.sha256
rename to tests/data_files/parse_input/server1.req.commas.sha256
diff --git a/tests/data_files/parse_input/server1.req.md5 b/tests/data_files/parse_input/server1.req.md5
new file mode 100644
index 0000000..57714ed
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.md5
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA
+A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K
+x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3
+j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6
+q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN
+lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY
+aozIzO82R3Em7aPhZBiBDy3wZC2l
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha1 b/tests/data_files/parse_input/server1.req.sha1
new file mode 100644
index 0000000..578ec7f
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha1
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY
+pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf
+XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9
+LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz
+dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7
+EDR6rim6sbIQkGzYvGqs4TNoJOR+
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha224 b/tests/data_files/parse_input/server1.req.sha224
new file mode 100644
index 0000000..a4f2af4
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha224
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA
+A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb
+U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3
+xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ
+7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG
+iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l
+A5NYVgvqHFQPmuXS92zrGzB788pV
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha256 b/tests/data_files/parse_input/server1.req.sha256
new file mode 100644
index 0000000..6d21dc5
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu
++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA
+W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3
+PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv
+vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts//
+M6c/sRw7gtjXmV0zq2tf2fL4+e2b
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha384 b/tests/data_files/parse_input/server1.req.sha384
new file mode 100644
index 0000000..b857af7
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha384
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA
+A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3
+2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF
+4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy
+cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu
+lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6
+ZI+j4uwikOgGO9gcx4IjaRP3q63F
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha512 b/tests/data_files/parse_input/server1.req.sha512
new file mode 100644
index 0000000..85d5246
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha512
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA
+A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+
+CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F
+XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1
+uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs
+Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW
+BrwaO8q8rg+C+xvMY7858Kk8kwjb
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/parse_input/server1_pathlen_int_max-1.crt
similarity index 100%
rename from tests/data_files/server1_pathlen_int_max-1.crt
rename to tests/data_files/parse_input/server1_pathlen_int_max-1.crt
diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/parse_input/server1_pathlen_int_max.crt
similarity index 100%
rename from tests/data_files/server1_pathlen_int_max.crt
rename to tests/data_files/parse_input/server1_pathlen_int_max.crt
diff --git a/tests/data_files/parse_input/server2.crt b/tests/data_files/parse_input/server2.crt
new file mode 100644
index 0000000..0745196
--- /dev/null
+++ b/tests/data_files/parse_input/server2.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4
+cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A
+O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc
+KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE
+iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp
+HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap
+Awgk0+4m0T25cNs=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server2.crt.der b/tests/data_files/parse_input/server2.crt.der
new file mode 100644
index 0000000..9cfa9ab
--- /dev/null
+++ b/tests/data_files/parse_input/server2.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/server3.crt b/tests/data_files/parse_input/server3.crt
new file mode 100644
index 0000000..ed0d696
--- /dev/null
+++ b/tests/data_files/parse_input/server3.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
+CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5
+fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ
+OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/
+pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ
+b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W
+4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm
+DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx
+CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS
+qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb
+kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu
+CAQ1sXmQ
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server4.crt b/tests/data_files/parse_input/server4.crt
new file mode 100644
index 0000000..96b1aa7
--- /dev/null
+++ b/tests/data_files/parse_input/server4.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL
+vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA
+Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl
+NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5
+bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0
+d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME
+ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA
+wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/
+O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z
+3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-directoryname-seq-malformed.crt.der b/tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der
similarity index 100%
rename from tests/data_files/server5-directoryname-seq-malformed.crt.der
rename to tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der
Binary files differ
diff --git a/tests/data_files/server5-directoryname.crt.der b/tests/data_files/parse_input/server5-directoryname.crt.der
similarity index 100%
rename from tests/data_files/server5-directoryname.crt.der
rename to tests/data_files/parse_input/server5-directoryname.crt.der
Binary files differ
diff --git a/tests/data_files/server5-fan.crt b/tests/data_files/parse_input/server5-fan.crt
similarity index 100%
rename from tests/data_files/server5-fan.crt
rename to tests/data_files/parse_input/server5-fan.crt
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/parse_input/server5-nonprintable_othername.crt
similarity index 100%
rename from tests/data_files/server5-nonprintable_othername.crt
rename to tests/data_files/parse_input/server5-nonprintable_othername.crt
diff --git a/tests/data_files/server5-othername.crt b/tests/data_files/parse_input/server5-othername.crt
similarity index 100%
rename from tests/data_files/server5-othername.crt
rename to tests/data_files/parse_input/server5-othername.crt
diff --git a/tests/data_files/server5-second-directoryname-oid-malformed.crt.der b/tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der
similarity index 100%
rename from tests/data_files/server5-second-directoryname-oid-malformed.crt.der
rename to tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/server5-sha1.crt b/tests/data_files/parse_input/server5-sha1.crt
new file mode 100644
index 0000000..73e2d17
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha1.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaSgAwIBAgIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
+MzA5MjQxNjIxMjdaFw0yMzA5MjIxNjIxMjdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDY
+IxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6OBnTCBmjAJBgNVHRMEAjAAMB0G
+A1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjBuBgNVHSMEZzBlgBSdbSAkSQE/
+K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFy
+U1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
+KoZIzj0EAQNoADBlAjEAyjvzRWtxbXvkoYTYSQY9gFBpP7/wTZ2q6FbRiAuZULFt
+lc0PMPDfVZChgA6iDH+BAjBdkOb73f2pOwZpMRqrOgqSynbt2uWY87mC5lRlNEoR
+WXEv1AzIeBCv+81DN1Iuu4w=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha224.crt b/tests/data_files/parse_input/server5-sha224.crt
new file mode 100644
index 0000000..47b1168
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha224.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAaWgAwIBAgIBEzAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMBA2kAMGYCMQCj0EyFUzDRmfokWzLVEWN0epR4/sZytfIeozp6BqWH
+qaTBdAR2vthIKC7dKuUkg34CMQD6YtB2O9Vso79gbzSen2qh7gK7VvGE+31EVPbR
+Ce/oNG/3OfhRSdn3FOvBBg2UErM=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha384.crt b/tests/data_files/parse_input/server5-sha384.crt
new file mode 100644
index 0000000..5d6a79b
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha384.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBFDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMDA2gAMGUCMQCnsd/6VB2kLIqMRsWdkJvRaQROyAg78CQExFEY3CMv
+9t0kWRXPc4nCMH69RjQVvC4CMB4lk9A7hnX2zQy3bbUhOCOvXcsQdEe8AMgJBviz
+5Nob2wThRqsm1wjCF60fyzXWuA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha512.crt b/tests/data_files/parse_input/server5-sha512.crt
new file mode 100644
index 0000000..16112ac
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha512.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBFTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMEA2gAMGUCMFPL2OI8arcbRlKAbRb/YfGibo4Mwts8KX3fOuRCbXEn
+pDWeb82kBqfXwzPJwamFOwIxAPGzyhWrxn0qEynWV5nzFK02PYBnYFgClISyyudH
+HJGHtbEVRc5JA8ALnggaLVpuvg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-two-directorynames.crt.der b/tests/data_files/parse_input/server5-two-directorynames.crt.der
similarity index 100%
rename from tests/data_files/server5-two-directorynames.crt.der
rename to tests/data_files/parse_input/server5-two-directorynames.crt.der
Binary files differ
diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/parse_input/server5-unsupported_othername.crt
similarity index 100%
rename from tests/data_files/server5-unsupported_othername.crt
rename to tests/data_files/parse_input/server5-unsupported_othername.crt
diff --git a/tests/data_files/parse_input/server5.crt b/tests/data_files/parse_input/server5.crt
new file mode 100644
index 0000000..4597428
--- /dev/null
+++ b/tests/data_files/parse_input/server5.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
+C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
+fGa5kHvHARBPc8YAIVIqDvHH1Q==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.req.sha1 b/tests/data_files/parse_input/server5.req.sha1
similarity index 100%
rename from tests/data_files/server5.req.sha1
rename to tests/data_files/parse_input/server5.req.sha1
diff --git a/tests/data_files/server5.req.sha224 b/tests/data_files/parse_input/server5.req.sha224
similarity index 100%
rename from tests/data_files/server5.req.sha224
rename to tests/data_files/parse_input/server5.req.sha224
diff --git a/tests/data_files/server5.req.sha256 b/tests/data_files/parse_input/server5.req.sha256
similarity index 100%
rename from tests/data_files/server5.req.sha256
rename to tests/data_files/parse_input/server5.req.sha256
diff --git a/tests/data_files/server5.req.sha384 b/tests/data_files/parse_input/server5.req.sha384
similarity index 100%
rename from tests/data_files/server5.req.sha384
rename to tests/data_files/parse_input/server5.req.sha384
diff --git a/tests/data_files/server5.req.sha512 b/tests/data_files/parse_input/server5.req.sha512
similarity index 100%
rename from tests/data_files/server5.req.sha512
rename to tests/data_files/parse_input/server5.req.sha512
diff --git a/tests/data_files/server7_all_space.crt b/tests/data_files/parse_input/server7_all_space.crt
similarity index 100%
rename from tests/data_files/server7_all_space.crt
rename to tests/data_files/parse_input/server7_all_space.crt
diff --git a/tests/data_files/parse_input/server7_int-ca.crt b/tests/data_files/parse_input/server7_int-ca.crt
new file mode 100644
index 0000000..d3ddc46
--- /dev/null
+++ b/tests/data_files/parse_input/server7_int-ca.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
+IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
+AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
+FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
+8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
+QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
+yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
+TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
+deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
+0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
+OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
+VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
+a8Si6UK5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_pem_space.crt b/tests/data_files/parse_input/server7_pem_space.crt
similarity index 100%
rename from tests/data_files/server7_pem_space.crt
rename to tests/data_files/parse_input/server7_pem_space.crt
diff --git a/tests/data_files/server7_trailing_space.crt b/tests/data_files/parse_input/server7_trailing_space.crt
similarity index 100%
rename from tests/data_files/server7_trailing_space.crt
rename to tests/data_files/parse_input/server7_trailing_space.crt
diff --git a/tests/data_files/parse_input/server9-sha224.crt b/tests/data_files/parse_input/server9-sha224.crt
new file mode 100644
index 0000000..1b05f31
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha224.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo
+PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm
+g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm
+uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR
+B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe
+l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha256.crt b/tests/data_files/parse_input/server9-sha256.crt
new file mode 100644
index 0000000..7d0aa39
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha256.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg
+3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9
+yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H
+V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE
+0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu
+zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha384.crt b/tests/data_files/parse_input/server9-sha384.crt
new file mode 100644
index 0000000..aaa63e6
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha384.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp
+B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI
+aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX
+TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug
+qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg
+s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha512.crt b/tests/data_files/parse_input/server9-sha512.crt
new file mode 100644
index 0000000..a211b92
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha512.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR
+6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu
+6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk
+tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU
+6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/
+5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9.crt b/tests/data_files/parse_input/server9.crt
new file mode 100644
index 0000000..a6f9fbc
--- /dev/null
+++ b/tests/data_files/parse_input/server9.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
+EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
+HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
+r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
+qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
+wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
+OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
+clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
+vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
+te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
+Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
+88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
+JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
+o4Hl/lqjwCEG
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server9.req.sha1 b/tests/data_files/parse_input/server9.req.sha1
similarity index 100%
rename from tests/data_files/server9.req.sha1
rename to tests/data_files/parse_input/server9.req.sha1
diff --git a/tests/data_files/server9.req.sha224 b/tests/data_files/parse_input/server9.req.sha224
similarity index 100%
rename from tests/data_files/server9.req.sha224
rename to tests/data_files/parse_input/server9.req.sha224
diff --git a/tests/data_files/server9.req.sha256 b/tests/data_files/parse_input/server9.req.sha256
similarity index 100%
rename from tests/data_files/server9.req.sha256
rename to tests/data_files/parse_input/server9.req.sha256
diff --git a/tests/data_files/server9.req.sha384 b/tests/data_files/parse_input/server9.req.sha384
similarity index 100%
rename from tests/data_files/server9.req.sha384
rename to tests/data_files/parse_input/server9.req.sha384
diff --git a/tests/data_files/server9.req.sha512 b/tests/data_files/parse_input/server9.req.sha512
similarity index 100%
rename from tests/data_files/server9.req.sha512
rename to tests/data_files/parse_input/server9.req.sha512
diff --git a/tests/data_files/test-ca-any_policy.crt b/tests/data_files/parse_input/test-ca-any_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy.crt
rename to tests/data_files/parse_input/test-ca-any_policy.crt
diff --git a/tests/data_files/test-ca-any_policy_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-any_policy_ec.crt
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_with_qualifier.crt
rename to tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_with_qualifier_ec.crt
rename to tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt
diff --git a/tests/data_files/test-ca-multi_policy.crt b/tests/data_files/parse_input/test-ca-multi_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-multi_policy.crt
rename to tests/data_files/parse_input/test-ca-multi_policy.crt
diff --git a/tests/data_files/test-ca-multi_policy_ec.crt b/tests/data_files/parse_input/test-ca-multi_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-multi_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-multi_policy_ec.crt
diff --git a/tests/data_files/test-ca-unsupported_policy.crt b/tests/data_files/parse_input/test-ca-unsupported_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-unsupported_policy.crt
rename to tests/data_files/parse_input/test-ca-unsupported_policy.crt
diff --git a/tests/data_files/test-ca-unsupported_policy_ec.crt b/tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-unsupported_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt
diff --git a/tests/data_files/parse_input/test-ca.crt b/tests/data_files/parse_input/test-ca.crt
new file mode 100644
index 0000000..31790b5
--- /dev/null
+++ b/tests/data_files/parse_input/test-ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/parse_input/test-ca.crt.der
similarity index 100%
rename from tests/data_files/test-ca.crt.der
rename to tests/data_files/parse_input/test-ca.crt.der
Binary files differ
diff --git a/tests/data_files/test_cert_rfc822name.crt.der b/tests/data_files/parse_input/test_cert_rfc822name.crt.der
similarity index 100%
rename from tests/data_files/test_cert_rfc822name.crt.der
rename to tests/data_files/parse_input/test_cert_rfc822name.crt.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all.csr.der b/tests/data_files/parse_input/test_csr_v3_all.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der
rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_keyUsage.csr.der b/tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_keyUsage.csr.der
rename to tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_nsCertType.csr.der b/tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_nsCertType.csr.der
rename to tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der
Binary files differ
diff --git a/tests/data_files/test_csr_v3_subjectAltName.csr.der b/tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der
similarity index 100%
rename from tests/data_files/test_csr_v3_subjectAltName.csr.der
rename to tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der
Binary files differ
diff --git a/tests/data_files/pkcs7-rsa-sha256-1.crt b/tests/data_files/pkcs7-rsa-sha256-1.crt
index 9e461cd..fe282ab 100644
--- a/tests/data_files/pkcs7-rsa-sha256-1.crt
+++ b/tests/data_files/pkcs7-rsa-sha256-1.crt
@@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
+NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N
-Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4
-3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j
-9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra
-xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7
-y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC
-AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY
-MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8
-wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8
-1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51
-1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9
-SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H
-EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl
+iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8
+EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2
+QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in
+8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l
+WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC
+AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY
+MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH
+OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl
+FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH
+wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS
+Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4
+qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8=
-----END CERTIFICATE-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-1.der b/tests/data_files/pkcs7-rsa-sha256-1.der
index 0d799ea..ed29e40 100644
--- a/tests/data_files/pkcs7-rsa-sha256-1.der
+++ b/tests/data_files/pkcs7-rsa-sha256-1.der
Binary files differ
diff --git a/tests/data_files/pkcs7-rsa-sha256-1.key b/tests/data_files/pkcs7-rsa-sha256-1.key
index e31159d..c6367fb 100644
--- a/tests/data_files/pkcs7-rsa-sha256-1.key
+++ b/tests/data_files/pkcs7-rsa-sha256-1.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0
-ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz
-FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN
-q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX
-HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ
-qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY
-lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu
-+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv
-eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL
-aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8
-EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI
-Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/
-20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe
-LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE
-9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs
-SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX
-Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U
-eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq
-VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq
-t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ
-NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd
-moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv
-qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc
-4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB
-rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4
-LrS/V2yBrDJVczQQM4psonLF
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr
+Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp
+56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q
+BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb
+NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q
+SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7
+kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE
+iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/
+20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc
+ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP
+9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2
+WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw
+VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy
+9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD
+Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8
+3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z
++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P
+djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj
+OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D
+ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N
+Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C
+wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV
+rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv
+VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR
++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt
+mbHCXPhmMn9O6jmrDlGeMg==
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-1.pem b/tests/data_files/pkcs7-rsa-sha256-1.pem
index 3795b71..deee4b2 100644
--- a/tests/data_files/pkcs7-rsa-sha256-1.pem
+++ b/tests/data_files/pkcs7-rsa-sha256-1.pem
@@ -1,48 +1,48 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
+NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N
-Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4
-3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j
-9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra
-xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7
-y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC
-AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY
-MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8
-wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8
-1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51
-1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9
-SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H
-EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl
+iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8
+EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2
+QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in
+8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l
+WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC
+AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY
+MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH
+OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl
+FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH
+wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS
+Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4
+qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0
-ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz
-FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN
-q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX
-HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ
-qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY
-lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu
-+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv
-eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL
-aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8
-EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI
-Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/
-20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe
-LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE
-9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs
-SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX
-Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U
-eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq
-VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq
-t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ
-NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd
-moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv
-qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc
-4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB
-rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4
-LrS/V2yBrDJVczQQM4psonLF
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr
+Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp
+56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q
+BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb
+NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q
+SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7
+kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE
+iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/
+20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc
+ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP
+9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2
+WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw
+VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy
+9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD
+Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8
+3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z
++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P
+djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj
+OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D
+ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N
+Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C
+wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV
+rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv
+VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR
++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt
+mbHCXPhmMn9O6jmrDlGeMg==
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-2.crt b/tests/data_files/pkcs7-rsa-sha256-2.crt
index a0df7d9..2f0becb 100644
--- a/tests/data_files/pkcs7-rsa-sha256-2.crt
+++ b/tests/data_files/pkcs7-rsa-sha256-2.crt
@@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
+NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65
-lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y
-c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B
-g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89
-KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj
-j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC
-AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY
-MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka
-q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+
-ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB
-xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS
-IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+
-gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7
+haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B
+b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ
+jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR
+cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ
+adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC
+AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY
+MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T
++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK
+9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr
+V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm
+rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G
+ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc=
-----END CERTIFICATE-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-2.der b/tests/data_files/pkcs7-rsa-sha256-2.der
index fc7a3ea..a101435 100644
--- a/tests/data_files/pkcs7-rsa-sha256-2.der
+++ b/tests/data_files/pkcs7-rsa-sha256-2.der
Binary files differ
diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key
index 659c015..fe78b11 100644
--- a/tests/data_files/pkcs7-rsa-sha256-2.key
+++ b/tests/data_files/pkcs7-rsa-sha256-2.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of
-5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5
-ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2
-IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK
-OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp
-eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX
-oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM
-NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7
-73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD
-w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T
-i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB
-qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9
-ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH
-slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo
-in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D
-NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w
-+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95
-0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG
-+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ
-FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI
-xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9
-1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3
-kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa
-uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO
-0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ
-Qn6c/zyvMKSyrCVxo5pTd5Il
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY
+wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5
+6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ
+tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C
+ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao
+OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy
+NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B
+s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s
+RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT
+gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL
+hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX
+RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x
+o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy
+ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo
+w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7
+NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq
+W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv
+7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x
+MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O
+vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV
+wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT
+Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV
+wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB
+KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5
+RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h
+2j60FMMEJPr7clx+n6xU
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem
index b11a00a..71004b5 100644
--- a/tests/data_files/pkcs7-rsa-sha256-2.pem
+++ b/tests/data_files/pkcs7-rsa-sha256-2.pem
@@ -1,48 +1,48 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
+NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65
-lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y
-c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B
-g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89
-KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj
-j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC
-AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY
-MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka
-q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+
-ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB
-xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS
-IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+
-gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7
+haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B
+b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ
+jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR
+cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ
+adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC
+AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY
+MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T
++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK
+9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr
+V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm
+rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G
+ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of
-5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5
-ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2
-IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK
-OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp
-eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX
-oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM
-NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7
-73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD
-w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T
-i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB
-qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9
-ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH
-slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo
-in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D
-NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w
-+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95
-0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG
-+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ
-FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI
-xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9
-1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3
-kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa
-uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO
-0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ
-Qn6c/zyvMKSyrCVxo5pTd5Il
+MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY
+wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5
+6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ
+tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C
+ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao
+OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy
+NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B
+s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s
+RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT
+gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL
+hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX
+RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x
+o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy
+ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo
+w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7
+NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq
+W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv
+7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x
+MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O
+vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV
+wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT
+Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV
+wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB
+KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5
+RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h
+2j60FMMEJPr7clx+n6xU
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-3.crt b/tests/data_files/pkcs7-rsa-sha256-3.crt
index 5f22ce2..03ce5b35 100644
--- a/tests/data_files/pkcs7-rsa-sha256-3.crt
+++ b/tests/data_files/pkcs7-rsa-sha256-3.crt
@@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD
+NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk
-XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z
-7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC
-lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K
-gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu
-6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC
-AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY
-MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u
-WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C
-PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C
-AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE
-qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P
-uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s
+8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD
+l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R
+26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz
+JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U
+aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC
+AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY
+MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi
+MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz
+Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP
+wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq
+lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+
+pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw=
-----END CERTIFICATE-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-3.key b/tests/data_files/pkcs7-rsa-sha256-3.key
index 3cdc717..17c4eed 100644
--- a/tests/data_files/pkcs7-rsa-sha256-3.key
+++ b/tests/data_files/pkcs7-rsa-sha256-3.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S
-JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk
-n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n
-EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k
-wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu
-HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv
-rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO
-r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX
-bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR
-Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ
-nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o
-CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3
-i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI
-X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD
-XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR
-hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i
-r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC
-mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh
-Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb
-7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN
-4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB
-pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3
-9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU
-u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh
-ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ
-7BT4C+yor7c/fL356athqxk=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD
+Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0
+OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw
+Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv
+F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs
+WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx
+oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG
+Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs
+dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd
+19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT
+kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z
+VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7
+ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k
+6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy
+PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO
+XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+
+jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD
+hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD
+hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2
+FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD
+XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm
+escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd
+fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ
+mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL
+zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG
+hmSyoAlNQm47tGD3i+2erv0=
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7-rsa-sha256-3.pem b/tests/data_files/pkcs7-rsa-sha256-3.pem
index ee99782..0dc2fe9 100644
--- a/tests/data_files/pkcs7-rsa-sha256-3.pem
+++ b/tests/data_files/pkcs7-rsa-sha256-3.pem
@@ -1,48 +1,48 @@
-----BEGIN CERTIFICATE-----
-MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL
+MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
-NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD
+NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk
-XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z
-7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC
-lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K
-gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu
-6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC
-AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY
-MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u
-WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C
-PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C
-AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE
-qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P
-uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw=
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s
+8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD
+l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R
+26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz
+JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U
+aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC
+AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY
+MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi
+MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz
+Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP
+wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq
+lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+
+pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S
-JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk
-n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n
-EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k
-wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu
-HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv
-rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO
-r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX
-bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR
-Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ
-nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o
-CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3
-i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI
-X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD
-XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR
-hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i
-r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC
-mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh
-Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb
-7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN
-4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB
-pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3
-9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU
-u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh
-ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ
-7BT4C+yor7c/fL356athqxk=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD
+Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0
+OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw
+Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv
+F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs
+WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx
+oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG
+Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs
+dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd
+19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT
+kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z
+VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7
+ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k
+6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy
+PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO
+XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+
+jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD
+hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD
+hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2
+FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD
+XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm
+escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd
+fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ
+mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL
+zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG
+hmSyoAlNQm47tGD3i+2erv0=
-----END PRIVATE KEY-----
diff --git a/tests/data_files/pkcs7_data_3_signed.der b/tests/data_files/pkcs7_data_3_signed.der
index 92c0710..23181ae 100644
--- a/tests/data_files/pkcs7_data_3_signed.der
+++ b/tests/data_files/pkcs7_data_3_signed.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_encrypted.der b/tests/data_files/pkcs7_data_cert_encrypted.der
index b7b1c83..c3d8642 100644
--- a/tests/data_files/pkcs7_data_cert_encrypted.der
+++ b/tests/data_files/pkcs7_data_cert_encrypted.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_signed_sha1.der b/tests/data_files/pkcs7_data_cert_signed_sha1.der
index fb1deb0..878e9ec 100644
--- a/tests/data_files/pkcs7_data_cert_signed_sha1.der
+++ b/tests/data_files/pkcs7_data_cert_signed_sha1.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der
index 8dc2f4c..cc48123 100644
--- a/tests/data_files/pkcs7_data_cert_signed_sha256.der
+++ b/tests/data_files/pkcs7_data_cert_signed_sha256.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der
index a4aa587..75bdf0f 100644
--- a/tests/data_files/pkcs7_data_cert_signed_sha512.der
+++ b/tests/data_files/pkcs7_data_cert_signed_sha512.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_signed_v2.der b/tests/data_files/pkcs7_data_cert_signed_v2.der
index 4f4cb04..950db20 100644
--- a/tests/data_files/pkcs7_data_cert_signed_v2.der
+++ b/tests/data_files/pkcs7_data_cert_signed_v2.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der
index cb7d751..cb97b9b 100644
--- a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der
+++ b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der
index 4a237e9..63d7194 100644
--- a/tests/data_files/pkcs7_data_multiple_certs_signed.der
+++ b/tests/data_files/pkcs7_data_multiple_certs_signed.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_multiple_signed.der b/tests/data_files/pkcs7_data_multiple_signed.der
index 095b80c..cc441fb 100644
--- a/tests/data_files/pkcs7_data_multiple_signed.der
+++ b/tests/data_files/pkcs7_data_multiple_signed.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badcert.der b/tests/data_files/pkcs7_data_signed_badcert.der
index ed00f65..c74d69d 100644
--- a/tests/data_files/pkcs7_data_signed_badcert.der
+++ b/tests/data_files/pkcs7_data_signed_badcert.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner.der b/tests/data_files/pkcs7_data_signed_badsigner.der
index aa5447c..ba629dc 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der
index da7f3a9..dbe9320 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der b/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der
index 402b910..198b929 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der b/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der
index e19c54a..f613e3d 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner2_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner2_badsize.der
index 6b12b80..0e64767 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner2_badsize.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner2_badsize.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der b/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der
index 7929444..caaa305 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der b/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der
index b52bb78..f7e0df4 100644
--- a/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der
+++ b/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_with_signature.der b/tests/data_files/pkcs7_data_with_signature.der
index cb9d126..b98cab6 100644
--- a/tests/data_files/pkcs7_data_with_signature.der
+++ b/tests/data_files/pkcs7_data_with_signature.der
Binary files differ
diff --git a/tests/data_files/pkcs7_data_without_cert_signed.der b/tests/data_files/pkcs7_data_without_cert_signed.der
index b47fe92..390361f 100644
--- a/tests/data_files/pkcs7_data_without_cert_signed.der
+++ b/tests/data_files/pkcs7_data_without_cert_signed.der
Binary files differ
diff --git a/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der b/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
index fe55390..0fbc65b 100644
--- a/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
+++ b/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
Binary files differ
diff --git a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der
index 3a42874..4f059c2 100644
--- a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der
+++ b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der
Binary files differ
diff --git a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der
index 898ca67..cd77545 100644
--- a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der
+++ b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der
Binary files differ
diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der
index f4b4e38..5efa3a9 100644
--- a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der
+++ b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der
Binary files differ
diff --git a/tests/data_files/pkcs7_zerolendata_detached.der b/tests/data_files/pkcs7_zerolendata_detached.der
index 2a389ab..5f9b62e 100644
--- a/tests/data_files/pkcs7_zerolendata_detached.der
+++ b/tests/data_files/pkcs7_zerolendata_detached.der
Binary files differ
diff --git a/tests/data_files/server1.allSubjectAltNames.crt b/tests/data_files/server1.allSubjectAltNames.crt
new file mode 100644
index 0000000..13af873
--- /dev/null
+++ b/tests/data_files/server1.allSubjectAltNames.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o4HaMIHXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MIGJBgNVHREEgYEwf4EQ
+bWFpbEBleGFtcGxlLmNvbYILZXhhbXBsZS5jb22kQDA+MQswCQYDVQQGEwJVSzER
+MA8GA1UECgwITWJlZCBUTFMxHDAaBgNVBAMME1N1YmplY3RBbHROYW1lIHRlc3SH
+BAECAwSGFmh0dHA6Ly9wa2kuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB
+AGPFB8YGpe6PRniPkYVlpCf5WwleYCpcP4AEvFHj5dD1UcBcqKjppJRGssg+S0fP
+nNwYRjaVjKuhWSGIMrk0nZqsiexnkCma0S8kdFvHtCfbR9c9pQSn44olVMbHx/t8
+dzv7Z48HqsqvG0hn3AwDlZ+KrnTZFzzpWzfLkbPdZko/oHoFmqEekEuyOK9vO3fj
+eNm5SzYtqOigw8TxkTb1+Qi9Cj66VEwVESW1y/TL9073Kx0lBoY8wj1Pvfdhplrg
+IwYIwrr0HM+7nlYEhEI++NAbZhjQoS2kF5i7xpomUkYH9ePbrwWYBcuN00pljXEm
+ioY0KKlx00fRehPH/6TBHZI=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt
index eca171f..d4ac4b1 100644
--- a/tests/data_files/server10-badsign.crt
+++ b/tests/data_files/server10-badsign.crt
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX10=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS0=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem
index b84cee7..d824c43 100644
--- a/tests/data_files/server10-bs_int3.pem
+++ b/tests/data_files/server10-bs_int3.pem
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX10=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt
index 96a4040..52b5ea0 100644
--- a/tests/data_files/server10.crt
+++ b/tests/data_files/server10.crt
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem
index a9e0615..9a82b17 100644
--- a/tests/data_files/server10_int3-bs.pem
+++ b/tests/data_files/server10_int3-bs.pem
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWf0=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg10==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt
index 0df2c65..b585292 100644
--- a/tests/data_files/server10_int3_int-ca2.crt
+++ b/tests/data_files/server10_int3_int-ca2.crt
@@ -1,40 +1,40 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt
index c25482b..3601a20 100644
--- a/tests/data_files/server10_int3_int-ca2_ca.crt
+++ b/tests/data_files/server10_int3_int-ca2_ca.crt
@@ -1,120 +1,60 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt
index c9d6715..87cc476 100644
--- a/tests/data_files/server10_int3_spurious_int-ca2.crt
+++ b/tests/data_files/server10_int3_spurious_int-ca2.crt
@@ -1,30 +1,30 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -38,27 +38,27 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt
index ed0d696..46987c3 100644
--- a/tests/data_files/server3.crt
+++ b/tests/data_files/server3.crt
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
+MIICXDCCAUSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5
-fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ
-OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/
-pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ
-b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W
-4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm
-DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx
-CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS
-qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb
-kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu
-CAQ1sXmQ
+fQcsej6EFasvlTdJ/6NNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU5BdrNrIGiTrZ
+XkO24GR9h6t93jcwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJ
+KoZIhvcNAQEFBQADggEBAKSCuGCXcpDrVwRVgHVlUsxACRDUH2QirsLFAUk1CGsR
+SniBgWi+5KGK8fd3Tf+GkVeIZocaf7tnKm0YJg8W5QPDnwrMD2L1SjYFgc7r1G4f
+579FOo0qRKdJabTV0e022XFyN77JJHAm8RkjZEnzUuW7k8/RohY8NBzh+KACyHOi
+96DhGsBp9LG6QIKB1rxiNx4wq3WUygaMgImoaDRqgAFxJjwRBEhcsWtU2AmoOKdO
+hzQp+EzEjn04+ScJpMzMF4FY+kLaz9PlvEO61aQuZsC2fUmk+M6q8xcBNEdoFNvv
+0cOl5Liuewb32srAZWCMpbHFxaT9Nd3TxJwFxFCJpvc=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt
index 96b1aa7..2b4134d 100644
--- a/tests/data_files/server4.crt
+++ b/tests/data_files/server4.crt
@@ -1,18 +1,17 @@
-----BEGIN CERTIFICATE-----
-MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL
-vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA
-Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl
-NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5
-bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0
-d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME
-ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA
-wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/
-O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z
-3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc
+MIICnTCCAiGgAwIBAgIBCDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1g
+Mku+BhiPm7EPEscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQS
+k8AiT0bC76+DsZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7
+smU2fFHVdCVtvIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+
+p7lu3QrfSGXU3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ
+9fR3x2NMz64dOjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABo00wSzAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTAfBgNVHSME
+GDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDB
+ek00E3uHPwnUDBVAPRJThsj2mQr/MSCTwRMNXnNlki9Lux0qGd6uvhp5v31I7V0C
+MDiCHwEm55sU4gWrAxYVKVVV9qMTG2Moy4YnJDDlxwpyXPta5Ac2FV+0AbInBXSM
+Bg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt
index 0c65072..b641f70 100644
--- a/tests/data_files/server5-badsign.crt
+++ b/tests/data_files/server5-badsign.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
-C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
-fGa5kHvHARBPc8YAIVIqDvHH1A==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ
+qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN
+06jC+BLgOH1KQV9ArqEh3AhOhE0=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt
index 08d8dd3..1e0a008 100644
--- a/tests/data_files/server5-der0.crt
+++ b/tests/data_files/server5-der0.crt
Binary files differ
diff --git a/tests/data_files/server5-der1a.crt b/tests/data_files/server5-der1a.crt
index 015017b..c143298 100644
--- a/tests/data_files/server5-der1a.crt
+++ b/tests/data_files/server5-der1a.crt
Binary files differ
diff --git a/tests/data_files/server5-der1b.crt b/tests/data_files/server5-der1b.crt
index 6340d9e..6989679 100644
--- a/tests/data_files/server5-der1b.crt
+++ b/tests/data_files/server5-der1b.crt
Binary files differ
diff --git a/tests/data_files/server5-der2.crt b/tests/data_files/server5-der2.crt
index c6e320a..56ad14c 100644
--- a/tests/data_files/server5-der2.crt
+++ b/tests/data_files/server5-der2.crt
Binary files differ
diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt
index 4af05cc..4ceed41 100644
--- a/tests/data_files/server5-der4.crt
+++ b/tests/data_files/server5-der4.crt
Binary files differ
diff --git a/tests/data_files/server5-der8.crt b/tests/data_files/server5-der8.crt
index 65be7dc..07ffd2f 100644
--- a/tests/data_files/server5-der8.crt
+++ b/tests/data_files/server5-der8.crt
Binary files differ
diff --git a/tests/data_files/server5-der9.crt b/tests/data_files/server5-der9.crt
index 4947f1f..aa8f9a1 100644
--- a/tests/data_files/server5-der9.crt
+++ b/tests/data_files/server5-der9.crt
Binary files differ
diff --git a/tests/data_files/server5-sha1.crt b/tests/data_files/server5-sha1.crt
index 73e2d17..6c14183 100644
--- a/tests/data_files/server5-sha1.crt
+++ b/tests/data_files/server5-sha1.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHTCCAaSgAwIBAgIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
-MzA5MjQxNjIxMjdaFw0yMzA5MjIxNjIxMjdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
+MIICHjCCAaSgAwIBAgIBCTAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
+VQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0y
+MzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDY
IxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6OBnTCBmjAJBgNVHRMEAjAAMB0G
A1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjBuBgNVHSMEZzBlgBSdbSAkSQE/
-K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFy
-U1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
-KoZIzj0EAQNoADBlAjEAyjvzRWtxbXvkoYTYSQY9gFBpP7/wTZ2q6FbRiAuZULFt
-lc0PMPDfVZChgA6iDH+BAjBdkOb73f2pOwZpMRqrOgqSynbt2uWY87mC5lRlNEoR
-WXEv1AzIeBCv+81DN1Iuu4w=
+K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFy
+U1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
+KoZIzj0EAQNpADBmAjEAnbhJ4O/x6bcBgB0FnX44q9j9pjBYHN9ZK59bHxqerhyJ
+12DlVbNoOonlkFYVUsgCAjEAmnUolKu+XUtS2is3d0M2V6cPwZxq5qI0+wBR79/p
+NRjFOlyP69OWs9CI2cyYLbGc
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha224.crt b/tests/data_files/server5-sha224.crt
index 47b1168..ad01b10 100644
--- a/tests/data_files/server5-sha224.crt
+++ b/tests/data_files/server5-sha224.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICIDCCAaWgAwIBAgIBEzAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMBA2kAMGYCMQCj0EyFUzDRmfokWzLVEWN0epR4/sZytfIeozp6BqWH
-qaTBdAR2vthIKC7dKuUkg34CMQD6YtB2O9Vso79gbzSen2qh7gK7VvGE+31EVPbR
-Ce/oNG/3OfhRSdn3FOvBBg2UErM=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMBA2gAMGUCMQDlCvtvCAgJDiGQnqOYwzmeafyyNbpSRZwcpV84FSkm
+pwKw2jTv3WaXujSNu7B62GoCME97oLBGSgiOMD5QUEdOjABkCV4E2slyvk4Gk71c
+9e92VgA3rKPRXlvwACPsbFIQJQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha384.crt b/tests/data_files/server5-sha384.crt
index 5d6a79b..7de6f8c 100644
--- a/tests/data_files/server5-sha384.crt
+++ b/tests/data_files/server5-sha384.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBFDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMDA2gAMGUCMQCnsd/6VB2kLIqMRsWdkJvRaQROyAg78CQExFEY3CMv
-9t0kWRXPc4nCMH69RjQVvC4CMB4lk9A7hnX2zQy3bbUhOCOvXcsQdEe8AMgJBviz
-5Nob2wThRqsm1wjCF60fyzXWuA==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMDA2gAMGUCMQDPV3rbJX6rigR5SJQGNzqfreq8Y3O+mlAQkuo9sicU
+llVXjN3g41dOJmaEO2yHjMQCMCecXLQsYjQn2wPh/XyE+PL48Yp0+Y6+HEHCjLk3
+JOTQqo73a9xN+yhrud2ssT830w==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha512.crt b/tests/data_files/server5-sha512.crt
index 16112ac..8bea8c2 100644
--- a/tests/data_files/server5-sha512.crt
+++ b/tests/data_files/server5-sha512.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBFTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHjCCAaWgAwIBAgIBCTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMEA2gAMGUCMFPL2OI8arcbRlKAbRb/YfGibo4Mwts8KX3fOuRCbXEn
-pDWeb82kBqfXwzPJwamFOwIxAPGzyhWrxn0qEynWV5nzFK02PYBnYFgClISyyudH
-HJGHtbEVRc5JA8ALnggaLVpuvg==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMEA2cAMGQCMEekbPD8GQQmK1uJ3wXgC/VdRdfmEBM/urkmXYINcHrz
+E6xLpFE/jxZ0wb5SXteLtQIwZ8ZJIDLnxGciX/mtfx0dOII3bna72yRkGfT+0b/C
+sj9KvVuQ0y1oaP9Rbg35dbcH
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-tricky-ip-san-malformed-len.crt.der b/tests/data_files/server5-tricky-ip-san-malformed-len.crt.der
new file mode 100644
index 0000000..a26da6c
--- /dev/null
+++ b/tests/data_files/server5-tricky-ip-san-malformed-len.crt.der
Binary files differ
diff --git a/tests/data_files/server5-tricky-ip-san.crt b/tests/data_files/server5-tricky-ip-san.crt
deleted file mode 100644
index 135830f..0000000
--- a/tests/data_files/server5-tricky-ip-san.crt
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBljCCATygAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G
-A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBTQU4w
-HhcNMjAwNzIzMTAyNzQ2WhcNMzAwNzIxMTAyNzQ2WjBBMQswCQYDVQQGEwJVSzER
-MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBT
-QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5
-BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oyUw
-IzAhBgNVHREEGjAYhwRhYmNkhxBhYmNkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC
-A0gAMEUCIFDc8ZALA/9Zv7dZTWrZOOp/dgPAEJRT+h68nD6KF+XyAiEAs1QqugOo
-Dwru0DSEmpYkmj1Keunpd0VopM0joC1cc5A=
------END CERTIFICATE-----
diff --git a/tests/data_files/server5-tricky-ip-san.crt.der b/tests/data_files/server5-tricky-ip-san.crt.der
new file mode 100644
index 0000000..0bd06f8
--- /dev/null
+++ b/tests/data_files/server5-tricky-ip-san.crt.der
Binary files differ
diff --git a/tests/data_files/server5.crt b/tests/data_files/server5.crt
index 4597428..2eab999 100644
--- a/tests/data_files/server5.crt
+++ b/tests/data_files/server5.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
-C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
-fGa5kHvHARBPc8YAIVIqDvHH1Q==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ
+qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN
+06jC+BLgOH1KQV9ArqEh3AhOhEg=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der
index 08d8dd3..1e0a008 100644
--- a/tests/data_files/server5.crt.der
+++ b/tests/data_files/server5.crt.der
Binary files differ
diff --git a/tests/data_files/server5.crt.openssl.v3_ext b/tests/data_files/server5.crt.openssl.v3_ext
new file mode 100644
index 0000000..594e90a
--- /dev/null
+++ b/tests/data_files/server5.crt.openssl.v3_ext
@@ -0,0 +1,3 @@
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt
index 6df6716..51e4393 100644
--- a/tests/data_files/server6.crt
+++ b/tests/data_files/server6.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt
index 954b53a..e0d18b0 100644
--- a/tests/data_files/server7-badsign.crt
+++ b/tests/data_files/server7-badsign.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK0
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO0
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt
index a25ce4b..9c423c9 100644
--- a/tests/data_files/server7-expired.crt
+++ b/tests/data_files/server7-expired.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDUxNjA3MTAzN1oXDTIzMDUxNzA3MTAzN1owNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
-d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
-bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
-MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j
-fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb
-/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY
-zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK
-s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs
-FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq
-1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX
-TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5
-zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h
-CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU
-yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb
-B8PmaiMB
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAHX0pu54c8rk2F76lxnMKuS+C3Kiwab0KxII
+ZkpAgpk5sj2KxiGrNLDhK0ZGjVlVuUjauySVuBUfrr8GfjQ1xE7RUrxwBrEU5fVs
+FHKscBF58AaIXIPf5xIuCdc2C487Leuu+LIbGsg9EvKq/pg7avIB9hSjvwn5W3m3
+3o8eL/ahD4t5rh8r7hKptY+7dqeraBrmCnitxsRQToMV+jy2RCGD3vYUDxyJc3x+
+m3o7nWGreyLCqPCRgeEh9RKbbhygcoBtdjojZABZmlGa9BO72hK5lhy2a1QiIOiL
+OoBgDFf8gVo81MX02RtSQISZLq/hJ8smtil8oaKgJ+VyGjfCR1uZY7RpaEfP4U+R
+tX8gqt/4TJ4mIJOv4xL12XsV65rZuB7+yhZ6rqWRlZx9Aa4/GqxIbALrQPs17uRX
+41TPIdz3Pjq3w3x3bdGxbyF0TvJRaeobB60KHlrm6DWltY7k2Ucju9oTko6bJLgp
+rCRC1JkTXzWS3jZDqULTVPxDsZjVRqwEl46PPe0gSloB+h/ulq8rNIG1snWTGdNQ
+Bovbko9lFHA8md8f7ZULQ6pB8SV/LH2qufSsWb5LY9ZfHUprwH2oBQ+A9eYkk5ZR
+LJC879ZC8w8LMQfBGT22fLnOJ2qS6GyguB+y17beF8RMgFpiFTzoD1nPQAd9cyGY
+b2ta+9o9
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt
index eeb596f..b725eb7 100644
--- a/tests/data_files/server7-future.crt
+++ b/tests/data_files/server7-future.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTMzMDUxNzA3MTAzN1oXDTQzMDUxODA3MTAzN1owNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
-d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
-bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
-MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI
-u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0
-Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/
-LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/
-+cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs
-/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp
-5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8
-HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN
-IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR
-ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6
-ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW
-WKW7hd8h
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAFgzS8NNGRayelUleAee5udbk9+fkkxvYA/p
+QEaD+UvuSmgJ7iEU0gx6cJ2RcEbg/NqgrMBni8ayiGptOZRTq4j8bPcrZZCrcsvO
+jFk/yXwWIv1hRofQ8wBynPOgbtPJ5J7zYkE0sqXbAPOWeNdya+R0CuSex5DW9kj/
++tiXGXdGiLKu/FOC9tedfsu67a+ZEK0Q3rbFqsWpHdQcKIEN4A18xPBXNtx/DJuq
+0+fcjtIsigpRvLbLSFuvSI5vWP1MFyuMDTLYVKN1PceRg2yxpKecKbsDpeSRX3R9
+Fs444mDSJs75i8fkdXS4GLXfJjJOft3HbRtEEznF5sITppjr40PszMvOj2njWPPn
+o3ECca7HbhuhtqIGfM5+2mCwPgmm7fEmYILVYgTihFfPKUhGUKN+4Qp75gOzMKds
+7t8NRFTKPEpFmicc1wKfEsp22UWC6azyTu6iVByWlt+fojFbdHjvxDY8iIqBFU6/
+44uLMTxu9r9gMSZK9sX7vGIgeER3RnArP0ZSxAvoxG3lu+QQXwItxnTKQnA3CDra
+MkmwSM5kMewO/Ub1bgkdQ3j/DD0uSwreEdg0fvxaAJIH2N/lOFUWPrzbg8TJR1Sb
+ohctT+uAKoPQrxsZuSdrz9QHOdgkPR6gp9bdnXkZSa9jGX7Pd5Ur5LDEXljol1ZL
+T97oaKB7
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt
index ed087ef..c5c2cb8 100644
--- a/tests/data_files/server7.crt
+++ b/tests/data_files/server7.crt
@@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt
index fc00517..a3a8f69 100644
--- a/tests/data_files/server7_int-ca-exp.crt
+++ b/tests/data_files/server7_int-ca-exp.crt
@@ -1,30 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
-Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
-773Ap7Gxpk168id1EFhvW22YabKs
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR
+07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf
+z0BtLCVhFwQlrzCqgXC98SGfT6sZ
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt
index d3ddc46..cb108a4 100644
--- a/tests/data_files/server7_int-ca.crt
+++ b/tests/data_files/server7_int-ca.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca_ca2.crt b/tests/data_files/server7_int-ca_ca2.crt
index c289c0a..097447f 100644
--- a/tests/data_files/server7_int-ca_ca2.crt
+++ b/tests/data_files/server7_int-ca_ca2.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,24 +39,22 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt
index 632c4fd..fdc1146 100644
--- a/tests/data_files/server7_spurious_int-ca.crt
+++ b/tests/data_files/server7_spurious_int-ca.crt
@@ -1,49 +1,49 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABN3b1ltNlBQ9PhwJhxBWENlMNdy1vyKBGH3EdZ7w4uHJJOm
+w8JS5p/B5+9fDIIOThDr80hLq4QOQVJhxAT1/Zsb2OzsTxc1BaCNbBv2Y+FyFcpL
+I8EjMF+gnSgbs46kGKce1EJNrZrkvpCngtNj7qqg9qnPXd1en0z349xHJPmYuWEb
+9sHdVlwnebPm1n9u1NzpktAChb28UFnBYTWraZCtMBMozuMhz6mo66XOEyH06Ypa
+QPOlBmbgW/e+fuXow41QUqP2tvVL6MsmSZFWk8hr45rNRzeTok1M5bW91sZ78We5
+95m3T6IE+qpj2/RILncwy7vWBlFzbuiIA3eSJa8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -57,9 +57,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt
index b435b2d..515b17b 100644
--- a/tests/data_files/server8.crt
+++ b/tests/data_files/server8.crt
@@ -1,18 +1,17 @@
-----BEGIN CERTIFICATE-----
-MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
-quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
-ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
-AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
-u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
-J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
-J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
-2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
-2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
+MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l
+ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw
+CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4
+zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89
++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j
+LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw
+2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW
+KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw
+7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
+J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E
+AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS
+dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS
+MxG1isOdUiQTajM1TQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt
index 7a8da71..e99727d 100644
--- a/tests/data_files/server8_int-ca2.crt
+++ b/tests/data_files/server8_int-ca2.crt
@@ -1,36 +1,35 @@
-----BEGIN CERTIFICATE-----
-MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
-quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
-ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
-AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
-u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
-J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
-J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
-2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
-2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
+MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l
+ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw
+CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4
+zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89
++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j
+LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw
+2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW
+KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw
+7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
+J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E
+AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS
+dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS
+MxG1isOdUiQTajM1TQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt
index 31790b5..ef7e4c7 100644
--- a/tests/data_files/test-ca.crt
+++ b/tests/data_files/test-ca.crt
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -9,12 +9,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.key b/tests/data_files/test-ca.key
index 1614e22..de8be1d 100644
--- a/tests/data_files/test-ca.key
+++ b/tests/data_files/test-ca.key
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B
+DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314
-9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA
-7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq
-Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo
-PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb
-GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9
-gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq
-QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w
-PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x
-vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU
-WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X
-JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR
-KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe
-Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J
-9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2
-iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/
-tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT
-P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL
-1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb
-nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5
-X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq
-rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz
-L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l
-I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR
-wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde
-P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2
+etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79
+NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO
+bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB
+skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV
+sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45
+U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G
+L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl
+UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC
+itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM
+sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB
+/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m
+1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV
+UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21
+7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG
+ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm
+cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W
+R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts
+EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP
+90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD
+gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR
+xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ
+0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp
+fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX
+9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H
+PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU
-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index a642b73..ff22cdb 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -12,6 +12,11 @@
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
+[no_subj_auth_id]
+subjectKeyIdentifier=none
+authorityKeyIdentifier=none
+basicConstraints = CA:true
+
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
diff --git a/tests/data_files/test-ca.req.sha256 b/tests/data_files/test-ca.req.sha256
new file mode 100644
index 0000000..1114338
--- /dev/null
+++ b/tests/data_files/test-ca.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvFi98a
+Hpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+5aYO
+s/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+T/tY
+JiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5pLK1
+LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnqDG6O
+Gxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBAKI+q840+CyPj6DJDJr9mP/aE8U+VyxbarQuZHxbiyS2HDuNQNFvP2TmCDRx
+juERTU8yDOj3F2p7JhFF4QkCP2TP4JFYjLlOE7ISxYegGdJNNO6W00btMHG1s0aW
+uPcPIIy9HxGiOFFmjYz7Jo8mcFl+bl4ET7zPoj21R4dOl7E3oYLtEZqTuiWnfW2H
++whurU13PYyog3jvJex99VIL8ZRliUSKgdmQ7A4GMvE6kf6Uk+441ynZ7RQr4jF9
+xsVIrR7cyt/SsVEYF+2SfJi0dO9pf6yV3PdwtpU2URTyZoitlneqEINXKi7Qx6E+
++f5fAI8FbCJtgKEKf2TfqiH6sCI=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca.req_ec.sha256 b/tests/data_files/test-ca.req_ec.sha256
new file mode 100644
index 0000000..6d46b2a
--- /dev/null
+++ b/tests/data_files/test-ca.req_ec.sha256
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa
+BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO
+LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg
+Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E
+8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l
+pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt
index 7ac79e4..b974f4c 100644
--- a/tests/data_files/test-ca2.crt
+++ b/tests/data_files/test-ca2.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
-6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/
-MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk
-SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a
-LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ
-hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der
index 2c8e217..70d6abc 100644
--- a/tests/data_files/test-ca2.crt.der
+++ b/tests/data_files/test-ca2.crt.der
Binary files differ
diff --git a/tests/data_files/test-ca2.req.sha256 b/tests/data_files/test-ca2.req.sha256
new file mode 100644
index 0000000..6d46b2a
--- /dev/null
+++ b/tests/data_files/test-ca2.req.sha256
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa
+BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO
+LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg
+Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E
+8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l
+pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt
index b1cfbf0..833e497 100644
--- a/tests/data_files/test-ca2_cat-future-invalid.crt
+++ b/tests/data_files/test-ca2_cat-future-invalid.crt
@@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt
index 776e725..649cca0 100644
--- a/tests/data_files/test-ca2_cat-future-present.crt
+++ b/tests/data_files/test-ca2_cat-future-present.crt
@@ -1,28 +1,26 @@
-----BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt
index febad74..a0b0a2f 100644
--- a/tests/data_files/test-ca2_cat-past-invalid.crt
+++ b/tests/data_files/test-ca2_cat-past-invalid.crt
@@ -13,15 +13,15 @@
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt
index bc1ba9a..24e05c6 100644
--- a/tests/data_files/test-ca2_cat-past-present.crt
+++ b/tests/data_files/test-ca2_cat-past-present.crt
@@ -12,17 +12,15 @@
l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt
index d62ed09..6539479 100644
--- a/tests/data_files/test-ca2_cat-present-future.crt
+++ b/tests/data_files/test-ca2_cat-present-future.crt
@@ -1,28 +1,26 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt
index a321d5d..08aeeea 100644
--- a/tests/data_files/test-ca2_cat-present-past.crt
+++ b/tests/data_files/test-ca2_cat-present-past.crt
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt
index 8928144..c54bcc1 100644
--- a/tests/data_files/test-ca_cat12.crt
+++ b/tests/data_files/test-ca_cat12.crt
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -9,27 +9,25 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt
index 7234863..b090dc6 100644
--- a/tests/data_files/test-ca_cat21.crt
+++ b/tests/data_files/test-ca_cat21.crt
@@ -1,20 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -24,12 +22,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt
index c549654..835c7db 100644
--- a/tests/data_files/test-int-ca-exp.crt
+++ b/tests/data_files/test-int-ca-exp.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
@@ -16,9 +16,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
-Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
-773Ap7Gxpk168id1EFhvW22YabKs
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR
+07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf
+z0BtLCVhFwQlrzCqgXC98SGfT6sZ
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt
index cbe99e0..8b2846d 100644
--- a/tests/data_files/test-int-ca.crt
+++ b/tests/data_files/test-int-ca.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -16,9 +16,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt
index 9ce44c2..80f39b9 100644
--- a/tests/data_files/test-int-ca2.crt
+++ b/tests/data_files/test-int-ca2.crt
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt
index 2087056..8c36315 100644
--- a/tests/data_files/test-int-ca3-badsign.crt
+++ b/tests/data_files/test-int-ca3-badsign.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWf0=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg10==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca3.crt b/tests/data_files/test-int-ca3.crt
index 7e724b2..3aa64b1 100644
--- a/tests/data_files/test-int-ca3.crt
+++ b/tests/data_files/test-int-ca3.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
index a79ce17..de84264 100644
--- a/tests/include/spe/crypto_spe.h
+++ b/tests/include/spe/crypto_spe.h
@@ -19,13 +19,13 @@
/**
* \file crypto_spe.h
*
- * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
- * enabled, this header is included by all .c files in Mbed Crypto that
+ * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
+ * enabled, this header is included by all .c files in Mbed TLS that
* use PSA Crypto function names. This avoids duplication of symbols
- * between TF-M and Mbed Crypto.
+ * between TF-M and Mbed TLS.
*
* \note This file should be included before including any PSA Crypto headers
- * from Mbed Crypto.
+ * from Mbed TLS.
*/
#ifndef CRYPTO_SPE_H
diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h
new file mode 100644
index 0000000..74bbbd5
--- /dev/null
+++ b/tests/include/test/arguments.h
@@ -0,0 +1,38 @@
+/**
+ * \file arguments.h
+ *
+ * \brief Manipulation of test arguments.
+ *
+ * Much of the code is in host_test.function, to be migrated here later.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_ARGUMENTS_H
+#define TEST_ARGUMENTS_H
+
+#include "mbedtls/build_info.h"
+#include <stdint.h>
+#include <stdlib.h>
+
+typedef union {
+ size_t len;
+ intmax_t sint;
+} mbedtls_test_argument_t;
+
+#endif /* TEST_ARGUMENTS_H */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index ff2abfb..f8b3a34 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -62,6 +62,14 @@
#endif
#endif
+#if defined(PSA_WANT_ALG_FFDH)
+#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#undef MBEDTLS_PSA_ACCEL_ALG_FFDH
+#else
+#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1
+#endif
+#endif
+
#if defined(PSA_WANT_ALG_MD5)
#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
#undef MBEDTLS_PSA_ACCEL_ALG_MD5
@@ -198,6 +206,14 @@
#endif
#endif
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR
+#else
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1
+#endif
+#endif
+
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
@@ -214,6 +230,7 @@
#endif
#endif
+
#if defined(PSA_WANT_ALG_TLS12_PRF)
#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
@@ -275,3 +292,4 @@
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 572b6cb..2841691 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -36,7 +36,6 @@
#include <ssl_misc.h>
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
-#include "hash_info.h"
#include "test/certs.h"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index c013f2c..7cc31b4 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -411,6 +411,18 @@
done
}
+pre_parse_command_line_for_dirs () {
+ # Make an early pass through the options given, so we can set directories
+ # for Arm compilers, before SUPPORTED_COMPONENTS is determined.
+ while [ $# -gt 0 ]; do
+ case "$1" in
+ --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
+ --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ esac
+ shift
+ done
+}
+
pre_parse_command_line () {
COMMAND_LINE_COMPONENTS=
all_except=0
@@ -427,8 +439,8 @@
--arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
--arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
--armcc) no_armcc=;;
- --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
- --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs
+ --armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs
--error-test) error_test=$((error_test + 1));;
--except) all_except=1;;
--force|-f) FORCE=1;;
@@ -2160,6 +2172,50 @@
make test
}
+component_test_psa_crypto_config_accel_ffdh () {
+ msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries
+ # --------------------------------------
+
+ # Start from default config (no USE_PSA or TLS 1.3)
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+
+ # Disable the module that's accelerated
+ scripts/config.py unset MBEDTLS_DHM_C
+
+ # Disable things that depend on it
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+
+ # Build the main library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure this was not re-enabled by accident (additive config)
+ not grep mbedtls_dhm_ library/dhm.o
+
+ # Run the tests
+ # -------------
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH"
+ make test
+}
+
component_test_psa_crypto_config_accel_pake() {
msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
@@ -2464,7 +2520,6 @@
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- echo $ALG
scripts/config.py -f include/psa/crypto_config.h unset $ALG
done
@@ -3832,7 +3887,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_linux_gnueabi_gcc_arm5vte () {
@@ -3846,7 +3901,7 @@
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
- ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
+ ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
@@ -3861,7 +3916,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_none_eabi_gcc_m0plus () {
@@ -3870,7 +3925,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
@@ -3891,6 +3946,25 @@
not grep __aeabi_lmul library/*.o
}
+component_build_arm_clang_thumb () {
+ # ~ 30s
+
+ scripts/config.py baremetal
+
+ msg "build: clang thumb 2, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib
+
+ # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
+ msg "build: clang thumb 1 -O0, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
+
+ msg "build: clang thumb 1 -Os, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
+}
+
component_build_armcc () {
msg "build: ARM Compiler 5"
scripts/config.py baremetal
@@ -3914,7 +3988,7 @@
make clean
- # Compile with -O1 since some Arm inline assembly is disabled for -O0.
+ # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
# ARM Compiler 6 - Target ARMv7-A
armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
@@ -3933,7 +4007,14 @@
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
+
+ # ARM Compiler 6 - Target Cortex-M0 - no optimisation
+ armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
+
+ # ARM Compiler 6 - Target Cortex-M0
+ armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
}
+
support_build_armcc () {
armc5_cc="$ARMC5_BIN_DIR/armcc"
armc6_cc="$ARMC6_BIN_DIR/armclang"
@@ -4415,6 +4496,7 @@
# Preliminary setup
pre_check_environment
+pre_parse_command_line_for_dirs "$@"
pre_initialize_variables
pre_parse_command_line "$@"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 293459b..0238555 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -247,7 +247,21 @@
'ECP test vectors secp256r1 rfc 5114',
'ECP test vectors secp384r1 rfc 5114',
'ECP test vectors secp521r1 rfc 5114',
- ]
+ ],
+ 'test_suite_pkparse': [
+ # This is a known difference for Montgomery curves: in
+ # reference component private keys are parsed using
+ # mbedtls_mpi_read_binary_le(), while in driver version they
+ # they are imported in PSA and there the parsing is done
+ # through mbedtls_ecp_read_key(). Unfortunately the latter
+ # fixes the errors which are intentionally set on the parsed
+ # key and therefore the following test case is not failing
+ # as expected.
+ # This cause the following test to be guarded by ECP_C and
+ # not being executed on the driver version.
+ ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking '
+ 'requirements, from RFC8410 Appendix A but made into version 0)'),
+ ],
}
}
},
diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py
new file mode 100755
index 0000000..5506e40
--- /dev/null
+++ b/tests/scripts/audit-validity-dates.py
@@ -0,0 +1,513 @@
+#!/usr/bin/env python3
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Audit validity date of X509 crt/crl/csr.
+
+This script is used to audit the validity date of crt/crl/csr used for testing.
+It prints the information about X.509 objects excluding the objects that
+are valid throughout the desired validity period. The data are collected
+from tests/data_files/ and tests/suites/*.data files by default.
+"""
+
+import os
+import sys
+import re
+import typing
+import argparse
+import datetime
+import glob
+import logging
+import hashlib
+from enum import Enum
+
+# The script requires cryptography >= 35.0.0 which is only available
+# for Python >= 3.6.
+import cryptography
+from cryptography import x509
+
+from generate_test_code import FileWrapper
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_dev import build_tree
+
+def check_cryptography_version():
+ match = re.match(r'^[0-9]+', cryptography.__version__)
+ if match is None or int(match.group(0)) < 35:
+ raise Exception("audit-validity-dates requires cryptography >= 35.0.0"
+ + "({} is too old)".format(cryptography.__version__))
+
+class DataType(Enum):
+ CRT = 1 # Certificate
+ CRL = 2 # Certificate Revocation List
+ CSR = 3 # Certificate Signing Request
+
+
+class DataFormat(Enum):
+ PEM = 1 # Privacy-Enhanced Mail
+ DER = 2 # Distinguished Encoding Rules
+
+
+class AuditData:
+ """Store data location, type and validity period of X.509 objects."""
+ #pylint: disable=too-few-public-methods
+ def __init__(self, data_type: DataType, x509_obj):
+ self.data_type = data_type
+ # the locations that the x509 object could be found
+ self.locations = [] # type: typing.List[str]
+ self.fill_validity_duration(x509_obj)
+ self._obj = x509_obj
+ encoding = cryptography.hazmat.primitives.serialization.Encoding.DER
+ self._identifier = hashlib.sha1(self._obj.public_bytes(encoding)).hexdigest()
+
+ @property
+ def identifier(self):
+ """
+ Identifier of the underlying X.509 object, which is consistent across
+ different runs.
+ """
+ return self._identifier
+
+ def fill_validity_duration(self, x509_obj):
+ """Read validity period from an X.509 object."""
+ # Certificate expires after "not_valid_after"
+ # Certificate is invalid before "not_valid_before"
+ if self.data_type == DataType.CRT:
+ self.not_valid_after = x509_obj.not_valid_after
+ self.not_valid_before = x509_obj.not_valid_before
+ # CertificateRevocationList expires after "next_update"
+ # CertificateRevocationList is invalid before "last_update"
+ elif self.data_type == DataType.CRL:
+ self.not_valid_after = x509_obj.next_update
+ self.not_valid_before = x509_obj.last_update
+ # CertificateSigningRequest is always valid.
+ elif self.data_type == DataType.CSR:
+ self.not_valid_after = datetime.datetime.max
+ self.not_valid_before = datetime.datetime.min
+ else:
+ raise ValueError("Unsupported file_type: {}".format(self.data_type))
+
+
+class X509Parser:
+ """A parser class to parse crt/crl/csr file or data in PEM/DER format."""
+ PEM_REGEX = br'-{5}BEGIN (?P<type>.*?)-{5}(?P<data>.*?)-{5}END (?P=type)-{5}'
+ PEM_TAG_REGEX = br'-{5}BEGIN (?P<type>.*?)-{5}\n'
+ PEM_TAGS = {
+ DataType.CRT: 'CERTIFICATE',
+ DataType.CRL: 'X509 CRL',
+ DataType.CSR: 'CERTIFICATE REQUEST'
+ }
+
+ def __init__(self,
+ backends:
+ typing.Dict[DataType,
+ typing.Dict[DataFormat,
+ typing.Callable[[bytes], object]]]) \
+ -> None:
+ self.backends = backends
+ self.__generate_parsers()
+
+ def __generate_parser(self, data_type: DataType):
+ """Parser generator for a specific DataType"""
+ tag = self.PEM_TAGS[data_type]
+ pem_loader = self.backends[data_type][DataFormat.PEM]
+ der_loader = self.backends[data_type][DataFormat.DER]
+ def wrapper(data: bytes):
+ pem_type = X509Parser.pem_data_type(data)
+ # It is in PEM format with target tag
+ if pem_type == tag:
+ return pem_loader(data)
+ # It is in PEM format without target tag
+ if pem_type:
+ return None
+ # It might be in DER format
+ try:
+ result = der_loader(data)
+ except ValueError:
+ result = None
+ return result
+ wrapper.__name__ = "{}.parser[{}]".format(type(self).__name__, tag)
+ return wrapper
+
+ def __generate_parsers(self):
+ """Generate parsers for all support DataType"""
+ self.parsers = {}
+ for data_type, _ in self.PEM_TAGS.items():
+ self.parsers[data_type] = self.__generate_parser(data_type)
+
+ def __getitem__(self, item):
+ return self.parsers[item]
+
+ @staticmethod
+ def pem_data_type(data: bytes) -> typing.Optional[str]:
+ """Get the tag from the data in PEM format
+
+ :param data: data to be checked in binary mode.
+ :return: PEM tag or "" when no tag detected.
+ """
+ m = re.search(X509Parser.PEM_TAG_REGEX, data)
+ if m is not None:
+ return m.group('type').decode('UTF-8')
+ else:
+ return None
+
+ @staticmethod
+ def check_hex_string(hex_str: str) -> bool:
+ """Check if the hex string is possibly DER data."""
+ hex_len = len(hex_str)
+ # At least 6 hex char for 3 bytes: Type + Length + Content
+ if hex_len < 6:
+ return False
+ # Check if Type (1 byte) is SEQUENCE.
+ if hex_str[0:2] != '30':
+ return False
+ # Check LENGTH (1 byte) value
+ content_len = int(hex_str[2:4], base=16)
+ consumed = 4
+ if content_len in (128, 255):
+ # Indefinite or Reserved
+ return False
+ elif content_len > 127:
+ # Definite, Long
+ length_len = (content_len - 128) * 2
+ content_len = int(hex_str[consumed:consumed+length_len], base=16)
+ consumed += length_len
+ # Check LENGTH
+ if hex_len != content_len * 2 + consumed:
+ return False
+ return True
+
+
+class Auditor:
+ """
+ A base class that uses X509Parser to parse files to a list of AuditData.
+
+ A subclass must implement the following methods:
+ - collect_default_files: Return a list of file names that are defaultly
+ used for parsing (auditing). The list will be stored in
+ Auditor.default_files.
+ - parse_file: Method that parses a single file to a list of AuditData.
+
+ A subclass may override the following methods:
+ - parse_bytes: Defaultly, it parses `bytes` that contains only one valid
+ X.509 data(DER/PEM format) to an X.509 object.
+ - walk_all: Defaultly, it iterates over all the files in the provided
+ file name list, calls `parse_file` for each file and stores the results
+ by extending the `results` passed to the function.
+ """
+ def __init__(self, logger):
+ self.logger = logger
+ self.default_files = self.collect_default_files()
+ self.parser = X509Parser({
+ DataType.CRT: {
+ DataFormat.PEM: x509.load_pem_x509_certificate,
+ DataFormat.DER: x509.load_der_x509_certificate
+ },
+ DataType.CRL: {
+ DataFormat.PEM: x509.load_pem_x509_crl,
+ DataFormat.DER: x509.load_der_x509_crl
+ },
+ DataType.CSR: {
+ DataFormat.PEM: x509.load_pem_x509_csr,
+ DataFormat.DER: x509.load_der_x509_csr
+ },
+ })
+
+ def collect_default_files(self) -> typing.List[str]:
+ """Collect the default files for parsing."""
+ raise NotImplementedError
+
+ def parse_file(self, filename: str) -> typing.List[AuditData]:
+ """
+ Parse a list of AuditData from file.
+
+ :param filename: name of the file to parse.
+ :return list of AuditData parsed from the file.
+ """
+ raise NotImplementedError
+
+ def parse_bytes(self, data: bytes):
+ """Parse AuditData from bytes."""
+ for data_type in list(DataType):
+ try:
+ result = self.parser[data_type](data)
+ except ValueError as val_error:
+ result = None
+ self.logger.warning(val_error)
+ if result is not None:
+ audit_data = AuditData(data_type, result)
+ return audit_data
+ return None
+
+ def walk_all(self,
+ results: typing.Dict[str, AuditData],
+ file_list: typing.Optional[typing.List[str]] = None) \
+ -> None:
+ """
+ Iterate over all the files in the list and get audit data. The
+ results will be written to `results` passed to this function.
+
+ :param results: The dictionary used to store the parsed
+ AuditData. The keys of this dictionary should
+ be the identifier of the AuditData.
+ """
+ if file_list is None:
+ file_list = self.default_files
+ for filename in file_list:
+ data_list = self.parse_file(filename)
+ for d in data_list:
+ if d.identifier in results:
+ results[d.identifier].locations.extend(d.locations)
+ else:
+ results[d.identifier] = d
+
+ @staticmethod
+ def find_test_dir():
+ """Get the relative path for the MbedTLS test directory."""
+ return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests')
+
+
+class TestDataAuditor(Auditor):
+ """Class for auditing files in `tests/data_files/`"""
+
+ def collect_default_files(self):
+ """Collect all files in `tests/data_files/`"""
+ test_dir = self.find_test_dir()
+ test_data_glob = os.path.join(test_dir, 'data_files/**')
+ data_files = [f for f in glob.glob(test_data_glob, recursive=True)
+ if os.path.isfile(f)]
+ return data_files
+
+ def parse_file(self, filename: str) -> typing.List[AuditData]:
+ """
+ Parse a list of AuditData from data file.
+
+ :param filename: name of the file to parse.
+ :return list of AuditData parsed from the file.
+ """
+ with open(filename, 'rb') as f:
+ data = f.read()
+
+ results = []
+ # Try to parse all PEM blocks.
+ is_pem = False
+ for idx, m in enumerate(re.finditer(X509Parser.PEM_REGEX, data, flags=re.S), 1):
+ is_pem = True
+ result = self.parse_bytes(data[m.start():m.end()])
+ if result is not None:
+ result.locations.append("{}#{}".format(filename, idx))
+ results.append(result)
+
+ # Might be DER format.
+ if not is_pem:
+ result = self.parse_bytes(data)
+ if result is not None:
+ result.locations.append("{}".format(filename))
+ results.append(result)
+
+ return results
+
+
+def parse_suite_data(data_f):
+ """
+ Parses .data file for test arguments that possiblly have a
+ valid X.509 data. If you need a more precise parser, please
+ use generate_test_code.parse_test_data instead.
+
+ :param data_f: file object of the data file.
+ :return: Generator that yields test function argument list.
+ """
+ for line in data_f:
+ line = line.strip()
+ # Skip comments
+ if line.startswith('#'):
+ continue
+
+ # Check parameters line
+ match = re.search(r'\A\w+(.*:)?\"', line)
+ if match:
+ # Read test vectors
+ parts = re.split(r'(?<!\\):', line)
+ parts = [x for x in parts if x]
+ args = parts[1:]
+ yield args
+
+
+class SuiteDataAuditor(Auditor):
+ """Class for auditing files in `tests/suites/*.data`"""
+
+ def collect_default_files(self):
+ """Collect all files in `tests/suites/*.data`"""
+ test_dir = self.find_test_dir()
+ suites_data_folder = os.path.join(test_dir, 'suites')
+ data_files = glob.glob(os.path.join(suites_data_folder, '*.data'))
+ return data_files
+
+ def parse_file(self, filename: str):
+ """
+ Parse a list of AuditData from test suite data file.
+
+ :param filename: name of the file to parse.
+ :return list of AuditData parsed from the file.
+ """
+ audit_data_list = []
+ data_f = FileWrapper(filename)
+ for test_args in parse_suite_data(data_f):
+ for idx, test_arg in enumerate(test_args):
+ match = re.match(r'"(?P<data>[0-9a-fA-F]+)"', test_arg)
+ if not match:
+ continue
+ if not X509Parser.check_hex_string(match.group('data')):
+ continue
+ audit_data = self.parse_bytes(bytes.fromhex(match.group('data')))
+ if audit_data is None:
+ continue
+ audit_data.locations.append("{}:{}:#{}".format(filename,
+ data_f.line_no,
+ idx + 1))
+ audit_data_list.append(audit_data)
+
+ return audit_data_list
+
+
+def list_all(audit_data: AuditData):
+ for loc in audit_data.locations:
+ print("{}\t{:20}\t{:20}\t{:3}\t{}".format(
+ audit_data.identifier,
+ audit_data.not_valid_before.isoformat(timespec='seconds'),
+ audit_data.not_valid_after.isoformat(timespec='seconds'),
+ audit_data.data_type.name,
+ loc))
+
+
+def configure_logger(logger: logging.Logger) -> None:
+ """
+ Configure the logging.Logger instance so that:
+ - Format is set to "[%(levelname)s]: %(message)s".
+ - loglevel >= WARNING are printed to stderr.
+ - loglevel < WARNING are printed to stdout.
+ """
+ class MaxLevelFilter(logging.Filter):
+ # pylint: disable=too-few-public-methods
+ def __init__(self, max_level, name=''):
+ super().__init__(name)
+ self.max_level = max_level
+
+ def filter(self, record: logging.LogRecord) -> bool:
+ return record.levelno <= self.max_level
+
+ log_formatter = logging.Formatter("[%(levelname)s]: %(message)s")
+
+ # set loglevel >= WARNING to be printed to stderr
+ stderr_hdlr = logging.StreamHandler(sys.stderr)
+ stderr_hdlr.setLevel(logging.WARNING)
+ stderr_hdlr.setFormatter(log_formatter)
+
+ # set loglevel <= INFO to be printed to stdout
+ stdout_hdlr = logging.StreamHandler(sys.stdout)
+ stdout_hdlr.addFilter(MaxLevelFilter(logging.INFO))
+ stdout_hdlr.setFormatter(log_formatter)
+
+ logger.addHandler(stderr_hdlr)
+ logger.addHandler(stdout_hdlr)
+
+
+def main():
+ """
+ Perform argument parsing.
+ """
+ parser = argparse.ArgumentParser(description=__doc__)
+
+ parser.add_argument('-a', '--all',
+ action='store_true',
+ help='list the information of all the files')
+ parser.add_argument('-v', '--verbose',
+ action='store_true', dest='verbose',
+ help='show logs')
+ parser.add_argument('--from', dest='start_date',
+ help=('Start of desired validity period (UTC, YYYY-MM-DD). '
+ 'Default: today'),
+ metavar='DATE')
+ parser.add_argument('--to', dest='end_date',
+ help=('End of desired validity period (UTC, YYYY-MM-DD). '
+ 'Default: --from'),
+ metavar='DATE')
+ parser.add_argument('--data-files', action='append', nargs='*',
+ help='data files to audit',
+ metavar='FILE')
+ parser.add_argument('--suite-data-files', action='append', nargs='*',
+ help='suite data files to audit',
+ metavar='FILE')
+
+ args = parser.parse_args()
+
+ # start main routine
+ # setup logger
+ logger = logging.getLogger()
+ configure_logger(logger)
+ logger.setLevel(logging.DEBUG if args.verbose else logging.ERROR)
+
+ td_auditor = TestDataAuditor(logger)
+ sd_auditor = SuiteDataAuditor(logger)
+
+ data_files = []
+ suite_data_files = []
+ if args.data_files is None and args.suite_data_files is None:
+ data_files = td_auditor.default_files
+ suite_data_files = sd_auditor.default_files
+ else:
+ if args.data_files is not None:
+ data_files = [x for l in args.data_files for x in l]
+ if args.suite_data_files is not None:
+ suite_data_files = [x for l in args.suite_data_files for x in l]
+
+ # validity period start date
+ if args.start_date:
+ start_date = datetime.datetime.fromisoformat(args.start_date)
+ else:
+ start_date = datetime.datetime.today()
+ # validity period end date
+ if args.end_date:
+ end_date = datetime.datetime.fromisoformat(args.end_date)
+ else:
+ end_date = start_date
+
+ # go through all the files
+ audit_results = {}
+ td_auditor.walk_all(audit_results, data_files)
+ sd_auditor.walk_all(audit_results, suite_data_files)
+
+ logger.info("Total: {} objects found!".format(len(audit_results)))
+
+ # we filter out the files whose validity duration covers the provided
+ # duration.
+ filter_func = lambda d: (start_date < d.not_valid_before) or \
+ (d.not_valid_after < end_date)
+
+ sortby_end = lambda d: d.not_valid_after
+
+ if args.all:
+ filter_func = None
+
+ # filter and output the results
+ for d in sorted(filter(filter_func, audit_results.values()), key=sortby_end):
+ list_all(d)
+
+ logger.debug("Done!")
+
+check_cryptography_version()
+if __name__ == "__main__":
+ main()
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index b29ea0a..61908eb 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -426,7 +426,8 @@
'hashes': DualDomain(hash_symbols, build_and_test,
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_' \
- '|MBEDTLS_SHA384_'),
+ '|MBEDTLS_SHA384_' \
+ '|MBEDTLS_SHA3_'),
# Key exchange types.
'kex': ExclusiveDomain(key_exchange_symbols, build_and_test),
'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C',
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f19d30b..ff7f9b9 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -163,7 +163,6 @@
"""
-import io
import os
import re
import sys
@@ -171,6 +170,28 @@
import argparse
+# Types recognized as signed integer arguments in test functions.
+SIGNED_INTEGER_TYPES = frozenset([
+ 'char',
+ 'short',
+ 'short int',
+ 'int',
+ 'int8_t',
+ 'int16_t',
+ 'int32_t',
+ 'int64_t',
+ 'intmax_t',
+ 'long',
+ 'long int',
+ 'long long int',
+ 'mbedtls_mpi_sint',
+ 'psa_status_t',
+])
+# Types recognized as string arguments in test functions.
+STRING_TYPES = frozenset(['char*', 'const char*', 'char const*'])
+# Types recognized as hex data arguments in test functions.
+DATA_TYPES = frozenset(['data_t*', 'const data_t*', 'data_t const*'])
+
BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/'
END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/'
@@ -192,9 +213,6 @@
CONDITION_OPERATOR_REGEX,
CONDITION_VALUE_REGEX)
TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
-INT_CHECK_REGEX = r'int\s+.*'
-CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
-DATA_T_CHECK_REGEX = r'data_t\s*\*\s*.*'
FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
EXIT_LABEL_REGEX = r'^exit:'
@@ -208,43 +226,57 @@
pass
-class FileWrapper(io.FileIO):
+class FileWrapper:
"""
- This class extends built-in io.FileIO class with attribute line_no,
+ This class extends the file object with attribute line_no,
that indicates line number for the line that is read.
"""
- def __init__(self, file_name):
+ def __init__(self, file_name) -> None:
"""
- Instantiate the base class and initialize the line number to 0.
+ Instantiate the file object and initialize the line number to 0.
:param file_name: File path to open.
"""
- super().__init__(file_name, 'r')
+ # private mix-in file object
+ self._f = open(file_name, 'rb')
self._line_no = 0
+ def __iter__(self):
+ return self
+
def __next__(self):
"""
- This method overrides base class's __next__ method and extends it
- method to count the line numbers as each line is read.
+ This method makes FileWrapper iterable.
+ It counts the line numbers as each line is read.
:return: Line read from file.
"""
- line = super().__next__()
- if line is not None:
- self._line_no += 1
- # Convert byte array to string with correct encoding and
- # strip any whitespaces added in the decoding process.
- return line.decode(sys.getdefaultencoding()).rstrip() + '\n'
- return None
+ line = self._f.__next__()
+ self._line_no += 1
+ # Convert byte array to string with correct encoding and
+ # strip any whitespaces added in the decoding process.
+ return line.decode(sys.getdefaultencoding()).rstrip()+ '\n'
- def get_line_no(self):
+ def __enter__(self):
+ return self
+
+ def __exit__(self, exc_type, exc_val, exc_tb):
+ self._f.__exit__(exc_type, exc_val, exc_tb)
+
+ @property
+ def line_no(self):
"""
- Gives current line number.
+ Property that indicates line number for the line that is read.
"""
return self._line_no
- line_no = property(get_line_no)
+ @property
+ def name(self):
+ """
+ Property that indicates name of the file that is read.
+ """
+ return self._f.name
def split_dep(dep):
@@ -303,7 +335,7 @@
:param name: Test function name
:param local_vars: Local variables declaration code
:param args_dispatch: List of dispatch arguments.
- Ex: ['(char *)params[0]', '*((int *)params[1])']
+ Ex: ['(char *) params[0]', '*((int *) params[1])']
:return: Test function wrapper.
"""
# Then create the wrapper
@@ -444,6 +476,49 @@
return dependencies
+ARGUMENT_DECLARATION_REGEX = re.compile(r'(.+?) ?(?:\bconst\b)? ?(\w+)\Z', re.S)
+def parse_function_argument(arg, arg_idx, args, local_vars, args_dispatch):
+ """
+ Parses one test function's argument declaration.
+
+ :param arg: argument declaration.
+ :param arg_idx: current wrapper argument index.
+ :param args: accumulator of arguments' internal types.
+ :param local_vars: accumulator of internal variable declarations.
+ :param args_dispatch: accumulator of argument usage expressions.
+ :return: the number of new wrapper arguments,
+ or None if the argument declaration is invalid.
+ """
+ # Normalize whitespace
+ arg = arg.strip()
+ arg = re.sub(r'\s*\*\s*', r'*', arg)
+ arg = re.sub(r'\s+', r' ', arg)
+ # Extract name and type
+ m = ARGUMENT_DECLARATION_REGEX.search(arg)
+ if not m:
+ # E.g. "int x[42]"
+ return None
+ typ, _ = m.groups()
+ if typ in SIGNED_INTEGER_TYPES:
+ args.append('int')
+ args_dispatch.append('((mbedtls_test_argument_t *) params[%d])->sint' % arg_idx)
+ return 1
+ if typ in STRING_TYPES:
+ args.append('char*')
+ args_dispatch.append('(char *) params[%d]' % arg_idx)
+ return 1
+ if typ in DATA_TYPES:
+ args.append('hex')
+ # create a structure
+ pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
+ len_initializer = '((mbedtls_test_argument_t *) params[%d])->len' % (arg_idx+1)
+ local_vars.append(' data_t data%d = {%s, %s};\n' %
+ (arg_idx, pointer_initializer, len_initializer))
+ args_dispatch.append('&data%d' % arg_idx)
+ return 2
+ return None
+
+ARGUMENT_LIST_REGEX = re.compile(r'\((.*?)\)', re.S)
def parse_function_arguments(line):
"""
Parses test function signature for validation and generates
@@ -455,42 +530,27 @@
:return: argument list, local variables for
wrapper function and argument dispatch code.
"""
- args = []
- local_vars = ''
- args_dispatch = []
- arg_idx = 0
- # Remove characters before arguments
- line = line[line.find('(') + 1:]
# Process arguments, ex: <type> arg1, <type> arg2 )
# This script assumes that the argument list is terminated by ')'
# i.e. the test functions will not have a function pointer
# argument.
- for arg in line[:line.find(')')].split(','):
- arg = arg.strip()
- if arg == '':
- continue
- if re.search(INT_CHECK_REGEX, arg.strip()):
- args.append('int')
- args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
- elif re.search(CHAR_CHECK_REGEX, arg.strip()):
- args.append('char*')
- args_dispatch.append('(char *) params[%d]' % arg_idx)
- elif re.search(DATA_T_CHECK_REGEX, arg.strip()):
- args.append('hex')
- # create a structure
- pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
- len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
- local_vars += """ data_t data%d = {%s, %s};
-""" % (arg_idx, pointer_initializer, len_initializer)
-
- args_dispatch.append('&data%d' % arg_idx)
- arg_idx += 1
- else:
+ m = ARGUMENT_LIST_REGEX.search(line)
+ arg_list = m.group(1).strip()
+ if arg_list in ['', 'void']:
+ return [], '', []
+ args = []
+ local_vars = []
+ args_dispatch = []
+ arg_idx = 0
+ for arg in arg_list.split(','):
+ indexes = parse_function_argument(arg, arg_idx,
+ args, local_vars, args_dispatch)
+ if indexes is None:
raise ValueError("Test function arguments can only be 'int', "
"'char *' or 'data_t'\n%s" % line)
- arg_idx += 1
+ arg_idx += indexes
- return args, local_vars, args_dispatch
+ return args, ''.join(local_vars), args_dispatch
def generate_function_code(name, code, local_vars, args_dispatch,
@@ -705,7 +765,7 @@
execution.
:param data_f: file object of the data file.
- :return: Generator that yields test name, function name,
+ :return: Generator that yields line number, test name, function name,
dependency list and function argument list.
"""
__state_read_name = 0
@@ -748,7 +808,7 @@
parts = escaped_split(line, ':')
test_function = parts[0]
args = parts[1:]
- yield name, test_function, dependencies, args
+ yield data_f.line_no, name, test_function, dependencies, args
dependencies = []
state = __state_read_name
if state == __state_read_args:
@@ -846,6 +906,14 @@
return dep_check_code
+INT_VAL_REGEX = re.compile(r'-?(\d+|0x[0-9a-f]+)$', re.I)
+def val_is_int(val: str) -> bool:
+ """Whether val is suitable as an 'int' parameter in the .datax file."""
+ if not INT_VAL_REGEX.match(val):
+ return False
+ # Limit the range to what is guaranteed to get through strtol()
+ return abs(int(val, 0)) <= 0x7fffffff
+
def write_parameters(out_data_f, test_args, func_args, unique_expressions):
"""
Writes test parameters to the intermediate data file, replacing
@@ -864,9 +932,9 @@
typ = func_args[i]
val = test_args[i]
- # check if val is a non literal int val (i.e. an expression)
- if typ == 'int' and not re.match(r'(\d+|0x[0-9a-f]+)$',
- val, re.I):
+ # Pass small integer constants literally. This reduces the size of
+ # the C code. Register anything else as an expression.
+ if typ == 'int' and not val_is_int(val):
typ = 'exp'
if val not in unique_expressions:
unique_expressions.append(val)
@@ -909,6 +977,24 @@
return dep_check_code, expression_code
+def get_function_info(func_info, function_name, line_no):
+ """Look up information about a test function by name.
+
+ Raise an informative expression if function_name is not found.
+
+ :param func_info: dictionary mapping function names to their information.
+ :param function_name: the function name as written in the .function and
+ .data files.
+ :param line_no: line number for error messages.
+ :return Function information (id, args).
+ """
+ test_function_name = 'test_' + function_name
+ if test_function_name not in func_info:
+ raise GeneratorInputError("%d: Function %s not found!" %
+ (line_no, test_function_name))
+ return func_info[test_function_name]
+
+
def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
"""
This function reads test case name, dependencies and test vectors
@@ -931,7 +1017,7 @@
unique_expressions = []
dep_check_code = ''
expression_code = ''
- for test_name, function_name, test_dependencies, test_args in \
+ for line_no, test_name, function_name, test_dependencies, test_args in \
parse_test_data(data_f):
out_data_f.write(test_name + '\n')
@@ -940,18 +1026,15 @@
unique_dependencies)
# Write test function name
- test_function_name = 'test_' + function_name
- if test_function_name not in func_info:
- raise GeneratorInputError("Function %s not found!" %
- test_function_name)
- func_id, func_args = func_info[test_function_name]
+ func_id, func_args = \
+ get_function_info(func_info, function_name, line_no)
out_data_f.write(str(func_id))
# Write parameters
if len(test_args) != len(func_args):
- raise GeneratorInputError("Invalid number of arguments in test "
+ raise GeneratorInputError("%d: Invalid number of arguments in test "
"%s. See function %s signature." %
- (test_name, function_name))
+ (line_no, test_name, function_name))
expression_code += write_parameters(out_data_f, test_args, func_args,
unique_expressions)
diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py
index b086793..f685bab 100755
--- a/tests/scripts/psa_collect_statuses.py
+++ b/tests/scripts/psa_collect_statuses.py
@@ -1,13 +1,13 @@
#!/usr/bin/env python3
"""Describe the test coverage of PSA functions in terms of return statuses.
-1. Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG
+1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG
2. Run psa_collect_statuses.py
The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each
function/status combination appears only once.
-This script must be run from the top of an Mbed Crypto source tree.
+This script must be run from the top of an Mbed TLS source tree.
The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is
only supported with make (as opposed to CMake or other build methods).
"""
@@ -46,7 +46,7 @@
def collect_log(self, log_file_name):
"""Read logs from RECORD_PSA_STATUS_COVERAGE_LOG.
- Read logs produced by running Mbed Crypto test suites built with
+ Read logs produced by running Mbed TLS test suites built with
-DRECORD_PSA_STATUS_COVERAGE_LOG.
"""
with open(log_file_name) as log:
@@ -82,7 +82,7 @@
def collect_status_logs(options):
"""Build and run unit tests and report observed function return statuses.
- Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
+ Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
test suites and display information about observed return statuses.
"""
rebuilt = False
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index d23d742..fe748ae 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -485,9 +485,10 @@
args, local, arg_dispatch = parse_function_arguments(line)
self.assertEqual(args, ['char*', 'int', 'int'])
self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, ['(char *) params[0]',
- '*( (int *) params[1] )',
- '*( (int *) params[2] )'])
+ self.assertEqual(arg_dispatch,
+ ['(char *) params[0]',
+ '((mbedtls_test_argument_t *) params[1])->sint',
+ '((mbedtls_test_argument_t *) params[2])->sint'])
def test_hex_params(self):
"""
@@ -499,22 +500,22 @@
self.assertEqual(args, ['char*', 'hex', 'int'])
self.assertEqual(local,
' data_t data1 = {(uint8_t *) params[1], '
- '*( (uint32_t *) params[2] )};\n')
+ '((mbedtls_test_argument_t *) params[2])->len};\n')
self.assertEqual(arg_dispatch, ['(char *) params[0]',
'&data1',
- '*( (int *) params[3] )'])
+ '((mbedtls_test_argument_t *) params[3])->sint'])
def test_unsupported_arg(self):
"""
- Test unsupported arguments (not among int, char * and data_t)
+ Test unsupported argument type
:return:
"""
- line = 'void entropy_threshold( char * a, data_t * h, char result )'
+ line = 'void entropy_threshold( char * a, data_t * h, unknown_t result )'
self.assertRaises(ValueError, parse_function_arguments, line)
- def test_no_params(self):
+ def test_empty_params(self):
"""
- Test no parameters.
+ Test no parameters (nothing between parentheses).
:return:
"""
line = 'void entropy_threshold()'
@@ -523,6 +524,39 @@
self.assertEqual(local, '')
self.assertEqual(arg_dispatch, [])
+ def test_blank_params(self):
+ """
+ Test no parameters (space between parentheses).
+ :return:
+ """
+ line = 'void entropy_threshold( )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
+ def test_void_params(self):
+ """
+ Test no parameters (void keyword).
+ :return:
+ """
+ line = 'void entropy_threshold(void)'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
+ def test_void_space_params(self):
+ """
+ Test no parameters (void with spaces).
+ :return:
+ """
+ line = 'void entropy_threshold( void )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
class ParseFunctionCode(TestCase):
"""
@@ -1264,29 +1298,33 @@
# List of (name, function_name, dependencies, args)
tests = list(parse_test_data(stream))
test1, test2, test3, test4 = tests
- self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[1], 'dhm_do_dhm')
- self.assertEqual(test1[2], [])
- self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+ self.assertEqual(test1[0], 3)
+ self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[2], 'dhm_do_dhm')
+ self.assertEqual(test1[3], [])
+ self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
- self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[1], 'dhm_do_dhm')
- self.assertEqual(test2[2], [])
- self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ self.assertEqual(test2[0], 6)
+ self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[2], 'dhm_do_dhm')
+ self.assertEqual(test2[3], [])
+ self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
'10', '"9345098304850938450983409622"'])
- self.assertEqual(test3[0], 'Diffie-Hellman full exchange #3')
- self.assertEqual(test3[1], 'dhm_do_dhm')
- self.assertEqual(test3[2], [])
- self.assertEqual(test3[3], ['10',
+ self.assertEqual(test3[0], 9)
+ self.assertEqual(test3[1], 'Diffie-Hellman full exchange #3')
+ self.assertEqual(test3[2], 'dhm_do_dhm')
+ self.assertEqual(test3[3], [])
+ self.assertEqual(test3[4], ['10',
'"9345098382739712938719287391879381271"',
'10',
'"9345098792137312973297123912791271"'])
- self.assertEqual(test4[0], 'Diffie-Hellman selftest')
- self.assertEqual(test4[1], 'dhm_selftest')
- self.assertEqual(test4[2], [])
+ self.assertEqual(test4[0], 12)
+ self.assertEqual(test4[1], 'Diffie-Hellman selftest')
+ self.assertEqual(test4[2], 'dhm_selftest')
self.assertEqual(test4[3], [])
+ self.assertEqual(test4[4], [])
def test_with_dependencies(self):
"""
@@ -1306,15 +1344,17 @@
# List of (name, function_name, dependencies, args)
tests = list(parse_test_data(stream))
test1, test2 = tests
- self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[1], 'dhm_do_dhm')
- self.assertEqual(test1[2], ['YAHOO'])
- self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+ self.assertEqual(test1[0], 4)
+ self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[2], 'dhm_do_dhm')
+ self.assertEqual(test1[3], ['YAHOO'])
+ self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
- self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[1], 'dhm_do_dhm')
- self.assertEqual(test2[2], [])
- self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ self.assertEqual(test2[0], 7)
+ self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[2], 'dhm_do_dhm')
+ self.assertEqual(test2[3], [])
+ self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
'10', '"9345098304850938450983409622"'])
def test_no_args(self):
@@ -1335,7 +1375,7 @@
stream = StringIOWrapper('test_suite_ut.function', data)
err = None
try:
- for _, _, _, _ in parse_test_data(stream):
+ for _, _, _, _, _ in parse_test_data(stream):
pass
except GeneratorInputError as err:
self.assertEqual(type(err), GeneratorInputError)
@@ -1353,7 +1393,7 @@
stream = StringIOWrapper('test_suite_ut.function', data)
err = None
try:
- for _, _, _, _ in parse_test_data(stream):
+ for _, _, _, _, _ in parse_test_data(stream):
pass
except GeneratorInputError as err:
self.assertEqual(type(err), GeneratorInputError)
diff --git a/tests/src/certs.c b/tests/src/certs.c
index 8b6b988..d2808d7 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c
@@ -40,69 +40,69 @@
/* This is taken from tests/data_files/test-ca2.crt */
/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
-#define TEST_CA_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
- "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
- "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \
- "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \
- "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \
- "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \
- "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \
+#define TEST_CA_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
+ "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
+ "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \
+ "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \
+ "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \
+ "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \
+ "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \
"-----END CERTIFICATE-----\r\n"
/* END FILE */
/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */
-#define TEST_CA_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
- 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
- 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
- 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
- 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
- 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
- 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
- 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
- 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
- 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
- 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
- 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
- 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
- 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
- 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
- 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
- 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
- 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
- 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
- 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
- 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
- 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
- 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
- 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
- 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
- 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
- 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
- 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
- 0xf5, 0xae, 0x1c, 0x42 \
+#define TEST_CA_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
+ 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
+ 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
+ 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
+ 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
+ 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
+ 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
+ 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
+ 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
+ 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
+ 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
+ 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
+ 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
+ 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
+ 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \
+ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \
+ 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
+ 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \
+ 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \
+ 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \
+ 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
+ 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \
+ 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \
+ 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \
+ 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \
+ 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \
+ 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \
+ 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \
+ 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \
+ 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \
+ 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \
+ 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \
}
/* END FILE */
@@ -350,33 +350,33 @@
#define TEST_CA_KEY_RSA_PEM \
"-----BEGIN RSA PRIVATE KEY-----\r\n" \
"Proc-Type: 4,ENCRYPTED\r\n" \
- "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \
+ "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \
"\r\n" \
- "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \
- "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \
- "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \
- "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \
- "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \
- "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \
- "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \
- "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \
- "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \
- "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \
- "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \
- "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \
- "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \
- "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \
- "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \
- "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \
- "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \
- "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \
- "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \
- "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \
- "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \
- "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \
- "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \
- "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \
- "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \
+ "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \
+ "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \
+ "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \
+ "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \
+ "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \
+ "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \
+ "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \
+ "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \
+ "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \
+ "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \
+ "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \
+ "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \
+ "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \
+ "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \
+ "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \
+ "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \
+ "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \
+ "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \
+ "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \
+ "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \
+ "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \
+ "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \
+ "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \
+ "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \
+ "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \
"-----END RSA PRIVATE KEY-----\r\n"
/* END FILE */
@@ -503,72 +503,72 @@
/* This is taken from tests/data_files/server5.crt. */
/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
-#define TEST_SRV_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
- "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
- "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
- "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
- "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
- "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \
- "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
- "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \
- "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \
- "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \
+#define TEST_SRV_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
+ "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
+ "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
+ "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
+ "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
+ "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \
+ "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
+ "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \
+ "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \
+ "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \
"-----END CERTIFICATE-----\r\n"
/* END FILE */
/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */
-#define TEST_SRV_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \
- 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \
- 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
- 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
- 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
- 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
- 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
- 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
- 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
- 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
- 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
- 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
- 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
- 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
- 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
- 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
- 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
- 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \
- 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \
- 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \
- 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \
- 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \
- 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \
- 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \
- 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \
- 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \
+#define TEST_SRV_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \
+ 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \
+ 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
+ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
+ 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
+ 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
+ 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
+ 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
+ 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
+ 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
+ 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
+ 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \
+ 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \
+ 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \
+ 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \
+ 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \
+ 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \
+ 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \
+ 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \
+ 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \
+ 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \
}
/* END FILE */
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index b60c412..6cfde20 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -24,6 +24,7 @@
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
+#include "psa_crypto_ffdh.h"
#include "test/drivers/key_agreement.h"
#include "test/drivers/test_driver.h"
@@ -33,6 +34,7 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/include/psa/crypto.h"
#include "libtestdriver1/library/psa_crypto_ecp.h"
+#include "libtestdriver1/library/psa_crypto_ffdh.h"
#endif
mbedtls_test_driver_key_agreement_hooks_t
@@ -94,6 +96,37 @@
(void) shared_secret_length;
return PSA_ERROR_NOT_SUPPORTED;
#endif
+ }
+ if (PSA_ALG_IS_FFDH(alg)) {
+#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH))
+ return libtestdriver1_mbedtls_psa_key_agreement_ffdh(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ peer_key, peer_key_length,
+ key_buffer, key_buffer_size,
+ shared_secret, shared_secret_size,
+ shared_secret_length);
+#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
+ return mbedtls_psa_key_agreement_ffdh(
+ attributes,
+ peer_key,
+ peer_key_length,
+ key_buffer,
+ key_buffer_size,
+ shared_secret,
+ shared_secret_size,
+ shared_secret_length);
+#else
+ (void) attributes;
+ (void) key_buffer;
+ (void) key_buffer_size;
+ (void) peer_key;
+ (void) peer_key_length;
+ (void) shared_secret;
+ (void) shared_secret_size;
+ (void) shared_secret_length;
+ return PSA_ERROR_NOT_SUPPORTED;
+#endif
} else {
return PSA_ERROR_INVALID_ARGUMENT;
}
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index a3ff2dd..3ff1053 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -25,6 +25,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_rsa.h"
+#include "psa_crypto_ffdh.h"
#include "mbedtls/ecp.h"
#include "mbedtls/error.h"
@@ -36,6 +37,7 @@
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_rsa.h"
+#include "libtestdriver1/library/psa_crypto_ffdh.h"
#endif
#include <string.h>
@@ -240,6 +242,17 @@
return mbedtls_psa_rsa_generate_key(
attributes, key, key_size, key_length);
#endif
+ } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
+ && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
+ return libtestdriver1_mbedtls_psa_ffdh_generate_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key, key_size, key_length);
+#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
+ return mbedtls_psa_ffdh_generate_key(
+ attributes, key, key_size, key_length);
+#endif
}
(void) attributes;
@@ -309,8 +322,24 @@
key_buffer, key_buffer_size,
key_buffer_length, bits);
#endif
+ } else if (PSA_KEY_TYPE_IS_DH(type)) {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_ffdh_import_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
+#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
+ return mbedtls_psa_ffdh_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits);
+#endif
}
-
(void) data;
(void) data_length;
(void) key_buffer;
@@ -560,6 +589,21 @@
key_buffer, key_buffer_size,
data, data_size, data_length);
#endif
+ } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
+#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+ (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
+ return libtestdriver1_mbedtls_psa_export_ffdh_public_key(
+ (const libtestdriver1_psa_key_attributes_t *) attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
+ return mbedtls_psa_export_ffdh_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length);
+#endif
}
(void) key_buffer;
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index a8cf0d8..69bd4ff 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -94,7 +94,8 @@
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_output(
- operation, step, output, output_size, output_length);
+ operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
+ output, output_size, output_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_output(
@@ -129,7 +130,8 @@
defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
libtestdriver1_mbedtls_psa_pake_input(
- operation, step, input, input_length);
+ operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
+ input, input_length);
#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
mbedtls_test_driver_pake_hooks.driver_status =
mbedtls_psa_pake_input(
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 2656deb..7f93496 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -72,7 +72,7 @@
psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number);
if (lifetime_is_dynamic_secure_element(lifetime)) {
- /* Mbed Crypto currently always exposes the slot number to
+ /* Mbed TLS currently always exposes the slot number to
* applications. This is not mandated by the PSA specification
* and may change in future versions. */
TEST_EQUAL(status, 0);
@@ -295,7 +295,8 @@
psa_key_usage_t usage,
psa_algorithm_t alg)
{
- if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH)) {
+ if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) &&
+ PSA_ALG_IS_SIGN_HASH(alg)) {
unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
size_t payload_length = 16;
unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
@@ -789,6 +790,12 @@
TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
TEST_EQUAL(exported[0], 4);
}
+ } else
+ if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) {
+ TEST_ASSERT(exported_length ==
+ PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+ TEST_ASSERT(exported_length <=
+ PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
} else {
(void) exported;
TEST_ASSERT(!"Sanity check not implemented for this key type");
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index e79d152..e8bbc78 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -21,6 +21,7 @@
*/
#include <test/ssl_helpers.h>
+#include "md_psa.h"
#if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@@ -595,8 +596,7 @@
if (cert->pkey != NULL) {
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
- mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
- psa_destroy_key(*key_slot);
+ psa_destroy_key(cert->pkey->priv_id);
}
#endif
mbedtls_pk_free(cert->pkey);
@@ -1201,7 +1201,7 @@
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id);
CHK(md_info != NULL);
#endif
- maclen = mbedtls_hash_info_get_size(hash_id);
+ maclen = mbedtls_md_get_size_from_type(hash_id);
CHK(maclen != 0);
/* Pick hash keys */
CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
@@ -1210,7 +1210,7 @@
memset(md1, 0x6, maclen);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- alg = mbedtls_hash_info_psa_from_md(hash_id);
+ alg = mbedtls_md_psa_alg_from_type(hash_id);
CHK(alg != 0);
@@ -1502,7 +1502,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
size_t hash_size = 0;
psa_status_t status = psa_hash_compute(
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2bbd34a..cfb0bab 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11783,8 +11783,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "no suitable signature algorithm" \
- -C "unknown pk type"
+ -c "no suitable signature algorithm"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -11801,8 +11800,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "no suitable signature algorithm" \
- -C "unknown pk type"
+ -c "no suitable signature algorithm"
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
@@ -12055,8 +12053,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "no suitable signature algorithm" \
- -C "unkown pk type"
+ -c "no suitable signature algorithm"
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
@@ -12074,8 +12071,7 @@
-c "got a certificate request" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
- -c "no suitable signature algorithm" \
- -C "unkown pk type"
+ -c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_config_enabled MBEDTLS_DEBUG_C
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 60eae9a..86ff5b4 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,13 +2,18 @@
/*----------------------------------------------------------------------------*/
/* Headers */
+#include <test/arguments.h>
#include <test/helpers.h>
#include <test/macros.h>
#include <test/random.h>
#include <test/bignum_helpers.h>
#include <test/psa_crypto_helpers.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
#include <stdlib.h>
+#include <string.h>
#if defined(MBEDTLS_ERROR_C)
#include "mbedtls/error.h"
@@ -19,23 +24,6 @@
#include "mbedtls/memory_buffer_alloc.h"
#endif
-#ifdef _MSC_VER
-#include <basetsd.h>
-typedef UINT8 uint8_t;
-typedef INT32 int32_t;
-typedef UINT32 uint32_t;
-#define strncasecmp _strnicmp
-#define strcasecmp _stricmp
-#else
-#include <stdint.h>
-#endif
-
-#include <string.h>
-
-#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__MINGW32__)
-#include <strings.h>
-#endif
-
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
#include <unistd.h>
#endif
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 475a9c8..06f391f 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -28,50 +28,28 @@
* integer value.
*
* \param str Input string.
- * \param value Pointer to int for output value.
+ * \param p_value Pointer to output value.
*
* \return 0 if success else 1
*/
-int verify_int(char *str, int32_t *value)
+int verify_int(char *str, intmax_t *p_value)
{
- size_t i;
- int minus = 0;
- int digits = 1;
- int hex = 0;
-
- for (i = 0; i < strlen(str); i++) {
- if (i == 0 && str[i] == '-') {
- minus = 1;
- continue;
- }
-
- if (((minus && i == 2) || (!minus && i == 1)) &&
- str[i - 1] == '0' && (str[i] == 'x' || str[i] == 'X')) {
- hex = 1;
- continue;
- }
-
- if (!((str[i] >= '0' && str[i] <= '9') ||
- (hex && ((str[i] >= 'a' && str[i] <= 'f') ||
- (str[i] >= 'A' && str[i] <= 'F'))))) {
- digits = 0;
- break;
- }
+ char *end = NULL;
+ errno = 0;
+ /* Limit the range to long: for large integers, the test framework will
+ * use expressions anyway. */
+ long value = strtol(str, &end, 0);
+ if (errno == EINVAL || *end != '\0') {
+ mbedtls_fprintf(stderr,
+ "Expected integer for parameter and got: %s\n", str);
+ return KEY_VALUE_MAPPING_NOT_FOUND;
}
-
- if (digits) {
- if (hex) {
- *value = strtol(str, NULL, 16);
- } else {
- *value = strtol(str, NULL, 10);
- }
-
- return 0;
+ if (errno == ERANGE) {
+ mbedtls_fprintf(stderr, "Integer out of range: %s\n", str);
+ return KEY_VALUE_MAPPING_NOT_FOUND;
}
-
- mbedtls_fprintf(stderr,
- "Expected integer for parameter and got: %s\n", str);
- return KEY_VALUE_MAPPING_NOT_FOUND;
+ *p_value = value;
+ return 0;
}
@@ -180,24 +158,24 @@
p++;
}
- /* Replace newlines, question marks and colons in strings */
+ /* Replace backslash escapes in strings */
for (i = 0; i < cnt; i++) {
p = params[i];
q = params[i];
while (*p != '\0') {
- if (*p == '\\' && *(p + 1) == 'n') {
- p += 2;
- *(q++) = '\n';
- } else if (*p == '\\' && *(p + 1) == ':') {
- p += 2;
- *(q++) = ':';
- } else if (*p == '\\' && *(p + 1) == '?') {
- p += 2;
- *(q++) = '?';
- } else {
- *(q++) = *(p++);
+ if (*p == '\\') {
+ ++p;
+ switch (*p) {
+ case 'n':
+ *p = '\n';
+ break;
+ default:
+ // Fall through to copying *p
+ break;
+ }
}
+ *(q++) = *(p++);
}
*q = '\0';
}
@@ -223,7 +201,8 @@
*
* \return 0 for success else 1
*/
-static int convert_params(size_t cnt, char **params, int32_t *int_params_store)
+static int convert_params(size_t cnt, char **params,
+ mbedtls_test_argument_t *int_params_store)
{
char **cur = params;
char **out = params;
@@ -241,7 +220,7 @@
break;
}
} else if (strcmp(type, "int") == 0) {
- if (verify_int(val, int_params_store) == 0) {
+ if (verify_int(val, &int_params_store->sint) == 0) {
*out++ = (char *) int_params_store++;
} else {
ret = (DISPATCH_INVALID_TEST_DATA);
@@ -255,7 +234,7 @@
mbedtls_test_unhexify((unsigned char *) val, strlen(val),
val, &len) == 0);
- *int_params_store = len;
+ int_params_store->len = len;
*out++ = val;
*out++ = (char *) (int_params_store++);
} else {
@@ -264,7 +243,7 @@
}
} else if (strcmp(type, "exp") == 0) {
int exp_id = strtol(val, NULL, 10);
- if (get_expression(exp_id, int_params_store) == 0) {
+ if (get_expression(exp_id, &int_params_store->sint) == 0) {
*out++ = (char *) int_params_store++;
} else {
ret = (DISPATCH_INVALID_TEST_DATA);
@@ -483,7 +462,7 @@
char buf[5000];
char *params[50];
/* Store for processed integer params. */
- int32_t int_params[50];
+ mbedtls_test_argument_t int_params[50];
void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 11a009a..6c8d98e 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -69,7 +69,7 @@
*
* \return 0 if exp_id is found. 1 otherwise.
*/
-int get_expression(int32_t exp_id, int32_t *out_value)
+int get_expression(int32_t exp_id, intmax_t *out_value)
{
int ret = KEY_VALUE_MAPPING_FOUND;
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index cefbfc3..7f858e5 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -133,7 +133,7 @@
TEST_ASSERT(sign_is_valid(&X));
TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write);
if (result_write == 0) {
- TEST_ASSERT(strcasecmp(str, input_A) == 0);
+ TEST_ASSERT(strcmp(str, input_A) == 0);
TEST_ASSERT(str[len] == '!');
}
}
@@ -923,47 +923,16 @@
/* END_CASE */
/* BEGIN_CASE */
-void mpi_mod_int(char *input_X, char *input_Y,
- char *input_A, int mod_result)
+void mpi_mod_int(char *input_X, mbedtls_mpi_sint y,
+ mbedtls_mpi_sint a, int mod_result)
{
mbedtls_mpi X;
- mbedtls_mpi Y;
- mbedtls_mpi A;
int res;
mbedtls_mpi_uint r;
mbedtls_mpi_init(&X);
- mbedtls_mpi_init(&Y);
- mbedtls_mpi_init(&A);
- /* We use MPIs to read Y and A since the test framework limits us to
- * ints, so we can't have 64-bit values */
TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
-
- TEST_EQUAL(Y.n, 1);
- TEST_EQUAL(A.n, 1);
-
- /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
-
- /* Since we're converting sign+magnitude to two's complement, we lose one
- * bit of value in the output. This means there are some values we can't
- * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
- * invalid test cases, so could be considered "won't happen", but they are
- * easy to test for, and this helps guard against human error. */
-
- mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
- TEST_ASSERT(y >= 0); /* If y < 0 here, we can't make negative y */
- if (Y.s == -1) {
- y = -y;
- }
-
- mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
- TEST_ASSERT(a >= 0); /* Same goes for a */
- if (A.s == -1) {
- a = -a;
- }
res = mbedtls_mpi_mod_int(&r, &X, y);
TEST_EQUAL(res, mod_result);
@@ -973,8 +942,6 @@
exit:
mbedtls_mpi_free(&X);
- mbedtls_mpi_free(&Y);
- mbedtls_mpi_free(&A);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 5eda4c1..9d068f1 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -56,10 +56,10 @@
mpi_read_write_string:16:"-23":17:"-23":4:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mpi_read_write_string #6 (Output radix of 15)
-mpi_read_write_string:10:"29":15:"1e":100:0:0
+mpi_read_write_string:10:"29":15:"1E":100:0:0
Test mpi_read_write_string #7
-mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
+mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424":200:0:0
Test mpi_read_write_string #8 (Empty MPI hex -> hex)
mpi_read_write_string:16:"":16:"":4:0:0
@@ -1229,45 +1229,45 @@
mpi_mod_mpi:"-":"-2a":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #1
-mpi_mod_int:"3e8":"d":"c":0
+mpi_mod_int:"3e8":0xd:0xc:0
Base test mbedtls_mpi_mod_int #2 (Divide by zero)
-mpi_mod_int:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_mod_int:"3e8":0x0:0x0:MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_int #3
-mpi_mod_int:"-3e8":"d":"1":0
+mpi_mod_int:"-3e8":0xd:0x1:0
Base test mbedtls_mpi_mod_int #4 (Negative modulo)
-mpi_mod_int:"3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"3e8":-0xd:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #5 (Negative modulo)
-mpi_mod_int:"-3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"-3e8":-0xd:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #6 (By 1)
-mpi_mod_int:"3e8":"1":"0":0
+mpi_mod_int:"3e8":0x1:0x0:0
Base test mbedtls_mpi_mod_int #7 (By 2)
-mpi_mod_int:"3e9":"2":"1":0
+mpi_mod_int:"3e9":0x2:0x1:0
Base test mbedtls_mpi_mod_int #8 (By 2)
-mpi_mod_int:"3e8":"2":"0":0
+mpi_mod_int:"3e8":0x2:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % 1
-mpi_mod_int:"":"1":"0":0
+mpi_mod_int:"":0x1:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % 2
-mpi_mod_int:"":"2":"0":0
+mpi_mod_int:"":0x2:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % -1
-mpi_mod_int:"":"-1":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"":-0x1:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_int: 0 (null) % -2
-mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"":-0x2:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
#Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
#depends_on:MBEDTLS_HAVE_INT64
-#mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
+#mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":0x47DCCA4847DCCA48:0x2EFE6F1A7D28035A:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
@@ -1275,7 +1275,7 @@
# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
#Test mbedtls_mpi_mod_int: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
#depends_on:MBEDTLS_HAVE_INT64
-#mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
+#mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":0x47DCCA4847DCCA48:0x0:0
Test mbedtls_mpi_mod_mpi: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
mpi_mod_mpi:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
@@ -1283,7 +1283,7 @@
# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
depends_on:MBEDTLS_HAVE_INT64
-mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
+mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":0x47DCCA48:0x379BD2:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
@@ -1291,7 +1291,7 @@
# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
Test mbedtls_mpi_mod_int: 230772460340063000000100500000296355640 % 1205652040 -> 0
depends_on:MBEDTLS_HAVE_INT64
-mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
+mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":0x47DCCA48:0x0:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000296355640 % 1205652040 -> 0
mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
diff --git a/tests/suites/test_suite_bignum_core.function b/tests/suites/test_suite_bignum_core.function
index 53aa002..81a3a45 100644
--- a/tests/suites/test_suite_bignum_core.function
+++ b/tests/suites/test_suite_bignum_core.function
@@ -563,6 +563,26 @@
/* END_CASE */
/* BEGIN_CASE */
+void mpi_core_shift_l(char *input, int count, char *result)
+{
+ mbedtls_mpi_uint *X = NULL;
+ mbedtls_mpi_uint *Y = NULL;
+ size_t limbs, n;
+
+ TEST_EQUAL(0, mbedtls_test_read_mpi_core(&X, &limbs, input));
+ TEST_EQUAL(0, mbedtls_test_read_mpi_core(&Y, &n, result));
+ TEST_EQUAL(limbs, n);
+
+ mbedtls_mpi_core_shift_l(X, limbs, count);
+ ASSERT_COMPARE(X, limbs * ciL, Y, limbs * ciL);
+
+exit:
+ mbedtls_free(X);
+ mbedtls_free(Y);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void mpi_core_add_and_add_if(char *input_A, char *input_B,
char *input_S, int carry)
{
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 985d482..9ee372b 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -3,7 +3,7 @@
#include <mbedtls/constant_time.h>
#include <mbedtls/md.h>
#include <constant_time_internal.h>
-#include <hash_info.h>
+#include "md_psa.h"
#include <test/constant_flow.h>
/* END_HEADER */
@@ -28,7 +28,7 @@
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
unsigned char *data = NULL;
unsigned char *out = NULL;
unsigned char rec_num = 0;
@@ -36,7 +36,7 @@
USE_PSA_INIT();
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(hash));
+ alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash));
out_len = PSA_HASH_LENGTH(alg);
block_size = PSA_HASH_BLOCK_LENGTH(alg);
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index da91f44..b961040 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -167,11 +167,11 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&crt);
+ MD_OR_USE_PSA_INIT();
+
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -193,7 +193,7 @@
mbedtls_x509_crt_free(&crt);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 60bb6c2..f16a6d4 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,6 +1,5 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdsa.h"
-#include "hash_info.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -15,7 +14,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point_init(&Q);
@@ -47,7 +46,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point_init(&Q);
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 1f6dfc1..030cd46 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1026,3 +1026,747 @@
ecp_setup_negative_test #28 Invalid Curve Type
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_NONE:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+
+# The following data be generated by random.getrandbits() in python must less than the named curves' modulus.
+# mbedtls_mpi_mod_residue_setup() can be used to check whether it satisfy the requirements.
+ecp_mul_inv #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_mul_inv:"0000000000000000000000000000152d02c7e14af67fe0bf":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_mul_inv:"4acca2d7100bad687080217babfb490d23dd6460a0007f24":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_mul_inv:"c4fd9a06df9b4efa94531578af8b5886ec0ada82884199f7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_mul_inv:"f9c4728bef9fba3e7d856a8e2ff62f20c2a57bf64f6d707f0829a8ff":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_mul_inv:"cee8071ade3e016fd47627782f6543814dd6ab7e6f432679ddacf9ed":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_mul_inv:"326258467dcbf4d1ab1665a4c5036cb35f4c9231199b58166b3966c6":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_mul_inv:"c36eadeab80f149cd51a1ed6311270ae2e4acc6734e787135f499c3a97f1edc3":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_mul_inv:"e384042f3130be8a796b221724cf1127a44290804cfbeb7fb6f57142a2a5cddd":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_mul_inv:"f1d356376f03b5dbf0fd08bde5c4293115f7c7911f7a3ec3f90557602eb20147":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_mul_inv:"a3137cd9b0c9e75a871f92e3ab6b284069ee06cd9c0afb2368fd8d381afcfecc553cb6b3f29216038d268a8d8fcd00f7":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_mul_inv:"a340ca2e1f39f89261f20a23881cde271e36b32add90cbc1801d2375d6db664df297df2364aaafbb9ba3d4672e4fd022":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_mul_inv:"491b1d169c9262fd737847c13bb7370d91825fe985cfa000d4b9bd3c22e7b63016122c53156fae4757943a819a1ced6d":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_mul_inv:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_mul_inv:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_mul_inv:"1e53d580521a1cff4cd72576c13fecb2cbcf39453f2b437f0c8dc78d7982a37749f099942ce693751ec43407c3acf46315132ea2a9ae5fa9253408da2375d2b58fc":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"96e729c5c64b7f54375c2779f034acc1f32c26358a621ab421b9c4d4c11ddb28":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"7491ad896c2a0ec65950db5c91e9b573a77839fd576481da85f5a77c7ceccce0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"8d9454c7494b6e08d068391c811cb23cbe9318246a6c021b0018745eb6918751":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"3aff86b1ee706d38e4995b76f6433d9173c5d3ec19b43ff0a3d53ac20965c911":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"8bcf768f2f7d6d22133de97f5e463337ff030e662d6f6724d5bad27e27be5dc0":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_mul_inv:"435ed5da780b83a0130fc8f03e8e224d5bb4ae2eeeba214b8156544c4ae85944":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"4003a648cfeda3a738a3e05933c6ce5098ab6dc943821cfc485f8991caaba99979ced9bb237c6b24997db8359a4a659f":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"62b4355dc4cc6d76fc1633c46222c6ad5efaf6de931f0d25217d3dcebfd443fec31eeba68688717275a039863d03a48b":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"80acca473c3fcee61d13a0a766ed0dcd5f50277f576ff6f3461664d436e2054ad7ecc8b7c0a9424fbda1d431c540c05a":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"371851bd69a5a1734b195c6ad6b041f51d94718cb437ab4a0a14ee5fa5fccd29328f3e77bfa2e4c58195ccb55cdc6a4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"82b18c3794463edeb80760098f7d392569dde6ed5ec21753b66e4e9b79e2f3e89bfc9fea1a2ffda2c285a0cc4afeab0":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_mul_inv:"7c17dc9df00c870a701c07186bd74b752abb6a9e17ee1c6342403e75d6fa7431b32e2495eb3f5e67c6519b43c6f69e28":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"27e445caeb0d6752bd051f36a6d21ccdf67ba9b8238f2552aba237c3c72f3d384e7df2a25f95b779c7f38a4123741e2c691c4d5b87b231e4a98ecb9166a73674":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"7b1dc9c166abbcd7a1a6b1ec375a3125aa3257d1d40e781f1ac9023dba4248415aa0eaea6fa8ce460f85fdae3f62fbb4bdcb953328f5d5664b71f70f681c0f4e":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"8be202ecb80ae3f6fe07a17b03c14997668b37d029d38943245c8a6cd1cbce3d57cfc673886a22db7ab8686570881a5dc1d9855aa6618c52df55a04510e00bba":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_mul_inv #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"572a5522bc45566df4c7575b91fdbc74975fd59380339b5aa23cbce2204744793ca3255705f5d9ba48335f36baf462010680f1e35cca26468d7d8f4223988189":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"99c2751d157489ab961a7bf1be12c8575cc56c99c6db8e2273450f6332ecdd3cd9b33763acd0509d8b98250462319bfd7cfbfc87c99ce31c15cefab651bc088c":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_mul_inv:"3169122b79ab7add228eed5b4de336dcb5daae8136b5cb184c08752d727c954840f8e2ad6860245128f6931a4598578679a65aa6e4b138a349586c57d03d2216":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_mul_inv:"1000000000000000000000000000000014def9dea2079cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_mul_inv:"1000000000000000000000000000000010caf49570936f75d70f03efac6c1c19":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_mul_inv:"468de1bfdbb20b67371bc5ad0f2bc3e70705b6d85c14ad75daafdbd1502cfd1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_mul_inv:"2228b202d612f2e66d8ca00b7e1c19a737ee7db2708d91cd":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_mul_inv:"40c0451d06b0d622c65b8336c4c9abe8828f6fd5d5c1abde":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_mul_inv:"d2a10413f48d7bcc18a9b7c53c7914c5302c9c9e48b2eb62":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+# Public values of secp224K1 have 225 bits, if we randomly generate only 224 bits, we should add the leading '0'
+# to make the limbs match with each other and make the function mbedtls_mpi_mod_residue_setup() happy.
+ecp_mul_inv #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"0cc154fe846d6b9f51d6166a8d1bb969ff634ab9af95cc89d01669c86":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #40.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"1000000000000000000000000000075ea446a83291f5136799781cfbd":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"0614cf6b720cc9dcc6d3bb36bb46cf285e23a083b067be8c93b51cbb4":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #41.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"1000000000000000000000000000059232050dc913da533ec71073ce3":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"071b3a40f3e2b8984e8cc238b7725870da10cb2de37f430da2da68645":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_mul_inv:"10000000000000000000000000000aca628de662cdbd5cb4dc69efbb8":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_mul_inv:"9fd95fed98cc1c2ef91b5dc02fa84f63597e15a3326c07f2918afb3ffd093343":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_mul_inv:"5ddbd441c7037e11caaa9878216c5cfeae67864260429eab4529b56c2661f3de":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_mul_inv:"f8d3f3c02fd712f711d8e30d0d4c142eb106e5f75c25f55b3f983bc5c83c568a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff11ca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff0169d3f35081924aeaf1beac2f2720557c9bdf6b42cdceb54c6160ba":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_mul_inv #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_mul_inv:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff01243a939d867d7e0a75a8568d4d66de88f3ecc1ad37f91a8f9d7d70":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library,
+# initialised with seed(2,2) and random.getrandbits(curve bits). Curve bits are 192,256,384,520.
+# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup()
+# can be used to check whether they satisfy the requirements.
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #1.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_add_sub:"ffffffffffffffffffffffff99def836146bc9b1b4d22830":"ffffffffffffffffffffffff99def836146bc9b1b4d2282f":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_add_sub:"177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973":"cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_add_sub:"3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f":"ffed9235288bc781ae66267594c9c9500925e4749b575bd1":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_add_sub:"dc38f519b91751dacdbd47d364be8049a372db8f6e405d93":"ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #4.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_add_sub:"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3c":"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3b":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_add_sub:"706a045defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2":"6c71c4a66148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb9":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #5 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_add_sub:"3c7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c5055":"829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e3":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_add_sub:"2e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0":"867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b3":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #7.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_add_sub:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc63254f":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_add_sub:"5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561":"665d7435c1066932f4767f26294365b2721dea3bf63f23d0dbe53fcafb2147df":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_add_sub:"47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2bd143fa9b714210c":"a9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #9 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_add_sub:"b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a74667bffe202849d":"f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #10.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_add_sub:"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52972":"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52971":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_add_sub:"7ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460":"9da59b74a6c3181c81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f8777":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_add_sub:"e1cf4f589f8e4ce0af29d115ef24bd625dd961e6830b54fa7d28f93435339774bb1e386c4fd5079e681b8f5896838b76":"1b2d19a2beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd0227eeb7b9d7d01f5769da05d205bbfcc8c69069134bccd3":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_add_sub:"c11e60de1b343f52ea748db9e020307aaeb6db2c3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a8":"e5e138e26c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe440e2b4fda9c025a22f1a83185b98f5f":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #13.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_add_sub:"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386408":"01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386407":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_add_sub:"1ba0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b263fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332":"1cb0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_add_sub:"177d1f71575653a45c49390aa51cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71581d8e830112ff0f0948eccaf8877acf26c377c13f719726fd70bdda":"1f5790813e32748dd1db4917fc09f20dbb0dcc93f0e66dfe717c17313394391b6e2e6eacb0f0bb7be72bd6d25009aeb7fa0c4169b148d2f527e72daf0a54ef25c07":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_add_sub:"164c7f3860895bfa81384ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd":"1f58ed5d1b7b310b730049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #16.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5376":"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5375":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+# The following data was generated using python's standard random library,
+# initialised with seed(3,2) and random.getrandbits(curve bits). Curve bits are 256,384,512.
+ecp_add_sub #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"795b929e9a9a80fdea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd":"781f9c58d6645fa9e8a8529f035efa259b08923d10c67fd994b2b8fda02f34a6":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"8a7d43b578633074b7970386fee29476311624273bfd1d338d0038ec42650644":"3b5f3d86268ecc45dc6bf1e1a399f82a65aa9c8279f248b08cb4a0d7d6225675":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #18 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"3e0a813bdc2ae9963d2e49085ef3430ed038db4de38378426d0b944a2863a7f":"af438d297524d6af51e8722c21b609228ce6f2410645d51c6f8da3eabe19f58":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #19.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a6":"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a5":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"984181177906159644f9794cdd933160d2d5844307f062cec7b317d94d1fe09f":"6d4b9adbebcd1f5ec9c18070b6d13089633a50eee0f9e038eb8f624fb804d820":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"2257989fef829c88f6ced90a71d2af7293b05a04cd085b71ba6676b3651c5253":"420b0ebe378c74dc7eb0adf422cedafb092fdddf18f2c41c5d92b243e0fd67dd":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_add_sub:"6bd0638b4d100d8fdaf0105ba06c05a1c76abf436fa84dcaac0ae4e2f729b4c8":"6856e45b95c76ab488bafad959d5450592f3277b62c82185d55ec1a581daad10":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #22.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec52":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec51":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #22 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"4a5792b26aba54efa25994fc58aaac8176f7f138456bb11bd997c6f7cb3a88f684b5b4de4abcc4e46bd881fd21334eb0":"454608a5737b6ed79182c3c8e288b16437d02410a675a109bdf84ab55632a44614777e962b56363cf5efd434db045aae":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"439e7fa9987aa6bdd805f5d25e80dfffc2134f15500b2f292f6c48f65d2c29382d6b76db51ed2f1599f8eee797b9580f":"21a4cadebc344f4baf091db491bae46af8abffd606e44edfd0247e4cc5b3b5d31ad8df8e608d9499c98c9e514ce74654":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"7d500f7cbcefd0a747679714b4fab1019bde81635a427c37ead6b3cbade562bc5a58b185775c303c551b7f9da0996d52":"4c736db374d0df35a0c2995f40498cb35e819615f69b31ce0570ceeead0faadaf47076520f81f60c96e1689405adc011":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #25.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046564":"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046563":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"1aa4b64091b1078e926baeafe79a27e68ab12c32f6f22f41538e504edc52bdcab2d87d5e29c0e596b2109307abd8952c":"846008638daf051b79e4444ed6897d8fc5ab8f2f33dc30a8f1233c76f31b6928298956cfca65f8e9f66ad57e1464134":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"7b6471e2103ef3c21fdaf62548f2f8ed445fad2a92d3043afcf249f3d4e441c3a20ab57c360c4979a7cf94d7b6bcb64f":"897897da86640cb0051490eaa9b38f203d3221cc4cc576f280d0dfba2bfc7ffd1eeda989becbde017b25f34a035d7017":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_add_sub:"526ef7026988f4fe5a8181b691406be110d7c25ccf3d0b35815a3d516a91f397bc73a83fd63ed5ba385ac4bda9bf98c":"8a7db67fdc960f12f8d45cb940a230e6201a95cc5762e3571d140ed89cb6c63de9bfec51f06516210da1920569eb8cb4":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #28.0 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f2":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f1":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #28 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"46150f34caab02c83d4d071b2bda77121e84949cd11a8404e33c37f188ddf9181f49e090328475a738868e9b5a124b1d0fb5d240c846756acfc1d5507a299d74":"4ca44e40943e5a2248d4a701f3d13a7bb243f13dd61005357b5f2ea9ac6cc64e1d76f9d1d80caa4d068508d51f0c6f07da305f2cd76ee016576b7da1060344bf":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #29 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"3f8de0e1457a46a7c1a9425a0cc8557466789723dcd06050922631c6a0ec66f37ccce34401ebd454ebb679b4d2d0d09720e469aace595c72e3bf018debf8e3d9":"a2fd39d9615906a78a943011c859e78da6782c0b9abc3e5b75f828935f8eec2c0aff87582db5db0591157d5f1474683acb984da361574803b9191d5cb74e9504":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_add_sub #30 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"125fdb0f50884d442833e1d550de93987d7015fc808aefcf83f18d61160c7c39b674c4f4dabd2a4c08736a21f985732a7b99a1261183c1860cc1e0331fe78154":"6b153e7ab1b20f01f34624556ba6cc6d50a078d8b3effcadc29237ff7f03ca9ea0a0304d5f56ed310d95a7016e7ceb10e2f416a79f781c980b1ed724cd18e1a9":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #31.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90068":"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90067":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"8da65a44ef3f7a401993edb1bfbc2a588df13f021b538e133d019261b7149706876cfe7c82e63e71904a896fc4758a8dff09f0150948f14b16baa014cc7ab32f":"731323ee13201b6215fa8a36d04d65c3974f6606cc57efacd9a68b4125321dc9703d20db1f69af34524ab0a892ca38f37f961cd3ebdc77a0496be3975f99ac4":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"3c3a447d80144a61601545c415508f3cf76060ee6b104fc58e7fdffb59ac3e68f052e38f658a2d349975c9765e129a3740bdcb7464cb7c6cf14fc8f2c0e836c4":"2331df8142351e6ec69ae2d6308b24cbe3e255b43df9ba79411171b4da97fa8037a5ae35f56e539311bb4e07ace3ca83c6ff46a4b7ba6c95a5f3b3fa3c1a7547":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_add_sub:"71bf2f08e9f7f9da70376bad2555e5ee6d966bcd5a91d4c949cc37677d2519b34ac7eb999581b2eb394c3b17ac666bfb292c157fdc0754a6b1d5f0224c3a235":"174907806c5d14842eea9771503c14af0b869300dd771fce2b72143f41483337ef0bfa78e656abc109691290dbcceb43acd62c6ab46977d09f355e742feb67af":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #34.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_add_sub:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ec":"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3eb":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library,
+# initialised with seed(4,2) and random.getrandbits(curve bits). Curve bits are 128,254,192,256,448.
+ecp_add_sub #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_add_sub:"01710cf527ac435a7a97c643656412a9b8a1abcd1a6916c74da4f9fc3c6da5d7":"0fd72445ccea71ff4a14876aeaff1a098ca5996666ceab360512bd1311072231":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_add_sub:"10000000000000000000000000000000110a8010ce80c4b0a4042bb3d4341aad":"1000000000000000000000000000000010a8c61e3184ff27459142deccea2645":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_add_sub:"0c79d67946d4ac7a5c3902b38963dc6e8534f45738d048ec0f1099c6c3e1b258":"0690526ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed3addccb2c33be0a":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #37.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_add_sub:"fffffffffffffffffffffffe26f2fc170f69466a74defd8c":"fffffffffffffffffffffffe26f2fc170f69466a74defd8b":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_add_sub:"f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0":"f1cfd99216df648647adec26793d0e453f5082492d83a823":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_add_sub:"d8441b5616332aca5f552773e14b0190d93936e1daca3c06":"d7288ff68c320f89f1347e0cdd905ecfd160c5d0ef412ed6":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #39 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_add_sub:"3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4":"b474c7e89286a1754abcb06ae8abb93f01d89a024cdce7a6":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #40.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_add_sub:"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f6":"10000000000000000000000000001dce8d2ec6184caf0a971769fb1f5":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #40 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_add_sub:"069f85e3131f3b9238224b122c3e4a892d9196ada4fcfa583e1df8af9":"0a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac7671863c":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #41 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_add_sub:"03bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd6c79a3de":"032111ac1ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #42 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_add_sub:"00bdbc23a14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38":"070ef55b1a1f65507a2909cb633e238b4e9dd38b869ace91311021c9e":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #42.1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_add_sub:"100000000000000000000000000006f985b17b9662f0733c846bbe9e8":"10000000000000000000000000000a26a52175b7a96b98b5fbf37a2be":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #43.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_add_sub:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140":"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd036413f":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #43 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_add_sub:"5b69dc230af5ac870692b534758240df4a7a03052d733dcdef40af2e54c0ce68":"acdac615bc20f6264922b9ccf469aef8f6e7d078e55b85dd1525f363b281b888":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #44 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_add_sub:"b54a23020fc5b043d6e4a51519d9c9cc52d32377e78131c132decd6b8efbc170":"272515cdf74c381652595daf49fbac3652a3b18104a7f00753be4721f5b9e1f5":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #45 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_add_sub:"1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b4708d9893a973000":"ae17584a9ed9c621de97faf0f17ca82cdc82f2526911c9dda6e46653c676176a":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+# Use the test data "modulus - 1" and "modulus - 2" to ensure the sum overflow case be tested.
+ecp_add_sub #46.0 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_add_sub:"00000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f2":"00000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f1":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #46 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_add_sub:"0000000000000003f28adf9f6396ae3994b971761b2ceba40031ad622ed93874ac034cf71b34e47e4e2aafd310096249e2387a54b1cef3913e7d611d163b764":"0000000000000003f924aec4a53583bff4788955cdb7f4ccde9d231c8a38e7b5d7d255f2b68beef746ccfcd0b77d43a5d02db430267ce8c92b607d554d08ce6":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #47 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_add_sub:"0000000000000003f9874f82b2df98dbcb3fd500e2637300fecf10e0f30e0051d1615ad353a09cfeaa1b2956c8826ec350d775dfb53e13d7077b81d18dbb0c1":"0000000000000003fd5b8c21f4d4cc5091b5ffbff651b9052496e1e3fc24ec0952989c17d9c649a8bd5bb710a77ec0c9b44baf5264ed787f87a7976ad448abd":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library,
+# initialised with seed(6,2) and random.getrandbits(curve bits). Curve bits are 192,224,256,384,520.
+# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup()
+# can be used to check whether they satisfy the requirements.
+ecp_read_write #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_read_write:"c320a4737c2b3abe14a03569d26b949692e5dfe8cb1855fe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_read_write:"9623d7cfa9ae7a34254499c7001d9a88096d373742f9a039":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_read_write:"df5ca32ebad5ccc232b7228fcd4a55577d24b39645cf8aa4059a91e1":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_read_write:"c527e27951c342505f877031bc1e3ac1c27db4ecf72c2c2678629522":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_read_write:"903c2ac9316774fe181e290aae9af1698a0c510089ce5ef7e91b4ad169fc5360":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_read_write:"9c2c0ac2cda95957a9b3d1a243f9300cba98666ace1c9c17b313fc7e8db9b92c":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_read_write:"401fe4fcce06294d68f22599ccdf540b5cb53ec017d7ab26fd80206055e8b3eb6cb9185ed822e2f9168e5087af895f5b":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_read_write:"bb1e330f38d2e6418f918e24a8b0188cbe19514a28a0aaab3642b1932793637c16cf5c51801fd9ab31a5bf371f970cf":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_read_write:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_read_write:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library,
+# initialised with seed(7,2) and random.getrandbits(curve bits). Curve bits are 256,384,512.
+ecp_read_write #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_read_write:"6b4cb2424a23d5962217beaddbc496cb8e81973e0becd7b03898d190f9ebdacc":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_read_write:"36f675cc81e74ef5e8e25d940ed904759531985d5d9dc9f81818e811892f902b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #17 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_read_write:"8d116ece1738f7d93d9c172411e20b8f6b0d549b6f03675a1600a35a099950d8":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_read_write:"a170b33839263059f28c105d1fb17c2390c192cfd3ac94af0f21ddb66cad4a26":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_read_write:"7f15052434b9b5df9e7769b10f4205b4907a70c31012f037b64ce4228c38fb2918f135d25f557203301850c5a38fd547":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #20 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_read_write:"3f98e2774cbd87ad5c90a9587403e430ec66a78795e761d17731af10506bf2efc6f877186d76b07e881ed162ae2eb154":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c7427":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_read_write:"5790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c74273f98e2774cbd87ad5c90a9587403e430":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_read_write:"6bf46c697d2caf82eeeacbe226e875555790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_read_write #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_read_write:"7f26144b98289fcd59a54a7bb1fee08f571242425051c1ccd17f9acae01f5057ca02135e92b1d3f28ede0d7ac3baea9e13deef86ab1031d0f646e1f40a097c97":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_read_write:"4f426dcbb394fb36bb2d420f0f88080b10a3d6b2aa05e11ab2715945795e8229451abd81f1d69ed617f5e837d70820fe119a72d174c9df6acc011cdd9474031b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library,
+# initialised with seed(8,2) and random.getrandbits(252).
+ecp_read_write #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_read_write:"00b3510bb46ee1da317017a6205738d16018366cf658f7a75ed34fe53a096533":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated using python's standard random library random.getrandbits(252).
+ecp_read_write #28 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_read_write:"06694f22359b154881a0d5b3ffc6e35ccfaf00103f584ad4230824d215ceb3a1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+# The least 122 bits were generated by random.getrandbits(122)
+ecp_read_write #29 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_read_write:"1000000000000000000000000000000011f319877589ca4a07c15471a4517d6c":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated by random.getrandbits(192).
+ecp_read_write #30 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_read_write:"e5b8063831360a4092b850ad7eb72f8263f65da874007cb4":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_read_write:"c24f6aa83bf36a147c2f7ad016edc5d467164890d49d0ac1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated by random.getrandbits(224).
+ecp_read_write #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_read_write:"0e6edaf80796d3bc4685ca8af852a5fba444adf42b37f5722051e2670":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_read_write:"018dff3934223aa56a9b7e3ea1d1d784fb9db434b610b1631e941aa79":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+# The least 112 bits were generated by random.getrandbits(112)
+ecp_read_write #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_read_write:"1000000000000000000000000000162e910269470d0718c1afdd9a78d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+# The following data was generated by random.getrandbits(256).
+ecp_read_write #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_read_write:"3c02e56756a3e9570edca4eca92d04a31b941f4360908405d45c39a39ec353c1":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_read_write:"353a0106e6c08269844dbc0ca65423a9e744b24e7f61701e1607b1c4b0f91306":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+# The least 440 bits were generated by random.getrandbits(440)
+ecp_read_write #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944ff09974b85f2306d4a8a2ad16e107ac8069b51c6322463278ecef2d30194df943c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_read_write #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_read_write:"000000000000003f9fbd8780ed55037ea03260d7ef27bba4d70dfcf3332eb05b6659eab3bfcd5d50545214b0afb81e8824918818fd64f799ef936ac3a8db56":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #3 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #5 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #7 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #9 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #11 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
+depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #13 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1)
+depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #16 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
+depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
+depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #21 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
+depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE
+
+ecp_random #24 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
+depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR
+
+ecp_random #25 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
+depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
+ecp_mod_random:MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 6d5ce9c..bd0fcf2 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -7,6 +7,7 @@
#include "bignum_core.h"
#include "ecp_invasive.h"
#include "bignum_mod_raw_invasive.h"
+#include "constant_time_internal.h"
#define ECP_PF_UNKNOWN -1
@@ -1086,7 +1087,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBEDTLS_ECP_LIGHT */
void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
{
mbedtls_test_rnd_buf_info rnd_info;
@@ -1328,6 +1329,34 @@
curve_func = &mbedtls_ecp_mod_p521_raw;
break;
#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP192K1:
+ limbs = 2 * limbs_N;
+ curve_bits = 192;
+ curve_func = &mbedtls_ecp_mod_p192k1_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP224K1:
+ limbs = 448 / biL;
+ curve_bits = 224;
+ curve_func = &mbedtls_ecp_mod_p224k1_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ case MBEDTLS_ECP_DP_SECP256K1:
+ limbs = 2 * limbs_N;
+ curve_bits = 256;
+ curve_func = &mbedtls_ecp_mod_p256k1_raw;
+ break;
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ case MBEDTLS_ECP_DP_CURVE25519:
+ limbs = 2 * limbs_N;
+ curve_bits = 255;
+ curve_func = &mbedtls_ecp_mod_p255_raw;
+ break;
+#endif
default:
mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__);
goto exit;
@@ -1355,88 +1384,10 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-void ecp_mod_p192k1(char *input_N,
- char *input_X,
- char *result)
-{
- mbedtls_mpi X;
- mbedtls_mpi N;
- mbedtls_mpi res;
-
- mbedtls_mpi_init(&X);
- mbedtls_mpi_init(&N);
- mbedtls_mpi_init(&res);
-
- TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
-
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
-
- size_t limbs = N.n;
- size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
-
- TEST_EQUAL(X.n, 2 * limbs);
- TEST_EQUAL(res.n, limbs);
-
- TEST_EQUAL(mbedtls_ecp_mod_p192k1(&X), 0);
- TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 192);
- ASSERT_COMPARE(X.p, bytes, res.p, bytes);
-
-exit:
- mbedtls_mpi_free(&X);
- mbedtls_mpi_free(&N);
- mbedtls_mpi_free(&res);
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-void ecp_mod_p224k1(char *input_N,
- char *input_X,
- char *result)
-{
- mbedtls_mpi X;
- mbedtls_mpi N;
- mbedtls_mpi res;
-
- mbedtls_mpi_init(&X);
- mbedtls_mpi_init(&N);
- mbedtls_mpi_init(&res);
-
- TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&N, input_N), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&res, result), 0);
-
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, X.p, X.n));
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, N.p, N.n));
- TEST_ASSERT(mbedtls_mpi_core_uint_le_mpi(0, res.p, res.n));
-
- size_t limbs = N.n;
- size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
-
- TEST_LE_U(X.n, 448 / biL);
- TEST_EQUAL(res.n, limbs);
-
- TEST_EQUAL(mbedtls_ecp_mod_p224k1(&X), 0);
- TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 224);
- ASSERT_COMPARE(X.p, bytes, res.p, bytes);
-
-exit:
- mbedtls_mpi_free(&X);
- mbedtls_mpi_free(&N);
- mbedtls_mpi_free(&res);
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_SECP256K1_ENABLED */
-void ecp_mod_p256k1(char *input_N,
- char *input_X,
- char *result)
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_DP_CURVE448_ENABLED */
+void ecp_mod_p448(char *input_N,
+ char *input_X,
+ char *result)
{
mbedtls_mpi X;
mbedtls_mpi N;
@@ -1460,9 +1411,9 @@
TEST_LE_U(X.n, 2 * limbs);
TEST_EQUAL(res.n, limbs);
- TEST_EQUAL(mbedtls_ecp_mod_p256k1(&X), 0);
+ TEST_EQUAL(mbedtls_ecp_mod_p448(X.p, X.n), 0);
TEST_EQUAL(mbedtls_mpi_mod_mpi(&X, &X, &N), 0);
- TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 256);
+ TEST_LE_U(mbedtls_mpi_core_bitlen(X.p, X.n), 448);
ASSERT_COMPARE(X.p, bytes, res.p, bytes);
exit:
@@ -1511,3 +1462,202 @@
mbedtls_free(p);
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void ecp_mod_mul_inv(char *input_A, int id, int ctype)
+{
+ size_t limbs;
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_residue rA; // For input
+ mbedtls_mpi_mod_residue rA_inverse; // For inverse input
+ mbedtls_mpi_mod_residue rX; // For result
+ mbedtls_mpi_uint *rX_raw = NULL;
+ mbedtls_mpi_uint *A_inverse = NULL;
+ mbedtls_mpi_uint *A = NULL;
+ mbedtls_mpi_uint *bufx = NULL;
+ const mbedtls_mpi_uint one[1] = { 1 };
+
+ mbedtls_mpi_mod_modulus_init(&m);
+
+ TEST_ASSERT(mbedtls_ecp_modulus_setup(&m, id, ctype) == 0);
+
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0);
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs));
+
+ /* Test for limb sizes */
+ TEST_EQUAL(m.limbs, limbs);
+
+ ASSERT_ALLOC(A_inverse, limbs);
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA_inverse, &m, A_inverse, limbs));
+
+ ASSERT_ALLOC(rX_raw, limbs);
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
+
+ /* Get inverse of A mode m, and multiply it with itself,
+ * to see whether the result equal to '1' */
+ TEST_EQUAL(0, mbedtls_mpi_mod_inv(&rA_inverse, &rA, &m));
+ TEST_EQUAL(mbedtls_mpi_mod_mul(&rX, &rA, &rA_inverse, &m), 0);
+
+ ASSERT_ALLOC(bufx, limbs);
+ TEST_EQUAL(mbedtls_mpi_mod_write(&rX, &m, (unsigned char *) bufx,
+ limbs * ciL,
+ MBEDTLS_MPI_MOD_EXT_REP_LE), 0);
+
+ ASSERT_COMPARE(bufx, ciL, one, ciL);
+ /*Borrow the buffer of A to compare the left lims with 0 */
+ memset(A, 0, limbs * ciL);
+ ASSERT_COMPARE(&bufx[1], (limbs - 1) * ciL, A, (limbs - 1) * ciL);
+
+exit:
+ mbedtls_mpi_mod_modulus_free(&m);
+ mbedtls_mpi_mod_residue_release(&rA);
+ mbedtls_mpi_mod_residue_release(&rA_inverse);
+ mbedtls_mpi_mod_residue_release(&rX);
+ mbedtls_free(A);
+ mbedtls_free(A_inverse);
+ mbedtls_free(rX_raw);
+ mbedtls_free(bufx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void ecp_mod_add_sub(char *input_A, char *input_B, int id, int ctype)
+{
+ size_t p_A_limbs;
+ size_t p_B_limbs;
+ size_t bytes;
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_residue rA;
+ mbedtls_mpi_mod_residue rB;
+ mbedtls_mpi_mod_residue rS;
+ mbedtls_mpi_uint *p_A = NULL;
+ mbedtls_mpi_uint *p_B = NULL;
+ mbedtls_mpi_uint *p_S = NULL;
+
+ mbedtls_mpi_mod_modulus_init(&m);
+
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&p_A, &p_A_limbs, input_A), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&p_B, &p_B_limbs, input_B), 0);
+
+ TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype));
+
+ /* Test for limb sizes for two input value and modulus */
+ TEST_EQUAL(p_A_limbs, p_B_limbs);
+ TEST_EQUAL(m.limbs, p_A_limbs);
+ bytes = p_A_limbs * ciL;
+
+ ASSERT_ALLOC(p_S, p_A_limbs);
+
+ TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rA, &m, p_A, p_A_limbs), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rB, &m, p_B, p_B_limbs), 0);
+ TEST_EQUAL(mbedtls_mpi_mod_residue_setup(&rS, &m, p_S, p_A_limbs), 0);
+
+ /* Firstly add A and B to get the sum S, then subtract B,
+ * the difference should be equal to A*/
+ TEST_EQUAL(0, mbedtls_mpi_mod_add(&rS, &rA, &rB, &m));
+ TEST_EQUAL(0, mbedtls_mpi_mod_sub(&rS, &rS, &rB, &m));
+
+ /* Compare difference with rA byte-by-byte */
+ ASSERT_COMPARE(rA.p, bytes, rS.p, bytes);
+
+exit:
+ mbedtls_mpi_mod_modulus_free(&m);
+ mbedtls_mpi_mod_residue_release(&rA);
+ mbedtls_mpi_mod_residue_release(&rB);
+ mbedtls_mpi_mod_residue_release(&rS);
+ mbedtls_free(p_A);
+ mbedtls_free(p_B);
+ mbedtls_free(p_S);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void ecp_mod_read_write(char *input_A, int id, int ctype)
+{
+ size_t limbs;
+ size_t bytes;
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_residue rA; // For input
+ mbedtls_mpi_mod_residue rX; // For read back
+ mbedtls_mpi_uint *rX_raw = NULL;
+ mbedtls_mpi_uint *A = NULL;
+ mbedtls_mpi_uint *bufx = NULL;
+
+ mbedtls_mpi_mod_modulus_init(&m);
+
+ TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype));
+
+ TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &limbs, input_A));
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs));
+
+ /* Test for limb sizes */
+ TEST_EQUAL(m.limbs, limbs);
+
+ ASSERT_ALLOC(rX_raw, limbs);
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
+
+ bytes = limbs * ciL;
+ ASSERT_ALLOC(bufx, limbs);
+ /* Write source mod residue to a buffer, then read it back to
+ * the destination mod residue, compare the two mod residues.
+ * Firstly test little endian write and read */
+ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx,
+ bytes, MBEDTLS_MPI_MOD_EXT_REP_LE));
+
+ TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx,
+ bytes, MBEDTLS_MPI_MOD_EXT_REP_LE));
+
+ TEST_EQUAL(limbs, rX.limbs);
+ ASSERT_COMPARE(rA.p, bytes, rX.p, bytes);
+
+ memset(bufx, 0x00, bytes);
+ memset(rX_raw, 0x00, bytes);
+ /* Then test big endian write and read */
+ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx,
+ bytes,
+ MBEDTLS_MPI_MOD_EXT_REP_BE));
+
+ TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx,
+ bytes,
+ MBEDTLS_MPI_MOD_EXT_REP_BE));
+
+ TEST_EQUAL(limbs, rX.limbs);
+ ASSERT_COMPARE(rA.p, bytes, rX.p, bytes);
+
+exit:
+ mbedtls_mpi_mod_modulus_free(&m);
+ mbedtls_mpi_mod_residue_release(&rA);
+ mbedtls_mpi_mod_residue_release(&rX);
+ mbedtls_free(A);
+ mbedtls_free(rX_raw);
+ mbedtls_free(bufx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void ecp_mod_random(int id, int ctype)
+{
+ size_t limbs;
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_residue rX; // For random data
+ mbedtls_mpi_uint *rX_raw = NULL;
+
+ mbedtls_mpi_mod_modulus_init(&m);
+ TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype));
+
+ limbs = m.limbs;
+
+ ASSERT_ALLOC(rX_raw, limbs);
+ TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs));
+
+ TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m,
+ mbedtls_test_rnd_std_rand, NULL));
+
+ TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1);
+
+exit:
+ mbedtls_mpi_mod_modulus_free(&m);
+ mbedtls_mpi_mod_residue_release(&rX);
+ mbedtls_free(rX_raw);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data
index 2b3b24d..68866d7 100644
--- a/tests/suites/test_suite_hmac_drbg.misc.data
+++ b/tests/suites/test_suite_hmac_drbg.misc.data
@@ -18,6 +18,22 @@
depends_on:MBEDTLS_MD_CAN_SHA512
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA512
+HMAC_DRBG entropy usage SHA3-224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_224
+
+HMAC_DRBG entropy usage SHA3-256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_256
+
+HMAC_DRBG entropy usage SHA3-384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384
+
+HMAC_DRBG entropy usage SHA3-512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512
+
HMAC_DRBG write/update seed file SHA-1 [#1]
depends_on:MBEDTLS_MD_CAN_SHA1
hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"data_files/hmac_drbg_seed":0
@@ -58,6 +74,38 @@
depends_on:MBEDTLS_MD_CAN_SHA512
hmac_drbg_seed_file:MBEDTLS_MD_SHA512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+HMAC_DRBG write/update seed file SHA3-224 [#1]
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"data_files/hmac_drbg_seed":0
+
+HMAC_DRBG write/update seed file SHA3-224 [#2]
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+
+HMAC_DRBG write/update seed file SHA3-256 [#1]
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"data_files/hmac_drbg_seed":0
+
+HMAC_DRBG write/update seed file SHA3-256 [#2]
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+
+HMAC_DRBG write/update seed file SHA3-384 [#1]
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"data_files/hmac_drbg_seed":0
+
+HMAC_DRBG write/update seed file SHA3-384 [#2]
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+
+HMAC_DRBG write/update seed file SHA3-512 [#1]
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0
+
+HMAC_DRBG write/update seed file SHA3-512 [#2]
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
+
HMAC_DRBG from buffer SHA-1
depends_on:MBEDTLS_MD_CAN_SHA1
hmac_drbg_buf:MBEDTLS_MD_SHA1
@@ -78,5 +126,21 @@
depends_on:MBEDTLS_MD_CAN_SHA512
hmac_drbg_buf:MBEDTLS_MD_SHA512
+HMAC_DRBG from buffer SHA3-224
+depends_on:MBEDTLS_MD_CAN_SHA3_224
+hmac_drbg_buf:MBEDTLS_MD_SHA3_224
+
+HMAC_DRBG from buffer SHA3-256
+depends_on:MBEDTLS_MD_CAN_SHA3_256
+hmac_drbg_buf:MBEDTLS_MD_SHA3_256
+
+HMAC_DRBG from buffer SHA3-384
+depends_on:MBEDTLS_MD_CAN_SHA3_384
+hmac_drbg_buf:MBEDTLS_MD_SHA3_384
+
+HMAC_DRBG from buffer SHA3-512
+depends_on:MBEDTLS_MD_CAN_SHA3_512
+hmac_drbg_buf:MBEDTLS_MD_SHA3_512
+
HMAC_DRBG self test
hmac_drbg_selftest:
diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data
index ccc7b10..0b0afee 100644
--- a/tests/suites/test_suite_md.data
+++ b/tests/suites/test_suite_md.data
@@ -33,6 +33,22 @@
depends_on:MBEDTLS_MD_CAN_SHA512
md_info:MBEDTLS_MD_SHA512:"SHA512":64
+Information on SHA3-224
+depends_on:MBEDTLS_SHA3_C
+md_info:MBEDTLS_MD_SHA3_224:"SHA3-224":28
+
+Information on SHA3-256
+depends_on:MBEDTLS_SHA3_C
+md_info:MBEDTLS_MD_SHA3_256:"SHA3-256":32
+
+Information on SHA3-384
+depends_on:MBEDTLS_SHA3_C
+md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48
+
+Information on SHA3-512
+depends_on:MBEDTLS_SHA3_C
+md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64
+
generic mbedtls_md5 Test vector RFC1321 #1
depends_on:MBEDTLS_MD_CAN_MD5
md_text:MBEDTLS_MD_MD5:"":"d41d8cd98f00b204e9800998ecf8427e"
@@ -93,6 +109,22 @@
depends_on:MBEDTLS_MD_CAN_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8
+depends_on:MBEDTLS_SHA3_C
+md_hex:MBEDTLS_MD_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4"
+
+generic mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 8
+depends_on:MBEDTLS_SHA3_C
+md_hex:MBEDTLS_MD_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6"
+
+generic mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 8
+depends_on:MBEDTLS_SHA3_C
+md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7"
+
+generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8
+depends_on:MBEDTLS_SHA3_C
+md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1"
+
generic HMAC-MD5 Hash File OpenSSL test #1
depends_on:MBEDTLS_MD_CAN_MD5
mbedtls_md_hmac:MBEDTLS_MD_MD5:16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284"
@@ -225,6 +257,22 @@
depends_on:MBEDTLS_MD_CAN_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
+generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48
+depends_on:MBEDTLS_SHA3_C
+md_hex_multi:MBEDTLS_MD_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4"
+
+generic multi step mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 48
+depends_on:MBEDTLS_SHA3_C
+md_hex_multi:MBEDTLS_MD_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f"
+
+generic multi step mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 48
+depends_on:MBEDTLS_SHA3_C
+md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28"
+
+generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48
+depends_on:MBEDTLS_SHA3_C
+md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef"
+
generic multi step HMAC-MD5 Hash File OpenSSL test #1
depends_on:MBEDTLS_MD_CAN_MD5
md_hmac_multi:MBEDTLS_MD_MD5:16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284"
@@ -473,6 +521,70 @@
depends_on:MBEDTLS_MD_CAN_SHA512
mbedtls_md_hmac:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8"
+HMAC-SHA3-224: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04"
+
+HMAC-SHA3-224: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7"
+
+HMAC-SHA3-224: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59"
+
+HMAC-SHA3-224: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:14:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"8569c54cbb00a9b78ff1b391b0e5"
+
+HMAC-SHA3-256: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205"
+
+HMAC-SHA3-256: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa"
+
+HMAC-SHA3-256: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258"
+
+HMAC-SHA3-256: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:16:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"c8dc7148d8c1423aa549105dafdf9cad"
+
+HMAC-SHA3-384: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42"
+
+HMAC-SHA3-384: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061626364656667":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"a27d24b592e8c8cbf6d4ce6fc5bf62d8fc98bf2d486640d9eb8099e24047837f5f3bffbe92dcce90b4ed5b1e7e44fa90"
+
+HMAC-SHA3-384: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac"
+
+HMAC-SHA3-384: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
+
+HMAC-SHA3-512: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
+
+HMAC-SHA3-512: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
+
+HMAC-SHA3-512: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
+
+HMAC-SHA3-512: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
+
generic multi step HMAC-SHA-1 Test Vector FIPS-198a #1
depends_on:MBEDTLS_MD_CAN_SHA1
md_hmac_multi:MBEDTLS_MD_SHA1:20:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65202331":"4f4ca3d5d68ba7cc0a1208c9c61e9c5da0403c0a"
@@ -617,6 +729,70 @@
depends_on:MBEDTLS_MD_CAN_SHA512
md_hmac_multi:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8"
+HMAC-SHA3-224 multi-step: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"332cfd59347fdb8e576e77260be4aba2d6dc53117b3bfb52c6d18c04"
+
+HMAC-SHA3-224 multi-step: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d8b733bcf66c644a12323d564e24dcf3fc75f231f3b67968359100c7"
+
+HMAC-SHA3-224 multi-step: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59"
+
+HMAC-SHA3-224 multi-step: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_224:14:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"8569c54cbb00a9b78ff1b391b0e5"
+
+HMAC-SHA3-256 multi-step: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4fe8e202c4f058e8dddc23d8c34e467343e23555e24fc2f025d598f558f67205"
+
+HMAC-SHA3-256 multi-step: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"68b94e2e538a9be4103bebb5aa016d47961d4d1aa906061313b557f8af2c3faa"
+
+HMAC-SHA3-256 multi-step: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258"
+
+HMAC-SHA3-256 multi-step: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_256:16:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"c8dc7148d8c1423aa549105dafdf9cad"
+
+HMAC-SHA3-384 multi-step: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"d588a3c51f3f2d906e8298c1199aa8ff6296218127f6b38a90b6afe2c5617725bc99987f79b22a557b6520db710b7f42"
+
+HMAC-SHA3-384 multi-step: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f6061626364656667":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"a27d24b592e8c8cbf6d4ce6fc5bf62d8fc98bf2d486640d9eb8099e24047837f5f3bffbe92dcce90b4ed5b1e7e44fa90"
+
+HMAC-SHA3-384 multi-step: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac"
+
+HMAC-SHA3-384 multi-step: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
+
+HMAC-SHA3-512 multi-step: NIST example #1: keylen<blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
+
+HMAC-SHA3-512 multi-step: NIST example #2: keylen=blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
+
+HMAC-SHA3-512 multi-step: NIST example #3: keylen>blocklen
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
+
+HMAC-SHA3-512 multi-step: NIST example #4: keylen<blocklen, with truncated tag
+depends_on:MBEDTLS_SHA3_C
+md_hmac_multi:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
+
generic SHA-1 Test Vector NIST CAVS #1
depends_on:MBEDTLS_MD_CAN_SHA1
md_hex:MBEDTLS_MD_SHA1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
@@ -749,6 +925,70 @@
depends_on:MBEDTLS_MD_CAN_SHA512
md_hex:MBEDTLS_MD_SHA512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+generic SHA3-224 Hash file #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_1":"320f1a9257d442178d90fda8987743a5e7bb5ed0b18bc7d66ee3633e"
+
+generic SHA3-224 Hash file #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_2":"db06a96306b43677f0e3592a0fe1d276141fa7458b7be93197550442"
+
+generic SHA3-224 Hash file #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_3":"0d125fdd48b0e322ca845402fbecb827053c9f324c58933be2e474a0"
+
+generic SHA3-224 Hash file #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_224:"data_files/hash_file_4":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7"
+
+generic SHA3-256 Hash file #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_1":"f429826659dd9f313e6226ced5c841fe1b0e9dd16554392b694fa3000f1ae1e2"
+
+generic SHA3-256 Hash file #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_2":"3aed2fda8604dbec5a67710b4d4c89a90745e10ee633649e53e75c7e25d30152"
+
+generic SHA3-256 Hash file #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_3":"c4b6492fd1c475c5e560545a2573b0efcd02d54ef4f63c9d8158dd87bed99d85"
+
+generic SHA3-256 Hash file #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_256:"data_files/hash_file_4":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a"
+
+generic SHA3-384 Hash file #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_1":"06ab3677496658d3faad937f3f7887b3e925b480190544c612e76b88c5d21b4ca12691f27b8ef569d601925915cdf2a6"
+
+generic SHA3-384 Hash file #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_2":"b5efc40db7af544bf3fb8c782f2db478dbb81aa83d2ef0e8bbdcf06371de7cc984aac5539c4c9244c1e6ebbb85e23983"
+
+generic SHA3-384 Hash file #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_3":"0f08dc09cb39240e09b01e7f3ee3ce6b893bf393f52d2ac87083cef7d3a469fa99763e58b25306b0a2381d9bbdaa802f"
+
+generic SHA3-384 Hash file #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_4":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
+
+generic SHA3-512 Hash file #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_1":"7d43cbb75218110d7fcc227b6977e6f3b855184c646b679055897cba0cd445ec968430231866801c4f0993f8735cf46bc4858868423d31ca283a6f1ecf25c580"
+
+generic SHA3-512 Hash file #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_2":"212bd00cfc7f3a5b73b5b4772dd83562826207eba30ab00be2c886aef3841ef66eb25097091bfacb6d45dd4557489f91836c04c4f0d96e32ae96fb006d4b2ad6"
+
+generic SHA3-512 Hash file #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_3":"a78a0266820e36f6fb26a0c8deb0b24108e209cc217852ed073904bc44ec586c5704c0a56de57f9906b8ced380fee6ac2bd432a93de7f39b23ed0aabdd7ae813"
+
+generic SHA3-512 Hash file #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_4":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
+
generic SHA-512 Test Vector NIST CAVS #2
depends_on:MBEDTLS_MD_CAN_SHA512
md_hex:MBEDTLS_MD_SHA512:"8f":"e4cd2d19931b5aad9c920f45f56f6ce34e3d38c6d319a6e11d0588ab8b838576d6ce6d68eea7c830de66e2bd96458bfa7aafbcbec981d4ed040498c3dd95f22a"
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 4438fa1..ac9516a 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -61,7 +61,6 @@
TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
#if defined(MBEDTLS_MD_C)
TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
-#endif
TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
@@ -71,6 +70,7 @@
TEST_EQUAL(mbedtls_md_finish(NULL, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_md_finish(&ctx, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
+#endif
TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA);
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index e7fbf1b..00f6e0b 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -137,3 +137,51 @@
OID get numeric string - overlong encoding, second subidentifier
oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - hardware module name
+oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804"
+
+OID from numeric string - multi-byte subidentifier
+oid_from_numeric_string:"1.1.2108":0:"29903C"
+
+OID from numeric string - second component greater than 39
+oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00"
+
+OID from numeric string - multi-byte first subidentifier
+oid_from_numeric_string:"2.999":0:"8837"
+
+OID from numeric string - empty string input
+oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component not a number
+oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - second component not a number
+oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component too large
+oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - first component < 2, second > 39
+oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - third component not a number
+oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between first and second
+oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between second and third
+oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - non-'.' separator between third and fourth
+oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID greater than max length (129 components)
+oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:""
+
+OID from numeric string - OID with maximum subidentifier
+oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F"
+
+OID from numeric string - OID with overflowing subidentifier
+oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 68b769f..3adc6af 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -119,3 +119,29 @@
}
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void oid_from_numeric_string(char *oid_str, int error_ret,
+ data_t *exp_oid_buf)
+{
+ mbedtls_asn1_buf oid = { 0, 0, NULL };
+ mbedtls_asn1_buf exp_oid = { 0, 0, NULL };
+ int ret;
+
+ exp_oid.tag = MBEDTLS_ASN1_OID;
+ exp_oid.p = exp_oid_buf->x;
+ exp_oid.len = exp_oid_buf->len;
+
+ ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str));
+
+ if (error_ret == 0) {
+ TEST_EQUAL(oid.len, exp_oid.len);
+ TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0);
+ mbedtls_free(oid.p);
+ oid.p = NULL;
+ oid.len = 0;
+ } else {
+ TEST_EQUAL(ret, error_ret);
+ }
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 332cb79..a34aa91 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -16,6 +16,9 @@
PEM write (exactly two lines + 1)
mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n"
+PEM write length reporting
+mbedtls_pem_write_buffer_lengths
+
PEM read (unencrypted, valid)
mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53"
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 918eae5..413dc55 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -32,6 +32,35 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
+void mbedtls_pem_write_buffer_lengths()
+{
+ unsigned char data[256] = { 0 };
+ unsigned char buf[1024];
+ size_t olen_needed, olen;
+ int ret;
+ for (size_t l = 0; l <= sizeof(data); l++) {
+ ret = mbedtls_pem_write_buffer("\n", "\n", data, l, NULL, 0, &olen_needed);
+ TEST_EQUAL(ret, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL);
+
+ /* Test that a bigger buffer still only requires `olen_needed` */
+ ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, sizeof(buf), &olen);
+ TEST_EQUAL(ret, 0);
+ TEST_EQUAL(olen_needed, olen);
+
+ /* Test that a buffer of exactly `olen_needed` works */
+ memset(buf, 1, sizeof(buf));
+ ret = mbedtls_pem_write_buffer("\n", "\n", data, l, buf, olen_needed, &olen);
+ TEST_EQUAL(ret, 0);
+ TEST_EQUAL(olen_needed, olen);
+ /* Test the function didn't overflow the given buffer */
+ for (size_t i = olen_needed; i < sizeof(buf); i++) {
+ TEST_EQUAL(buf[i], 1);
+ }
+ }
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C */
void mbedtls_pem_read_buffer(char *header, char *footer, char *data,
char *pwd, int res, data_t *out)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 5a4e77f..7871140 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -1,13 +1,13 @@
/* BEGIN_HEADER */
#include "mbedtls/pk.h"
+#include "pk_internal.h"
/* For error codes */
#include "mbedtls/asn1.h"
#include "mbedtls/base64.h"
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
-
-#include "hash_info.h"
+#include "pk_internal.h"
#include <limits.h>
#include <stdint.h>
@@ -16,6 +16,7 @@
* but the test code generator requires test case data to be valid C code
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
+#include "md_psa.h"
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "mbedtls/psa_util.h"
@@ -23,55 +24,52 @@
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_LIGHT)
-static int pk_genkey_ec(mbedtls_ecp_group *grp,
- mbedtls_mpi *d, mbedtls_ecp_point *Q)
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
{
psa_status_t status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
size_t curve_bits;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp->id,
- &curve_bits);
- unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH];
- size_t key_len;
+ psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits);
int ret;
+ if (curve == 0) {
+ return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+ }
+
psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
psa_set_key_bits(&key_attr, curve_bits);
- psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT);
+ psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT |
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE);
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ psa_set_key_algorithm(&key_attr, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH));
+#else
+ psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
+#endif
- status = psa_generate_key(&key_attr, &key_id);
+ status = psa_generate_key(&key_attr, &pk->priv_id);
if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len);
+ status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw),
+ &pk->pub_raw_len);
if (status != PSA_SUCCESS) {
ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
goto exit;
}
- ret = mbedtls_mpi_read_binary(d, key_buf, key_len);
- if (ret != 0) {
- goto exit;
- }
+ pk->ec_family = curve;
+ pk->ec_bits = curve_bits;
- status = psa_export_public_key(key_id, key_buf, sizeof(key_buf),
- &key_len);
- if (status != PSA_SUCCESS) {
- ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- goto exit;
- }
-
- ret = mbedtls_ecp_point_read_binary(grp, Q, key_buf, key_len);
+ return 0;
exit:
- psa_destroy_key(key_id);
-
- return ret;
+ status = psa_destroy_key(pk->priv_id);
+ return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status);
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_ECP_LIGHT */
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
/** Generate a key of the desired type.
*
@@ -101,22 +99,36 @@
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
int ret;
- if ((ret = mbedtls_ecp_group_load(&mbedtls_pk_ec(*pk)->grp,
- parameter)) != 0) {
+
+#if defined(MBEDTLS_ECP_C)
+ ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter);
+ if (ret != 0) {
return ret;
}
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return pk_genkey_ec(&mbedtls_pk_ec(*pk)->grp,
- &mbedtls_pk_ec(*pk)->d,
- &mbedtls_pk_ec(*pk)->Q);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_ECP_C)
- return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec(*pk)->grp,
- &mbedtls_pk_ec(*pk)->d,
- &mbedtls_pk_ec(*pk)->Q,
+ return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp,
+ &mbedtls_pk_ec_rw(*pk)->d,
+ &mbedtls_pk_ec_rw(*pk)->Q,
mbedtls_test_rnd_std_rand, NULL);
#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_ecp_group grp;
+ /* Duplicating the mbedtls_ecp_group_load call to make this part
+ * more future future proof for when ECP_C will not be defined. */
+ mbedtls_ecp_group_init(&grp);
+ ret = mbedtls_ecp_group_load(&grp, parameter);
+ if (ret != 0) {
+ return ret;
+ }
+ ret = pk_genkey_ec(pk, grp.id);
+ if (ret != 0) {
+ return ret;
+ }
+ mbedtls_ecp_group_free(&grp);
+
+ return 0;
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
}
#endif /* MBEDTLS_ECP_LIGHT */
return -1;
@@ -216,10 +228,9 @@
size_t len;
mbedtls_pk_debug_item dbg;
- PSA_ASSERT(psa_crypto_init());
-
mbedtls_pk_init(&pk);
mbedtls_pk_init(&pk2);
+ USE_PSA_INIT();
TEST_ASSERT(psa_crypto_init() == PSA_SUCCESS);
@@ -314,9 +325,8 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- PSA_ASSERT(psa_crypto_init());
-
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
if (opaque_key == 1) {
psa_set_key_usage_flags(&attributes, key_usage);
@@ -362,6 +372,7 @@
size_t buf_size = sizeof(buf);
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_verify_restartable(&ctx, MBEDTLS_MD_NONE,
@@ -397,6 +408,7 @@
NULL));
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -409,6 +421,7 @@
void *options = NULL;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, NULL) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@@ -484,6 +497,7 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
#endif /* MBEDTLS_PK_PARSE_C */
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -494,6 +508,8 @@
/* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_pk_parse_key(&pk,
key_data->x, key_data->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL) == 0);
@@ -514,6 +530,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -522,8 +539,8 @@
{
mbedtls_pk_context pk;
- USE_PSA_INIT();
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
@@ -544,12 +561,14 @@
void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
{
mbedtls_pk_context pub, prv, alt;
-
- USE_PSA_INIT();
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_init(&pub);
mbedtls_pk_init(&prv);
mbedtls_pk_init(&alt);
+ USE_PSA_INIT();
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/* mbedtls_pk_check_pair() returns either PK or ECP error codes depending
@@ -558,7 +577,7 @@
if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) {
ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
-#endif
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL,
@@ -579,7 +598,20 @@
== ret);
}
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
+ TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
+ PSA_ALG_ANY_HASH,
+ PSA_KEY_USAGE_EXPORT, 0), 0);
+ TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
+ NULL), ret);
+ }
+#endif
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(opaque_key_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pub);
mbedtls_pk_free(&prv);
mbedtls_pk_free(&alt);
@@ -604,10 +636,8 @@
mbedtls_ecp_set_max_ops(1);
#endif
- USE_PSA_INIT();
-
mbedtls_pk_init(&pk);
-
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk);
@@ -646,8 +676,8 @@
void *options;
int ret;
- MD_OR_USE_PSA_INIT();
mbedtls_pk_init(&pk);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk);
@@ -699,7 +729,6 @@
data_t *sig, int ret)
{
mbedtls_pk_context pk;
- mbedtls_ecp_keypair *eckey;
mbedtls_pk_init(&pk);
USE_PSA_INIT();
@@ -707,11 +736,23 @@
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECDSA));
- eckey = mbedtls_pk_ec(pk);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ mbedtls_ecp_keypair ecp;
+ mbedtls_ecp_keypair_init(&ecp);
+
+ TEST_ASSERT(mbedtls_ecp_group_load(&ecp.grp, id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_binary(&ecp.grp, &ecp.Q,
+ key->x, key->len) == 0);
+ TEST_ASSERT(mbedtls_pk_update_public_key_from_keypair(&pk, &ecp) == 0);
+
+ mbedtls_ecp_keypair_free(&ecp);
+#else
+ mbedtls_ecp_keypair *eckey = (mbedtls_ecp_keypair *) mbedtls_pk_ec(pk);
TEST_ASSERT(mbedtls_ecp_group_load(&eckey->grp, id) == 0);
TEST_ASSERT(mbedtls_ecp_point_read_binary(&eckey->grp, &eckey->Q,
key->x, key->len) == 0);
+#endif
// MBEDTLS_MD_NONE is used since it will be ignored.
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_NONE,
@@ -735,20 +776,20 @@
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
size_t slen;
- USE_PSA_INIT();
-
mbedtls_pk_restart_init(&rs_ctx);
mbedtls_pk_init(&prv);
mbedtls_pk_init(&pub);
+ USE_PSA_INIT();
+
memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0);
- TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0);
- TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec(prv)->d, d_str) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(prv)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_test_read_mpi(&mbedtls_pk_ec_rw(prv)->d, d_str) == 0);
TEST_ASSERT(mbedtls_pk_setup(&pub, mbedtls_pk_info_from_type(pk_type)) == 0);
- TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(pub)->grp, grp_id) == 0);
- TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec(pub)->Q, 16, QX_str, QY_str) == 0);
+ TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(pub)->grp, grp_id) == 0);
+ TEST_ASSERT(mbedtls_ecp_point_read_string(&mbedtls_pk_ec_rw(pub)->Q, 16, QX_str, QY_str) == 0);
mbedtls_ecp_set_max_ops(max_ops);
@@ -915,12 +956,11 @@
mbedtls_pk_init(&pk);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
memset(output, 0, sizeof(output));
- USE_PSA_INIT();
-
/* encryption test */
/* init pk-rsa context */
@@ -988,15 +1028,13 @@
mbedtls_pk_context pk;
size_t olen;
- USE_PSA_INIT();
-
mbedtls_pk_init(&pk);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
-
/* init pk-rsa context */
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk);
@@ -1045,11 +1083,10 @@
mbedtls_svc_key_id_t key_id;
size_t olen;
- USE_PSA_INIT();
-
mbedtls_pk_init(&pk);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
@@ -1107,6 +1144,7 @@
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
memset(output, 0, sizeof(output));
@@ -1124,6 +1162,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1131,14 +1170,15 @@
void pk_rsa_overflow()
{
mbedtls_pk_context pk;
- size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
+ size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1;
unsigned char hash[50], sig[100];
+ mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
+
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
- mbedtls_pk_init(&pk);
-
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
@@ -1158,6 +1198,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1177,10 +1218,10 @@
size_t sig_len, ciph_len, test_len;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
- USE_PSA_INIT();
-
mbedtls_rsa_init(&raw);
- mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
+ mbedtls_pk_init(&rsa);
+ mbedtls_pk_init(&alt);
+ USE_PSA_INIT();
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
@@ -1274,12 +1315,12 @@
* - parse it to a PK context and verify the signature this way
*/
- PSA_ASSERT(psa_crypto_init());
+ mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if (PSA_KEY_TYPE_IS_RSA(psa_type_arg)) {
/* Create legacy RSA public/private key in PK context. */
- mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
@@ -1293,7 +1334,6 @@
mbedtls_ecp_group_id grpid = parameter_arg;
/* Create legacy EC public/private key in PK context. */
- mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
@@ -1315,8 +1355,8 @@
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy;
#else
- ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp),
- &(mbedtls_pk_ec(pk)->Q),
+ ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(pk)->grp),
+ &(mbedtls_pk_ec_ro(pk)->Q),
MBEDTLS_ECP_PF_UNCOMPRESSED,
&klen_legacy, pkey_legacy,
sizeof(pkey_legacy));
@@ -1378,10 +1418,10 @@
TEST_EQUAL(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0);
TEST_EQUAL(mbedtls_ecp_group_load(
- &(mbedtls_pk_ec(pk)->grp),
+ &(mbedtls_pk_ec_rw(pk)->grp),
(mbedtls_ecp_group_id) parameter_arg), 0);
- TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp),
- &(mbedtls_pk_ec(pk)->Q),
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_ro(pk)->grp),
+ &(mbedtls_pk_ec_rw(pk)->Q),
pkey_legacy_start, klen_legacy), 0);
#endif
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
@@ -1407,7 +1447,7 @@
size_t sig_len;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char hash[PSA_HASH_MAX_SIZE];
- size_t hash_len = mbedtls_hash_info_get_size(md_alg);
+ size_t hash_len = mbedtls_md_get_size_from_type(md_alg);
void const *options = NULL;
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
memset(hash, 0x2a, sizeof(hash));
@@ -1434,8 +1474,8 @@
TEST_ASSERT(mbedtls_pk_verify_ext(key_pk_type, options, &pk, md_alg,
hash, hash_len, sig, sig_len) == 0);
exit:
- PSA_DONE();
mbedtls_pk_free(&pk);
+ PSA_DONE();
}
/* END_CASE */
@@ -1450,7 +1490,7 @@
unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
unsigned char *pkey_start;
unsigned char hash[PSA_HASH_MAX_SIZE];
- psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
psa_algorithm_t psa_alg;
size_t hash_len = PSA_HASH_LENGTH(psa_md_alg);
void const *options = NULL;
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index eb76256..098fd5a 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -1,13 +1,13 @@
Parse RSA Key #1 (No password when required)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #2 (Correct password)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0
Parse RSA Key #3 (Wrong password)
-depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA :MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #4 (DES Encrypted)
@@ -974,6 +974,22 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_parse_public_keyfile_ec:"data_files/ec_bp512_pub.comp.pem":0
+Parse Public EC Key #10 (RFC 8410, DER, X25519)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.der":0
+
+Parse Public EC Key #11 (RFC 8410, DER, X448)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.der":0
+
+Parse Public EC Key #12 (RFC 8410, PEM, X25519)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_x25519_pub.pem":0
+
+Parse Public EC Key #13 (RFC 8410, PEM, X448)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_parse_public_keyfile_ec:"data_files/ec_x448_pub.pem":0
+
Parse EC Key #1 (SEC1 DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0
@@ -1082,6 +1098,22 @@
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP256K1_ENABLED:MBEDTLS_PK_PARSE_EC_EXTENDED
pk_parse_keyfile_ec:"data_files/ec_prv.specdom.der":"NULL":0
+Parse EC Key #16 (RFC 8410, DER, X25519)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_x25519_prv.der":"NULL":0
+
+Parse EC Key #17 (RFC 8410, DER, X448)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_x448_prv.der":"NULL":0
+
+Parse EC Key #18 (RFC 8410, PEM, X25519)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_x25519_prv.pem":"NULL":0
+
+Parse EC Key #19 (RFC 8410, PEM, X448)
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_parse_keyfile_ec:"data_files/ec_x448_prv.pem":"NULL":0
+
Key ASN1 (No data)
pk_parse_key:"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
@@ -1163,3 +1195,30 @@
Key ASN1 (ECPrivateKey, empty parameters)
depends_on:MBEDTLS_ECP_LIGHT
pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0)
+depends_on:MBEDTLS_ECP_C
+pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters)
+depends_on:MBEDTLS_ECP_LIGHT
+pk_parse_key:"3030020100300706032b656e050004220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, with NULL private key)
+depends_on:MBEDTLS_ECP_LIGHT
+pk_parse_key:"300e020100300506032b656e04020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey with invalid AlgorithIdentifier)
+pk_parse_key:"3013020100300a06082b0601040181fd5904020500":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, with unsupported attributes)
+depends_on:MBEDTLS_ECP_LIGHT
+pk_parse_key:"304f020100300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c6520436861697273":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key)
+depends_on:MBEDTLS_ECP_LIGHT
+pk_parse_key:"3051020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a598121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
+
+Key ASN1 (OneAsymmetricKey X25519, unsupported version 2 with public key and unsupported attributes)
+depends_on:MBEDTLS_ECP_LIGHT
+pk_parse_key:"3072020101300506032b656e04220420b06d829655543a51cba36e53522bc0acfd60af59466555fb3e1e796872ab1a59a01f301d060a2a864886f70d01090914310f0c0d437572646c65204368616972738121009bc3b0e93d8233fe6a8ba6138948cc12a91362d5c2ed81584db05ab5419c9d11":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 751482a..6fa78c1 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -3,6 +3,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/ecp.h"
+#include "pk_internal.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -17,9 +18,8 @@
int res;
char *pwd = password;
- MD_PSA_INIT();
-
mbedtls_pk_init(&ctx);
+ MD_PSA_INIT();
if (strcmp(pwd, "NULL") == 0) {
pwd = NULL;
@@ -50,9 +50,8 @@
mbedtls_pk_context ctx;
int res;
- MD_PSA_INIT();
-
mbedtls_pk_init(&ctx);
+ MD_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
@@ -78,20 +77,28 @@
int res;
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
TEST_ASSERT(res == result);
if (res == 0) {
- mbedtls_ecp_keypair *eckey;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
- eckey = mbedtls_pk_ec(ctx);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ /* No need to check whether the parsed public point is on the curve or
+ * not because this is already done by the internal "pk_get_ecpubkey()"
+ * function */
+#else
+ const mbedtls_ecp_keypair *eckey;
+ eckey = mbedtls_pk_ec_ro(ctx);
TEST_ASSERT(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q) == 0);
+#endif
}
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -101,8 +108,8 @@
mbedtls_pk_context ctx;
int res;
- USE_PSA_INIT();
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password,
mbedtls_test_rnd_std_rand, NULL);
@@ -110,10 +117,13 @@
TEST_ASSERT(res == result);
if (res == 0) {
- mbedtls_ecp_keypair *eckey;
TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
- eckey = mbedtls_pk_ec(ctx);
+#if defined(MBEDTLS_ECP_C)
+ const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0);
+#else
+ /* PSA keys are already checked on import so nothing to do here. */
+#endif
}
exit:
@@ -128,11 +138,13 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL) == result);
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index a339cdb..4199ff2 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -38,6 +38,22 @@
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
+Public key write check EC X25519
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM
+
+Public key write check EC X25519 (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER
+
+Public key write check EC X448
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM
+
+Public key write check EC X448 (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER
+
Private key write check RSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
pk_write_key_check:"data_files/server1.key":TEST_PEM
@@ -93,3 +109,47 @@
Private key write check EC Brainpool 512 bits (DER)
depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
+
+Private key write check EC X25519
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM
+
+Private key write check EC X25519 (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER
+
+Private key write check EC X448
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM
+
+Private key write check EC X448 (DER)
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER
+
+Derive public key RSA
+depends_on:MBEDTLS_RSA_C
+pk_write_public_from_private:"data_files/server1.key.der":"data_files/server1.pubkey.der"
+
+Derive public key RSA 4096
+depends_on:MBEDTLS_RSA_C
+pk_write_public_from_private:"data_files/rsa4096_prv.der":"data_files/rsa4096_pub.der"
+
+Derive public key EC 192 bits
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
+
+Derive public key EC 521 bits
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
+
+Derive public key EC Brainpool 512 bits
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
+
+Derive public key EC X25519
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+pk_write_public_from_private:"data_files/ec_x25519_prv.der":"data_files/ec_x25519_pub.der"
+
+Derive public key EC X448
+depends_on:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_CURVE448_ENABLED
+pk_write_public_from_private:"data_files/ec_x448_prv.der":"data_files/ec_x448_pub.der"
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index c0c5ad0..4820fbd 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,7 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "psa/crypto_sizes.h"
typedef enum {
TEST_PEM,
@@ -27,6 +28,43 @@
}
}
+static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p,
+ size_t *buf_len, int is_public_key, int is_der)
+{
+ int ret = 0;
+
+ if (is_der) {
+ if (is_public_key) {
+ ret = mbedtls_pk_write_pubkey_der(pk, *p, *buf_len);
+ } else {
+ ret = mbedtls_pk_write_key_der(pk, *p, *buf_len);
+ }
+ if (ret <= 0) {
+ return ret;
+ }
+
+ *p = *p + *buf_len - ret;
+ *buf_len = ret;
+ } else {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if (is_public_key) {
+ ret = mbedtls_pk_write_pubkey_pem(pk, *p, *buf_len);
+ } else {
+ ret = mbedtls_pk_write_key_pem(pk, *p, *buf_len);
+ }
+ if (ret != 0) {
+ return ret;
+ }
+
+ *buf_len = strlen((char *) *p) + 1; /* +1 takes the string terminator into account */
+#else
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
+ }
+
+ return 0;
+}
+
static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
mbedtls_pk_context key;
@@ -34,7 +72,14 @@
unsigned char *check_buf = NULL;
unsigned char *start_buf;
size_t buf_len, check_buf_len;
- int ret;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ USE_PSA_INIT();
+
+ mbedtls_pk_init(&key);
+ USE_PSA_INIT();
/* Note: if mbedtls_pk_load_file() successfully reads the file, then
it also allocates check_buf, which should be freed on exit */
@@ -56,48 +101,45 @@
ASSERT_ALLOC(buf, check_buf_len);
- mbedtls_pk_init(&key);
if (is_public_key) {
TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0);
- if (is_der) {
- ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len);
- } else {
-#if defined(MBEDTLS_PEM_WRITE_C)
- ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len);
-#else
- ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-#endif
- }
} else {
TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL), 0);
- if (is_der) {
- ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len);
- } else {
-#if defined(MBEDTLS_PEM_WRITE_C)
- ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len);
-#else
- ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
-#endif
- }
}
- if (is_der) {
- TEST_LE_U(1, ret);
- buf_len = ret;
- start_buf = buf + check_buf_len - buf_len;
- } else {
- TEST_EQUAL(ret, 0);
- buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */
- start_buf = buf;
- }
+ start_buf = buf;
+ buf_len = check_buf_len;
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
+ is_der), 0);
ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ /* Verify that pk_write works also for opaque private keys */
+ if (!is_public_key) {
+ memset(buf, 0, check_buf_len);
+ TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id,
+ PSA_ALG_NONE,
+ PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_NONE), 0);
+ start_buf = buf;
+ buf_len = check_buf_len;
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
+ is_der), 0);
+
+ ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(opaque_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_free(buf);
mbedtls_free(check_buf);
mbedtls_pk_free(&key);
+ USE_PSA_DONE();
}
/* END_HEADER */
@@ -121,3 +163,57 @@
goto exit; /* make the compiler happy */
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
+{
+ mbedtls_pk_context priv_key;
+ uint8_t *derived_key_raw = NULL;
+ size_t derived_key_len = 0;
+ uint8_t *pub_key_raw = NULL;
+ size_t pub_key_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_pk_init(&priv_key);
+ USE_PSA_INIT();
+
+ TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL,
+ mbedtls_test_rnd_std_rand, NULL), 0);
+ TEST_EQUAL(mbedtls_pk_load_file(pub_key_file, &pub_key_raw,
+ &pub_key_len), 0);
+
+ derived_key_len = pub_key_len;
+ ASSERT_ALLOC(derived_key_raw, derived_key_len);
+
+ TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
+ derived_key_len), pub_key_len);
+
+ ASSERT_COMPARE(derived_key_raw, derived_key_len,
+ pub_key_raw, pub_key_len);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw));
+
+ TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
+ PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_NONE), 0);
+
+ TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
+ derived_key_len), pub_key_len);
+
+ ASSERT_COMPARE(derived_key_raw, derived_key_len,
+ pub_key_raw, pub_key_len);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(opaque_key_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_free(derived_key_raw);
+ mbedtls_free(pub_key_raw);
+ mbedtls_pk_free(&priv_key);
+ USE_PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_platform.data b/tests/suites/test_suite_platform.data
index 557b586..4276b8f 100644
--- a/tests/suites/test_suite_platform.data
+++ b/tests/suites/test_suite_platform.data
@@ -4,9 +4,3 @@
Time: get seconds
time_get_seconds:
-
-Time: delay milliseconds
-time_delay_milliseconds:1000
-
-Time: delay seconds
-time_delay_seconds:1
diff --git a/tests/suites/test_suite_platform.function b/tests/suites/test_suite_platform.function
index 54ddd42..61681b8 100644
--- a/tests/suites/test_suite_platform.function
+++ b/tests/suites/test_suite_platform.function
@@ -10,7 +10,8 @@
#if defined(MBEDTLS_HAVE_TIME)
#include "mbedtls/platform_time.h"
-#ifdef WIN32
+#if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
+ defined(__MINGW32__) || defined(_WIN64)
#include <windows.h>
#elif _POSIX_C_SOURCE >= 199309L
#include <time.h>
@@ -19,7 +20,8 @@
#endif
void sleep_ms(int milliseconds)
{
-#ifdef WIN32
+#if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
+ defined(__MINGW32__) || defined(_WIN64)
Sleep(milliseconds);
#elif _POSIX_C_SOURCE >= 199309L
struct timespec ts;
@@ -38,8 +40,6 @@
/* END_DEPENDENCIES */
-
-
/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
void time_get_milliseconds()
{
@@ -66,6 +66,13 @@
mbedtls_ms_time_t current = mbedtls_ms_time();
mbedtls_ms_time_t elapsed_ms;
+ /*
+ * WARNING: DO NOT ENABLE THIS TEST. We keep the code here to document the
+ * reason.
+ *
+ * Windows CI reports random test fail on platform-suite. It might
+ * be caused by this case.
+ */
sleep_ms(delay_ms);
elapsed_ms = mbedtls_ms_time() - current;
@@ -76,6 +83,14 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_HAVE_TIME */
+
+/*
+ * WARNING: DO NOT ENABLE THIS TEST. We keep the code here to document the
+ * reason.
+ *
+ * The test often failed on the CI. See #1517. CI failures cannot be
+ * completely avoided due to out-of-sync clock sources.
+ */
void time_delay_seconds(int delay_secs)
{
mbedtls_time_t current = mbedtls_time(NULL);
@@ -84,7 +99,23 @@
sleep_ms(delay_secs * 1000);
elapsed_secs = mbedtls_time(NULL) - current;
- TEST_ASSERT(elapsed_secs >= delay_secs && elapsed_secs < 4 + delay_secs);
+
+ /*
+ * `mbedtls_time()` was defined as c99 function `time()`, returns the number
+ * of seconds since the Epoch. And it is affected by discontinuous changes
+ * from automatic drift adjustment or time setting system call. The POSIX.1
+ * specification for clock_settime says that discontinuous changes in
+ * CLOCK_REALTIME should not affect `nanosleep()`.
+ *
+ * If discontinuous changes occur during `nanosleep()`, we will get
+ * `elapsed_secs < delay_secs` for backward or `elapsed_secs > delay_secs`
+ * for forward.
+ *
+ * The following tolerance windows cannot be guaranteed.
+ * PLEASE DO NOT ENABLE IT IN CI TEST.
+ */
+ TEST_ASSERT(elapsed_secs - delay_secs >= -1 &&
+ elapsed_secs - delay_secs < 4);
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
diff --git a/tests/suites/test_suite_platform_printf.data b/tests/suites/test_suite_platform_printf.data
new file mode 100644
index 0000000..891771b
--- /dev/null
+++ b/tests/suites/test_suite_platform_printf.data
@@ -0,0 +1,114 @@
+# The test cases for printf and integers have two purposes: they exercise
+# the printf function family, and they exercise the passing of integers
+# and strings through the test framework.
+
+printf "%d", 0
+printf_int:"%d":0:"0"
+
+printf "%d", -0
+printf_int:"%d":-0:"0"
+
+printf "%d", 0x0
+printf_int:"%d":0x0:"0"
+
+printf "%d", 0x00
+printf_int:"%d":0x00:"0"
+
+printf "%d", 0x000000000000000000000000000000000000000000
+printf_int:"%d":0x000000000000000000000000000000000000000000:"0"
+
+printf "%d", -0x0
+printf_int:"%d":-0x0:"0"
+
+printf "%d", 1
+printf_int:"%d":1:"1"
+
+printf "%d", 0x1
+printf_int:"%d":0x1:"1"
+
+printf "%d", 0x0000000000000000000000000000000000000000001
+printf_int:"%d":0x0000000000000000000000000000000000000000001:"1"
+
+printf "%d", -1
+printf_int:"%d":-1:"-1"
+
+printf "%d", -0x1
+printf_int:"%d":-0x1:"-1"
+
+printf "%d", -0x0000000000000000000000000000000000000000001
+printf_int:"%d":-0x0000000000000000000000000000000000000000001:"-1"
+
+printf "%d", 2147483647
+printf_int:"%d":2147483647:"2147483647"
+
+printf "%d", 0x7fffffff
+printf_int:"%d":0x7fffffff:"2147483647"
+
+printf "%d", -2147483647
+printf_int:"%d":-2147483647:"-2147483647"
+
+printf "%d", -0x7fffffff
+printf_int:"%d":-0x7fffffff:"-2147483647"
+
+printf "%d", -2147483648
+printf_int:"%d":-2147483648:"-2147483648"
+
+printf "%d", -0x80000000
+printf_int:"%d":-0x80000000:"-2147483648"
+
+# Test that LONG_MAX is coming out untruncated through the test framework.
+printf "%lx", LONG_MAX
+printf_long_max:"%lx":LONG_MAX
+
+# The next few test cases exercise how the test framework handles special
+# characters in strings.
+printf "%c%c", SPACE, SPACE
+printf_char2:"%c%c":SPACE_CHAR:SPACE_CHAR:" "
+
+printf "%c%c", NEWLINE, SPACE
+printf_char2:"%c%c":NEWLINE_CHAR:SPACE_CHAR:"\n "
+
+printf "%c%c", DOUBLE QUOTE, SPACE
+printf_char2:"%c%c":DOUBLE_QUOTE_CHAR:SPACE_CHAR:"\" "
+
+printf "%c%c", COLON, SPACE
+printf_char2:"%c%c":COLON_CHAR:SPACE_CHAR:"\: "
+
+printf "%c%c", QUESTION, SPACE
+printf_char2:"%c%c":QUESTION_CHAR:SPACE_CHAR:"? "
+
+printf "%c%c", BACKSLASH, SPACE
+printf_char2:"%c%c":BACKSLASH_CHAR:SPACE_CHAR:"\\ "
+
+printf "%c%c", SPACE, BACKSLASH
+printf_char2:"%c%c":SPACE_CHAR:BACKSLASH_CHAR:" \\"
+
+printf "%c%c", COLON, COLON
+printf_char2:"%c%c":COLON_CHAR:COLON_CHAR:"\:\:"
+
+printf "%c%c", COLON, NEWLINE
+printf_char2:"%c%c":COLON_CHAR:NEWLINE_CHAR:"\:\n"
+
+printf "%c%c", QUESTION, QUESTION
+printf_char2:"%c%c":QUESTION_CHAR:QUESTION_CHAR:"??"
+
+printf "%c%c", QUESTION, NEWLINE
+printf_char2:"%c%c":QUESTION_CHAR:NEWLINE_CHAR:"?\n"
+
+printf "%c%c", BACKSLASH, NEWLINE
+printf_char2:"%c%c":BACKSLASH_CHAR:NEWLINE_CHAR:"\\\n"
+
+printf "%c%c", BACKSLASH, DOUBLE QUOTE
+printf_char2:"%c%c":BACKSLASH_CHAR:DOUBLE_QUOTE_CHAR:"\\\""
+
+printf "%c%c", BACKSLASH, COLON
+printf_char2:"%c%c":BACKSLASH_CHAR:COLON_CHAR:"\\\:"
+
+printf "%c%c", BACKSLASH, QUESTION
+printf_char2:"%c%c":BACKSLASH_CHAR:QUESTION_CHAR:"\\?"
+
+printf "%c%c", BACKSLASH, BACKSLASH
+printf_char2:"%c%c":BACKSLASH_CHAR:BACKSLASH_CHAR:"\\\\"
+
+printf "%c%c", BACKSLASH, n
+printf_char2:"%c%c":BACKSLASH_CHAR:LOWERCASE_N_CHAR:"\\n"
diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function
new file mode 100644
index 0000000..3c816fe
--- /dev/null
+++ b/tests/suites/test_suite_platform_printf.function
@@ -0,0 +1,89 @@
+/* BEGIN_HEADER */
+
+/* The printf test functions take a format argument from the test data
+ * for several reasons:
+ * - For some tests, it makes sense to vary the format.
+ * - For all tests, it means we're testing the actual printf function
+ * that parses the format at runtime, and not a compiler optimization.
+ * (It may be useful to add tests that allow compiler optimizations.
+ * There aren't any yet at the time of writing.)
+ */
+
+#include "mbedtls/platform.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define NEWLINE_CHAR '\n'
+#define SPACE_CHAR ' '
+#define DOUBLE_QUOTE_CHAR '"'
+#define COLON_CHAR ':'
+#define QUESTION_CHAR '?'
+#define BACKSLASH_CHAR '\\'
+#define LOWERCASE_N_CHAR 'n'
+/* END_HEADER */
+
+/* BEGIN_CASE */
+void printf_int(char *format, /* any format expecting one int argument, e.g. "%d" */
+ int x, char *result)
+{
+ char *output = NULL;
+ const size_t n = strlen(result);
+
+ /* Nominal case: buffer just large enough */
+ ASSERT_ALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x));
+ ASSERT_COMPARE(result, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void printf_long_max(const char *format, /* "%lx" or longer type */
+ long value)
+{
+ char *expected = NULL;
+ char *output = NULL;
+ /* 2 hex digits per byte */
+ const size_t n = sizeof(value) * 2;
+
+ /* We assume that long has no padding bits! */
+ ASSERT_ALLOC(expected, n + 1);
+ expected[0] = '7';
+ memset(expected + 1, 'f', sizeof(value) * 2 - 1);
+
+ ASSERT_ALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value));
+ ASSERT_COMPARE(expected, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+ mbedtls_free(expected);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void printf_char2(char *format, /* "%c%c" */
+ int arg1, int arg2, char *result)
+{
+ char *output = NULL;
+ const size_t n = strlen(result);
+
+ /* Nominal case: buffer just large enough */
+ ASSERT_ALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2));
+ ASSERT_COMPARE(result, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 2b4a188..7a202c4 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -506,6 +506,170 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0
+PSA import/export FFDH RFC7919 2048 key pair: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 2048 public key: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 3072 key pair: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 3072 public key: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 4096 key pair: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 4096 public key: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 6144 key pair: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 6144 public key: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 8192 key pair: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 8192 public key: good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1
+
+PSA import/export FFDH RFC7919 2048 key pair: export not permitterd
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1
+
+PSA import/export FFDH RFC7919 2040 key pair: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 2040 public key: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 3064 key pair: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 3064 public key: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 4088 key pair: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 4088 public key: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 6136 key pair: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 6136 public key: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 8184 key pair: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 8184 public key: import invalid key length
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT
+
+PSA import/export FFDH RFC7919 2048 key pair: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 2048 public key: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 3072 key pair: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 3072 public key: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 4096 key pair: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 4096 public key: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 6144 key pair: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 6144 public key: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 8192 key pair: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export FFDH RFC7919 8192 public key: export buffer to small
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1
+
+PSA import/export-public FFDH RFC7919 public key 2048 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0"
+
+PSA import/export-public FFDH RFC7919 key pair 2048 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729"
+
+PSA import/export-public FFDH RFC7919 public key 3072 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512"
+
+PSA import/export-public FFDH RFC7919 key pair 3072 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90"
+
+PSA import/export-public FFDH RFC7919 public key 4096 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B"
+
+PSA import/export-public FFDH RFC7919 key pair 4096 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355"
+
+PSA import/export-public FFDH RFC7919 public key 6144 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D"
+
+PSA import/export-public FFDH RFC7919 key pair 6144 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D"
+
+PSA import/export-public FFDH RFC7919 public key 8192 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187"
+
+PSA import/export-public FFDH RFC7919 key pair 8192 good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187"
+
PSA import: reject raw data key of length 0
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
import_with_data:"":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT
@@ -1039,10 +1203,6 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
-PSA key policy: agreement + KDF, wrong agreement algorithm
-depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
-agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED
-
PSA key policy: agreement + KDF, wrong KDF algorithm
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED
@@ -3045,7 +3205,7 @@
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
-depends_on:MBEDTLS_CHACHA20_C
+depends_on:PSA_WANT_KEY_TYPE_CHACHA20
aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_INVALID_ARGUMENT
PSA Multipart AEAD encrypt: AES - CCM, 23 bytes (lengths set)
@@ -5031,6 +5191,9 @@
depends_on:PSA_WANT_ALG_SHA_256
derive_setup:PSA_ALG_CATEGORY_KEY_DERIVATION:PSA_ERROR_NOT_SUPPORTED
+Parse binary string
+parse_binary_string_test:"123456":0x123456
+
PSA key derivation: HKDF-SHA-256, good case, direct output
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
@@ -5159,6 +5322,23 @@
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: HKDF-SHA-256, reject using input integer with direct secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:INPUT_INTEGER:"0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject input cost step using input_bytes
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:PSA_KEY_TYPE_NONE:"100000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, input cost using input_integer after secret
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"100000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: HKDF-SHA-256, reject input cost using input_integer after secret and info
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"100000":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+
PSA key derivation: TLS 1.2 PRF SHA-256, good case
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
@@ -5287,6 +5467,79 @@
depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, good case, key output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS
+#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, salt missing
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, password missing
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, password before cost
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, DERIVE key as salt
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, duplicate cost step
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED
+
+PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, reject label step
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: PBKDF2-HMAC-SHA256, reject seed step
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256
+derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation over capacity: HKDF
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256)
@@ -6474,6 +6727,38 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448
raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d"
+PSA raw key agreement: FFDH 2048 bits
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230"
+
+PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros)
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba"
+
+PSA raw key agreement: FFDH 3072 bits
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0"
+
+PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros)
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b"
+
+PSA raw key agreement: FFDH 4096 bits
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1"
+
+PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros)
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c"
+
+PSA raw key agreement: FFDH 6144 bits
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894"
+
+PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros)
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5"
+
PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160
@@ -6502,6 +6787,54 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256
key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":""
+PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":""
+
+PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da"
+
+PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada"
+
+PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":""
+
+PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6"
+
+PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6"
+
+PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":""
+
+PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87"
+
+PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87"
+
+PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":""
+
+PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c"
+
+PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c"
+
PSA generate random: 0 bytes
generate_random:0
@@ -6659,6 +6992,30 @@
PSA generate key: RSA, e=2
generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT
+PSA generate key: FFDH, 2048 bits, good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
+
+PSA generate key: FFDH, 3072 bits, good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
+
+PSA generate key: FFDH, 4096 bits, good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
+
+PSA generate key: FFDH, 6144 bits, good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
+
+PSA generate key: FFDH, 8192 bits, good
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
+
+PSA generate key: FFDH, 1024 bits, invalid bits
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR
+generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):1024:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_ERROR_NOT_SUPPORTED:0
+
PSA import persistent key: raw data, 8 bits
depends_on:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C
persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index cd8a7b5..b0123d9 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -294,6 +294,19 @@
((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+#define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */
+
+uint64_t parse_binary_string(data_t *bin_string)
+{
+ uint64_t result = 0;
+ TEST_LE_U(bin_string->len, 8);
+ for (size_t i = 0; i < bin_string->len; i++) {
+ result = result << 8 | bin_string->x[i];
+ }
+exit:
+ return result; /* returns 0 if len > 8 */
+}
+
/* An overapproximation of the amount of storage needed for a key of the
* given type and with the given content. The API doesn't make it easy
* to find a good value for the size. The current implementation doesn't
@@ -318,6 +331,7 @@
USE_GIVEN_TAG = 1,
} tag_usage_method_t;
+
/*!
* \brief Internal Function for AEAD multipart tests.
* \param key_type_arg Type of key passed in
@@ -1516,8 +1530,15 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_type(&attributes, type);
+ if (PSA_KEY_TYPE_IS_DH(type) &&
+ expected_export_status == PSA_ERROR_BUFFER_TOO_SMALL) {
+ /* Simulate that buffer is too small, by decreasing its size by 1 byte. */
+ export_size -= 1;
+ }
+
/* Import the key */
- PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key));
+ TEST_EQUAL(psa_import_key(&attributes, data->x, data->len, &key),
+ PSA_SUCCESS);
/* Test the key information */
PSA_ASSERT(psa_get_key_attributes(key, &got_attributes));
@@ -2408,12 +2429,12 @@
/* BEGIN_CASE */
void copy_success(int source_usage_arg,
int source_alg_arg, int source_alg2_arg,
- unsigned int source_lifetime_arg,
+ int source_lifetime_arg,
int type_arg, data_t *material,
int copy_attributes,
int target_usage_arg,
int target_alg_arg, int target_alg2_arg,
- unsigned int target_lifetime_arg,
+ int target_lifetime_arg,
int expected_usage_arg,
int expected_alg_arg, int expected_alg2_arg)
{
@@ -8446,6 +8467,15 @@
/* END_CASE */
/* BEGIN_CASE */
+void parse_binary_string_test(data_t *input, int output)
+{
+ uint64_t value;
+ value = parse_binary_string(input);
+ TEST_EQUAL(value, output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void derive_input(int alg_arg,
int step_arg1, int key_type_arg1, data_t *input1,
int expected_status_arg1,
@@ -8457,7 +8487,7 @@
{
psa_algorithm_t alg = alg_arg;
psa_key_derivation_step_t steps[] = { step_arg1, step_arg2, step_arg3 };
- psa_key_type_t key_types[] = { key_type_arg1, key_type_arg2, key_type_arg3 };
+ uint32_t key_types[] = { key_type_arg1, key_type_arg2, key_type_arg3 };
psa_status_t expected_statuses[] = { expected_status_arg1,
expected_status_arg2,
expected_status_arg3 };
@@ -8484,12 +8514,13 @@
mbedtls_test_set_step(i);
if (steps[i] == 0) {
/* Skip this step */
- } else if (key_types[i] != PSA_KEY_TYPE_NONE) {
- psa_set_key_type(&attributes, key_types[i]);
+ } else if (((psa_key_type_t) key_types[i]) != PSA_KEY_TYPE_NONE &&
+ key_types[i] != INPUT_INTEGER) {
+ psa_set_key_type(&attributes, ((psa_key_type_t) key_types[i]));
PSA_ASSERT(psa_import_key(&attributes,
inputs[i]->x, inputs[i]->len,
&keys[i]));
- if (PSA_KEY_TYPE_IS_KEY_PAIR(key_types[i]) &&
+ if (PSA_KEY_TYPE_IS_KEY_PAIR((psa_key_type_t) key_types[i]) &&
steps[i] == PSA_KEY_DERIVATION_INPUT_SECRET) {
// When taking a private key as secret input, use key agreement
// to add the shared secret to the derivation
@@ -8502,10 +8533,17 @@
expected_statuses[i]);
}
} else {
- TEST_EQUAL(psa_key_derivation_input_bytes(
- &operation, steps[i],
- inputs[i]->x, inputs[i]->len),
- expected_statuses[i]);
+ if (key_types[i] == INPUT_INTEGER) {
+ TEST_EQUAL(psa_key_derivation_input_integer(
+ &operation, steps[i],
+ parse_binary_string(inputs[i])),
+ expected_statuses[i]);
+ } else {
+ TEST_EQUAL(psa_key_derivation_input_bytes(
+ &operation, steps[i],
+ inputs[i]->x, inputs[i]->len),
+ expected_statuses[i]);
+ }
}
}
diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data
index c467d01..b9f68e1 100644
--- a/tests/suites/test_suite_psa_crypto_pake.data
+++ b/tests/suites/test_suite_psa_crypto_pake.data
@@ -48,11 +48,11 @@
PSA PAKE: set invalid user
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
-ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"aaaa":"server":0:ERR_IN_SET_USER:PSA_ERROR_NOT_SUPPORTED
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"something":"server":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED
PSA PAKE: set invalid peer
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
-ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"aaaa":0:ERR_IN_SET_PEER:PSA_ERROR_NOT_SUPPORTED
+ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"something":0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED
PSA PAKE: user already set
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
@@ -220,9 +220,6 @@
PSA PAKE: input getters: cipher suite
pake_input_getters_cipher_suite
-PSA PAKE: input getters: role
-pake_input_getters_role
-
PSA PAKE: input getters: user
pake_input_getters_user
diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function
index ecbd363..52380de 100644
--- a/tests/suites/test_suite_psa_crypto_pake.function
+++ b/tests/suites/test_suite_psa_crypto_pake.function
@@ -989,8 +989,7 @@
&buffer_len_ret),
PSA_SUCCESS);
- TEST_EQUAL(buffer_len_ret, strlen(password));
- PSA_ASSERT(memcmp(password_ret, password, buffer_len_ret));
+ ASSERT_COMPARE(password_ret, buffer_len_ret, password, strlen(password));
exit:
PSA_ASSERT(psa_destroy_key(key));
PSA_ASSERT(psa_pake_abort(&operation));
@@ -1023,7 +1022,8 @@
TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret),
PSA_SUCCESS);
- PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite)));
+ ASSERT_COMPARE(&cipher_suite_ret, sizeof(cipher_suite_ret),
+ &cipher_suite, sizeof(cipher_suite));
exit:
PSA_ASSERT(psa_pake_abort(&operation));
@@ -1032,47 +1032,11 @@
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
-void pake_input_getters_role()
-{
- psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
- psa_pake_operation_t operation = psa_pake_operation_init();
- psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE;
-
- psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE(
- PSA_PAKE_PRIMITIVE_TYPE_ECC,
- PSA_ECC_FAMILY_SECP_R1, 256);
-
- PSA_INIT();
-
- psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
- psa_pake_cs_set_primitive(&cipher_suite, primitive);
- psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
-
- PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
-
- TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret),
- PSA_ERROR_BAD_STATE);
-
- /* Role can not be set directly using psa_pake_set_role(). It is set by the core
- based on given user/peer identifiers. Simulate that Role is already set. */
- operation.data.inputs.role = PSA_PAKE_ROLE_SERVER;
- TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret),
- PSA_SUCCESS);
-
- TEST_EQUAL(role_ret, PSA_PAKE_ROLE_SERVER);
-exit:
- PSA_ASSERT(psa_pake_abort(&operation));
- PSA_DONE();
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */
void pake_input_getters_user()
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init();
- const uint8_t user[] = { 's', 'e', 'r', 'v', 'e', 'r' };
- const size_t user_len = sizeof(user);
+ const char *users[] = { "client", "server", "other" };
uint8_t user_ret[20] = { 0 }; // max user length is 20 bytes
size_t user_len_ret = 0;
size_t buffer_len_ret = 0;
@@ -1087,37 +1051,43 @@
psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
- PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
+ for (size_t i = 0; i < ARRAY_LENGTH(users); i++) {
+ uint8_t *user = (uint8_t *) users[i];
+ uint8_t user_len = strlen(users[i]);
- TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
- (uint8_t *) &user_ret,
- 10, &buffer_len_ret),
- PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_pake_abort(&operation));
- TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
- PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
- PSA_ASSERT(psa_pake_set_user(&operation, user, user_len));
+ TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
+ (uint8_t *) &user_ret,
+ 10, &buffer_len_ret),
+ PSA_ERROR_BAD_STATE);
- TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
- PSA_SUCCESS);
+ TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
+ PSA_ERROR_BAD_STATE);
- TEST_EQUAL(user_len_ret, user_len);
+ PSA_ASSERT(psa_pake_set_user(&operation, user, user_len));
- TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
- (uint8_t *) &user_ret,
- user_len_ret - 1,
- &buffer_len_ret),
- PSA_ERROR_BUFFER_TOO_SMALL);
+ TEST_EQUAL(psa_crypto_driver_pake_get_user_len(&operation.data.inputs, &user_len_ret),
+ PSA_SUCCESS);
- TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
- (uint8_t *) &user_ret,
- user_len_ret,
- &buffer_len_ret),
- PSA_SUCCESS);
+ TEST_EQUAL(user_len_ret, user_len);
- TEST_EQUAL(buffer_len_ret, user_len);
- PSA_ASSERT(memcmp(user_ret, user, buffer_len_ret));
+ TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
+ (uint8_t *) &user_ret,
+ user_len_ret - 1,
+ &buffer_len_ret),
+ PSA_ERROR_BUFFER_TOO_SMALL);
+
+ TEST_EQUAL(psa_crypto_driver_pake_get_user(&operation.data.inputs,
+ (uint8_t *) &user_ret,
+ user_len_ret,
+ &buffer_len_ret),
+ PSA_SUCCESS);
+
+ ASSERT_COMPARE(user_ret, buffer_len_ret, user, user_len);
+ }
exit:
PSA_ASSERT(psa_pake_abort(&operation));
PSA_DONE();
@@ -1129,8 +1099,7 @@
{
psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init();
psa_pake_operation_t operation = psa_pake_operation_init();
- const uint8_t peer[] = { 's', 'e', 'r', 'v', 'e', 'r' };
- const size_t peer_len = sizeof(peer);
+ const char *peers[] = { "client", "server", "other" };
uint8_t peer_ret[20] = { 0 }; // max peer length is 20 bytes
size_t peer_len_ret = 0;
size_t buffer_len_ret = 0;
@@ -1145,37 +1114,43 @@
psa_pake_cs_set_primitive(&cipher_suite, primitive);
psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
- PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
+ for (size_t i = 0; i < ARRAY_LENGTH(peers); i++) {
+ uint8_t *peer = (uint8_t *) peers[i];
+ uint8_t peer_len = strlen(peers[i]);
- TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
- (uint8_t *) &peer_ret,
- 10, &buffer_len_ret),
- PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_pake_abort(&operation));
- TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
- PSA_ERROR_BAD_STATE);
+ PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite));
- PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len));
+ TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
+ (uint8_t *) &peer_ret,
+ 10, &buffer_len_ret),
+ PSA_ERROR_BAD_STATE);
- TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
- PSA_SUCCESS);
+ TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
+ PSA_ERROR_BAD_STATE);
- TEST_EQUAL(peer_len_ret, peer_len);
+ PSA_ASSERT(psa_pake_set_peer(&operation, peer, peer_len));
- TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
- (uint8_t *) &peer_ret,
- peer_len_ret - 1,
- &buffer_len_ret),
- PSA_ERROR_BUFFER_TOO_SMALL);
+ TEST_EQUAL(psa_crypto_driver_pake_get_peer_len(&operation.data.inputs, &peer_len_ret),
+ PSA_SUCCESS);
- TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
- (uint8_t *) &peer_ret,
- peer_len_ret,
- &buffer_len_ret),
- PSA_SUCCESS);
+ TEST_EQUAL(peer_len_ret, peer_len);
- TEST_EQUAL(buffer_len_ret, peer_len);
- PSA_ASSERT(memcmp(peer_ret, peer, buffer_len_ret));
+ TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
+ (uint8_t *) &peer_ret,
+ peer_len_ret - 1,
+ &buffer_len_ret),
+ PSA_ERROR_BUFFER_TOO_SMALL);
+
+ TEST_EQUAL(psa_crypto_driver_pake_get_peer(&operation.data.inputs,
+ (uint8_t *) &peer_ret,
+ peer_len_ret,
+ &buffer_len_ret),
+ PSA_SUCCESS);
+
+ ASSERT_COMPARE(peer_ret, buffer_len_ret, peer, peer_len);
+ }
exit:
PSA_ASSERT(psa_pake_abort(&operation));
PSA_DONE();
diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data
index 2af85c3..5769aa2 100644
--- a/tests/suites/test_suite_shax.data
+++ b/tests/suites/test_suite_shax.data
@@ -184,3 +184,2233 @@
SHA-512 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA512_C
sha512_selftest:
+
+SHA3_224 short #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4"
+
+SHA3_224 short #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"69cb":"94bd25c4cf6ca889126df37ddd9c36e6a9b28a4fe15cc3da6debcdd7"
+
+SHA3_224 short #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"bf5831":"1bb36bebde5f3cb6d8e4672acf6eec8728f31a54dacc2560da2a00cc"
+
+SHA3_224 short #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d148ce6d":"0b521dac1efe292e20dfb585c8bff481899df72d59983315958391ba"
+
+SHA3_224 short #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"91c71068f8":"989f017709f50bd0230623c417f3daf194507f7b90a11127ba1638fa"
+
+SHA3_224 short #5
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4"
+
+SHA3_224 short #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d85e470a7c6988":"8a134c33c7abd673cd3d0c33956700760de980c5aee74c96e6ba08b2"
+
+SHA3_224 short #7
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e4ea2c16366b80d6":"7dd1a8e3ffe8c99cc547a69af14bd63b15ac26bd3d36b8a99513e89e"
+
+SHA3_224 short #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"b29373f6f8839bd498":"e02a13fa4770f824bcd69799284878f19bfdc833ac6d865f28b757d0"
+
+SHA3_224 short #9
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"49ec72c29b63036dbecd":"47cab44618f62dd431ccb13b3b9cd985d816c5d6026afc38a281aa00"
+
+SHA3_224 short #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"502f4e28a6feb4c6a1cc47":"bbe61d85b4cae716329e2bcc4038e282b4d7836eb846228835f65308"
+
+SHA3_224 short #11
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e723c64b2258b5124f88405f":"d09da094cfefaad46b7b335830a9305570f4f4afe79f8629ff9d0c3d"
+
+SHA3_224 short #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0d512eceb74d8a047531c1f716":"29ae0744051e55167176317eb17850a22939d8d94ebb0a90b6d98fde"
+
+SHA3_224 short #13
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"3b9ab76a23ae56340b5f4b80e1f3":"c0903be96f38051cfc2a5ad256aa0b8332217f450eab904ee84b6541"
+
+SHA3_224 short #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e9fef751a20297ad1938662d131e7a":"48eba36dfe0575597d13ca26133267199dae76d63d1b9e9612720d08"
+
+SHA3_224 short #15
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"2bbb42b920b7feb4e3962a1552cc390f":"0dfa61f6b439bf8e3a6f378fe30a4134e8b2dfb652997a2a76c2789f"
+
+SHA3_224 short #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"2254e100bde9295093565a94877c21d05a":"6965256463276dbb26ad34a378c4bacaeae79d700283b188d44d73eb"
+
+SHA3_224 short #17
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"784ef7adecbb9a4cb5ac1df8513d87ae9772":"e918a5d52a0d42ab8ba2ea386eb6ad83cb8dd9a6bd461506be356ead"
+
+SHA3_224 short #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f4e68964f784fe5c4d0e00bb4622042fa7048e":"765f050c95ae3347cf3f4f5032b428faeab13694e8c7798eafb82475"
+
+SHA3_224 short #19
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"a9ca7ec7aaf89db352fecba646ff73efe8e4a7e8":"65d6a49739c0e287584ff9d1f3463ce2e555ae9678147e21b5889e98"
+
+SHA3_224 short #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"b2f7018581a4e459cf9b9d9816fc17903ba8033f13":"c6837f12227bfbd86ccfe794053ce3a54052c8ca8430f526fd64b5f2"
+
+SHA3_224 short #21
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f50086b4dc7bca0baec0076a878dd89571d52e47855b":"e39aa96fad581961bda032ed33dce36defde958baf9bae5dc558cf89"
+
+SHA3_224 short #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6e6ef963f5000d0b91b0ad537ddc9697f8db8f10a3d5ee":"66dcb292b4d6bb4cdd4099b8e7bfea9658680c92c51562c091577056"
+
+SHA3_224 short #23
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"12a7b1a73b0b26a66362ec2a91ea5ff11af49a7a148a8cc5":"6fc91ec8ad448173f591b865ed3eb89115a278003376523c00e22f2a"
+
+SHA3_224 short #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"8a4768add4a9bd7b3f27461220ceae0218cf3322f4d2a980d1":"9a88bc64e743f2acaa1670cca7e201a299e1cce6df7015b0d2535213"
+
+SHA3_224 short #25
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"5c5b8c1902c8608c204e72a813e2b625021b3182c48b00f7fe4f":"31802a0fa9ae7ae88626604ad9ae41381d6f7c3c90effcfcf70efcf7"
+
+SHA3_224 short #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e89e5cf07afb4a58ebeee17ff596d90b3274ba348f14f284fff025":"3bc9b7973f55735b612ddee8cc7907a3f1429b06df7cb1293b989802"
+
+SHA3_224 short #27
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"eb9e1143782a0f9fa815261c2adc2758fb1d88ffe40a0ae144189a48":"9d70d22520094a113297a192ead33e316924fdc7a2a9f8ea7098b84b"
+
+SHA3_224 short #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"c4ba3bff885fb78357221a9a903bc7ebd11c771faf5789e5aabc993a5f":"7b0212b4ee0b14dba62c2db7a765ac56db46e0b06eb744ee35726ddd"
+
+SHA3_224 short #29
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"07810e6b785177e52d0feac0394f3ecc41f35aa08ff1ed8162575f85888c":"b413d6f0cce14b7a1044a14bb2803d53bef907093769a5aa63a8e316"
+
+SHA3_224 short #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"01c742dc9ab0b05df925d4a351e38bea7ca7ad783594e22487d5b8198583f3":"c42c707ddc7b630939544adbdbe567a333ac88c3b5e738dee8f862be"
+
+SHA3_224 short #31
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"dd0f85b55fdf56ba254e06f8c2b650cc6b86bf28a14d714011141a86b8f14bd9":"0fe92469297c2c34911eae424710db6d312047898b9756edc5c2deb2"
+
+SHA3_224 short #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ddf48f4cdc856c448326092dcf6bfc4ebcf4b36fc2e516eba0956807588b6e827b":"6cd83ba70e1bd387d603ab14c9fdcbf9862d2ebf0987215f011abee8"
+
+SHA3_224 short #33
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"c34d1f8729663569569f87b1fd6e0b954ae2e3b723d6c9fcae6ab09b13b4a87483b2":"e57e1d24dbd9a30ab311291f5d6a95530caa029c421dde0b487a577e"
+
+SHA3_224 short #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"808de7cbf8d831ad4f17eb58031daed38bdab82f467f87c6b2e3a7c5de25c8e8229413":"b3c13f11227f4386afdcf7663a120990f27da205ffb9bf83676f86dc"
+
+SHA3_224 short #35
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"5204a0a63707bd1cab67a8797994a052ee73884b325fdf37d86ef280b3f550c9eb4e7fd3":"6aa1060f84127bf2c988230a907242e7d6972a01c6772ba0f7b8bc86"
+
+SHA3_224 short #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"da9439bd090dfc2eccc1203a7a82c5d6467fec4e5b0a2b2c2b9ea65b03203a8ce365fbd98e":"e8f0929f1f6209d41185292d35ebbf5a3bfe5492713b06d56579458d"
+
+SHA3_224 short #37
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"668bbd38c0ad0881a7f095157d00f29b576b01ba54a8f1392e586c640ecb12b2a5c627a67884":"75dd056962c5bb5d6f616a9f57892992946d048df57c0a36a40a365a"
+
+SHA3_224 short #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d63ac3bcfee3a5bc503cf20fe8ff496bf7a8064769870c8fc514c29b55825b6288975beb94ba56":"c694da941a7a506cef471fdffb5230bb6c3cd2715341033ab7268e9b"
+
+SHA3_224 short #39
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"985f06121aed603171020badc2075fd33256d67d40430839575ddaa7a3f1f22325d06ea40252d5e4":"29f8846aaf234281b515ea1d45674535a6126c38bd959c1995cad7c9"
+
+SHA3_224 short #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"8783849552be4540cb24d67996a10d16444b2d936d2fa5fcff51fb0dd5ee03998c0454289215fce47f":"84502256e3f4291ef4d15e8705e579951fc0e39a2d58fda74852551f"
+
+SHA3_224 short #41
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"dab31c7b3f40825aac13f6772771b7e7fbc09fedf6eff778d51190ecfd4b0f256cf189baeeec507e945f":"97168a9c3b07ec4987a4cf1f2478731fc674f56a2caeef074590ed6b"
+
+SHA3_224 short #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"1119b962bed5815734af7827ec536701a494ac5d4ab83eea1b16ecc80ce4e5f8694a7d11bcba2e34f084dd":"205d89e032f03c8519cf43b720478389b1788f3522c3d347febd2c70"
+
+SHA3_224 short #43
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d2c45e2c1fa0c44efc84e6c0654cc0d867a3e33733c725aa718d974ed6a4b7f8f91de7d3622b1e4be428de2a":"d483e39b7add050eb4a793e54c85b250746e382399c74736f33da890"
+
+SHA3_224 short #44
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"a873b148fe1807b89cbed930a7802abad6ca0442340e62ed21b84ead9a634713bb4de5648208c0eed6738d9cc8":"c86bcc12a6ab792c149aa83a6783ca8bb52b0ca4b2c12661c0a25d22"
+
+SHA3_224 short #45
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"b3008f6f567d1eed9ab5b3bbce824d290e66f66bcfcff7f9b8994835b4d54a4e45c9b8651b37dbefe5e3fe5b674f":"23929753ad07e8476e7bdac8a0ca39e9aac158132653be10ebeeb50c"
+
+SHA3_224 short #46
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"78d073b4e13f6850dc1ca36683abac72336465d790eb3575c942667d1e3ecc849f37a8d73604cb0fe726ffe55744a2":"6229233fc655ea48bb5b48b73a081897d855f6cf10478228fc305842"
+
+SHA3_224 short #47
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"45325b80e043c0cdce3ec421ecda529481910c09730128b4bb927dda1659ddd8fd3ca667d857941e6f9fd939a1c57098":"776aa1f54e038f390491a5d69bde7a2dbcba97c35574ebe60c9a772f"
+
+SHA3_224 short #48
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"3bdd6821d938fac52101fbee5d6ba191fb3b6cb634dbf42cebaae57bd897481ae5ee04e2d871a4c333ab5ab6588144f2f1":"62f8f3baea6dcf5af25d53ddfdac0bdcde88e3895df567c6c416a541"
+
+SHA3_224 short #49
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"86fc66f2618c98fe9efa1e3ac04e340385dc2b746cbc0f7c757b88342810fe70d81200952928e7aad0c0b6b19a044537b009":"20a21eb1d3130a4519ce6abd5ab6817081ae1bef3603056476a00e41"
+
+SHA3_224 short #50
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f2a6168e7f92d313fc30f9e6f825a480916216f02e0308db70773ec165e25e81ffbf0220c5ca0cc6c91d3a09da99fa6efa877f":"5d6e5c82574f5e5c0339d3af1f9c28e17bcddc306a15187aff5d3dd7"
+
+SHA3_224 short #51
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"5e3b6b75b54f21b8016effb39276f5e7f493117ac4c0f2dec38a80ae2917dad83c68900120db1325f1f4697e0f5c25a8b92a9702":"5dc2147f1cf655dabb5ca4b2970b4564eb19ec456e6f966bbae19762"
+
+SHA3_224 short #52
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e7f17c131950c06311f47799a0f5a6b4996f4cc890334450e1bd6cc6f5670771c0dc607f8eceb15300ec4220510ed5b7deb3429de6":"4ce80dab9f933112a3fd78c1f76434b197806eddfe35cb0bdd845c15"
+
+SHA3_224 short #53
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"c9aa3d0f6d878db11235e7b028f8d67e2ce26eee718f308e21132e377e3170e26ece95bd37a4bd7f873ba7f8b71517ec50297b21cf94":"5963b41b13925a90c9e8fbcded9a82ade8aae36dee920199f6d6ac7f"
+
+SHA3_224 short #54
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0f170afafcefdfa8b0de328dab30b4e44d98d6aea2bc39557ff4658fce4fbf8526d8b5359f173c14e4da7cf88935c9369fc7d607863f25":"fe7e59028c7855c37ae3dc5ee324864cfee6b8bccc2c3b5a410b65d9"
+
+SHA3_224 short #55
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6b2b92584146a433bee8b947cc1f35b617b73f5b1e0376ac8bdadfe5bfdf2263b205f74dfa53db7a29e5078f5c34a268119736ba390961f6":"132cfa7e71fe0991abbd88ef588ac95ac9289b1d775b42033567dd33"
+
+SHA3_224 short #56
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"39f7a94312bea1b4fa989f5a6775df538f01704120838c4a3104256478b5c0cfbe8b86e2912c980b390ea412edddb69d461e50f9f313bc17af":"fcc59655b8fec1a3d878345df9108bd99f4dd0e5218a55fc335e57f7"
+
+SHA3_224 short #57
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ac582b5a4bb0c5e9c40d8f277bda9de3d07fff01e820a1cdaf88708f1d60be60b9a5e83b5c593657387802b4182d1df4e9466e6d7ae6dc7c8079":"5c2e10fae8f4304cd9361690e5d2c4cd15f10a7b14ea60208739579b"
+
+SHA3_224 short #58
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"072753981998453438a520d9de2d5704292910148b8f794ec3765b240c7af1b79462fa9a2f000dd94d592d3a2a069dc244daf57b12c57675f3f89b":"b0d290a6ebdd950811a2715f354b0d8935cb610a471cfc5dff5e0660"
+
+SHA3_224 short #59
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"66a9a6d0a322ed2852378af82c0a2c027b1082098ab750925a4dc2e8961d0062c9db02e8cf42a6b48afb0056d6c1f1fbbec3fbeef049535f6e9b3864":"d683488c8420eb2d61e528ab0a7b73aa780a085b9c7982293b2ac6ad"
+
+SHA3_224 short #60
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"18419a8498d4e9bfaa911748186c5753d5da5aa033371ffc56650d0ae9b73f430f0d1f3c9d40362786c0429d977b899b64016eca82e64203f6685c12ee":"51d0cd33fd6579b05c366c6fcc653638b7b13b62798b99b36792cdc4"
+
+SHA3_224 short #61
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"4fc52009d58a0fc2573e83fa335b5c1df8c14b2e6daaf05bd6e13fd5722f28de4816772424c2f94ddc3de0d3d7e26812d014bb9fd83012dc9abf1ec9e3f1":"630ee2beaf1c1592eaa6263fc562a260b6054e9eab1aa19536fda170"
+
+SHA3_224 short #62
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"acdaa28692f334732088f5efab2c7951fe0f845b9e2c6f1253c3cdcde30a4e8d2120e38c26422219df41eda2c8334e13f669a65f5ba2075b467eded32936d5":"7d4991d54c78af5809cd17024cadae783c6f5a1f0feb365b532580c2"
+
+SHA3_224 short #63
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d1593cd338b7a25bb5413f112a639fe31c981e505c81a820e638c25209e2ce56c8838a7c8117dbadccdec959a6f7cab0cf304315701d4ccf0167b4026a6744de":"84e18330723e4f90520d0b051a9bf9bd7b5c7ec0177803f15cf740e5"
+
+SHA3_224 short #64
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"8cf8ea25310126ae1fdce3c9195395a9d45051a2a3f08ce154d8265b54cca7031a7ec840c3a3359efa4c91c41b74baa698d54ffb9b0170f2edadc5201650c2bdc6":"75de14169d16a9902f6e8a3359d94594a889c4aed9246caa6cf5612c"
+
+SHA3_224 short #65
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e0320fee19af5bfd511a23cabba75acb0815525a3734305aafa49c1d8bdfbd853579646a36a7873c4cfff2eabd7e3902eccff1192aca1f6dce3cf1c988e6aca9f2c8":"d7f2018c303ee045de4b8cdefcfb5395674e3a8770d65f0757b4cd5e"
+
+SHA3_224 short #66
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"1a424ecce1a82c47742171a701ad6e0ff1a762ce26f8e332818a7fa1a800a4e506a4bdc813a09ee1d57222ada79a12e2399549ffd80f1628ef55e231ce0913f9ab1930":"277f96fca5d9ab055fae5d4dd10cc49c2237bd38d95bd8dbd168ec21"
+
+SHA3_224 short #67
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"af172809570cc306333c25523f863c6d0e0154c55e404722f0d4ed419713dabf8e18493a0e0b53b220a36535b1e8f0bbe43e624fac9f566f992807b6f2d70bb805933e2e":"9581170093600cb67063a314d8decf109ff9368ffbc90ea2d3250577"
+
+SHA3_224 short #68
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"a62f4b43250cdf3f43c1da439bc5e4224b15185b60d615e38e3c512425aab145401b57ac3fc0bcc178eafef52a2b7b04b2b89e760212f96c4ee694990831858f0fa7c13c24":"a0f5775a2d001a66f0882ce1415261994021988690840c6b4a3470c8"
+
+SHA3_224 short #69
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"fcf81c93f917bb06f278f48826ef9ca8ba99ac8f00129fd9f8e81ca31750d5e54818af0331dd239eb77ee4b0c4d0c2d84794cef27da6bfeb707794d3bdbc7b349968f2a316d8":"a97a74fb01fec5caf3477220eef6e7c36d0ba4199ddc755f7ccf94ee"
+
+SHA3_224 short #70
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e61d24b500581734c29902ade4c5035c090868df9f24bb330609fcdff4a72d6f18001424fd813cea32923d8aa86c3d215b2ab7d134237bb62e78f61cb9e9b4ef5ced23729d019a":"40758314f1abbd43e0bc9c73a1c7e24719d56eebcd967b39d355e978"
+
+SHA3_224 short #71
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"37b14f04233dfb4da5e5bd1852f77c41e25c4926936fe414c8108200f6f3cd78c03e2dd9615446c14bebc2c70d65506a7a5dec4808806291769e0dbab200e576f9fdb9e240c8b8ff":"2d36af0dd95619a96c5664d8987bbb82d183466ff44151034fed687b"
+
+SHA3_224 short #72
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"45efb0a3d8fb7bb683913459727e8756d67959cfdd4f5b80e13ddf45e09debdc2cc68ceb632d6d45a2d0a869f6d4dc4c136c805849fe77b4b381e4c6b22a3ff69947a9b5aa6b7cbe42":"125e983229f65bf01b59a9b619810a88f1c53b4c3b1960b52a205d99"
+
+SHA3_224 short #73
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"9b6c3c77746219dd88976966c68ead59eb62aa3cf6647798dc06d4fc7ef8bd44d8903f1b7b6f8bbf3d6249052f862e9ccfb0d1957f0bba233603bca0766286d17eb9746bc002abd69583":"762629518833ba68333fc3e3b4d482c60b4e0e828872826b68313315"
+
+SHA3_224 short #74
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"9f452f900219017199edfc5d7d86a162d9750bba4cec77428ed1032e5711b6fb7c37c1a65b3d041c7aa1d4f16bbcfc54f35001436b60abfb6544c0b393fc1389e5c5bdbdf2eaab1d99dd59":"19b432f5c38f665441d36c472d386008a5bbd82aa4eabeaabe3d28cc"
+
+SHA3_224 short #75
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"cbfd186592fa68dc3a21d62db1ba55121f58fecb11695859d70bd7ed2a21a2a013a699640842973b571bf4a7c8ee4f617d5e8a4d1e8c15ae33e77097d146eba27934b1e33d8a041f2444ca3a":"b32ad13ba4a0b9fc1aa9a1a57bdbfbebdfab71cf5a16e06040f75787"
+
+SHA3_224 short #76
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"173225324c6c350ddba227b89a651e576d1ab6a96895453c33ea61ddb37fa253e666a84d0fea609814688495246161eb9cccdd792cb1b88f36f3125d766e2eabe84175cbe66dbecc91a0ccf173":"fc8feecaefffdaa966e9536b91dfc85ea5113a01d6b320677d727a7d"
+
+SHA3_224 short #77
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6999f398407480cd43bafdaedb8624d9ba0972aa5a2f3504a67fe54ef744b7bb41ea70cf8faa771fac6a2f5823de83826af4c3865b6faeeee3d1d0edfe7f0e9fe3207f917b467d841850fc6e648f":"e7abcb4c0f218814ecf45fbf28a3f286d90c5e740aafd1647437c1e1"
+
+SHA3_224 short #78
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"2727eeb1d51098c69fd8141d78f21275b2bb949e7115fd3860526bbda25547c20cf31b79919fa37bfd4726c4e77906ffe0ca9705f1782da0454e799422c815e01e785d418fa881f84341d8cd71ec77":"2be332c873ed4fb70bc1916c76bef2cd3385e674b83aa1ee8ad28a01"
+
+SHA3_224 short #79
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"1f48a5b401d88e6cbe37f3f634d55462865f7cde7990052a1e4a1e4cb2e58c84c2c7ef82923447d7c068b6aa25e388acfc05704e46da14316d37ccdd2706a7b79ddeb02dcdd76f342c9cb2f490c18dc1":"448b70f575a8a1eb74030a985e9c504d4eaf6b1814e1146f782c9af5"
+
+SHA3_224 short #80
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6dce9a9ecb48b9da8aef51a89e7f7fc1a6a78966b7bac0ac5ba7ab18d92b616bb74537bf7eeb9bd3bdfb40a450747c3de2e6eecfb12763049148fa9134c7870ba80636fb21fc7134f92b0364f5d27deaca":"df855d544e17f01125022bc18e9ffced12f3cd39674e68184657ec7e"
+
+SHA3_224 short #81
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d498b6901345afddc5aa50cac77f7f794d7929eed571d95b59c289a0c9f3b812b896bc7b566f5a639ed9948ed066c2c622c6e4dbb2ea37e7c06806d61a22c326d72356ec48c9b5182c29b5f923af20046605":"5b225c29e4547777a2c6a1a2bbe9da2dc6a8c6d0d01d8d8022988be2"
+
+SHA3_224 short #82
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e958b80489aa6a38526244da165dc4464e7961e457f763abdb23f7e48d368331197b37cd5ab1e515ceb1124848504d8be587bf3041d10437ebd53915164556b59106bebdf99115122d99529e02ee155138a13a":"364a988400424557a9c60e4e1f32f0855a3383c90b007d30ee3ec333"
+
+SHA3_224 short #83
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f33ba982bc2c3308f948a1b64c7fb68fb891bc05fa18781b1dc95dc749f7009adc58cca2bb0cf790ebdbb4165bbfab9304a2a6f234688dcf273094dcd8d7b38416be57cedace5783d8b92993548256b5373f2b4e":"ca37e52f2843a0f65692c5aeed0169601da3275dfb3ee6d81b467f60"
+
+SHA3_224 short #84
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"8b5d77a906c7ec7563af7551a796e5d5dcf02c42121d7b13a49aa9d4bc79d637190e4e6510ecaf92d1104fd4ec5bd8351446350722d1b2775dbc5e65f8fab473dc637b5ca8a9eb88f68d11dde15275d7c472f9db43":"9337537de482f0cf88cad6b86e195a1e422e59cc60d41d0eca8b0091"
+
+SHA3_224 short #85
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"3a564a84c2b48ee26da138ce2d1ae3c7933bcd65e40288406e56f30d1c48690a4998389dd27b55376f9b4e7f43607fadb16e8933726f00a3e41264cda553532761fefc73e86ed79b849b94e0895451332dc80fe39a4b":"88eab3e16ca8da5716542bae3c7c736b541c896199b2cb941213767b"
+
+SHA3_224 short #86
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"618a53989ffbbf54a76f01f9b87772491d87c8f25c58eb11b18a04f5ba8ed62574c351a466df64731c911458d765cbde83e7f29de90bc1bb26cc56b35c140555a7dcf00f5394d76a4cc531d7d5f57bac7dcbd06a4f73ba":"4a727cc6b4bd93d5ff2ecb81ab5057dfdcbe3e0c49436a58b9ff3ef2"
+
+SHA3_224 short #87
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"31857bb4e82497b526e426de6920a6063d02264d5249feffd14abdbbf03563d4c59ad1f7572c7d0efbc46a65dea9580bde0e387c9edce27cd9b20a46f62a70e6dd5f58e40aac3a22dfb6ba073facdadd58cd6f78c02bd219":"9e614fc139645e158cd1b216e2623e586242af64f8483e6fca20ed4b"
+
+SHA3_224 short #88
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"14859008c83f2831be4d6e54b781b9fb61dadc40c459a93ede11b4c78a7e5a55a71701427526a03b42d883f247904813cd812e7a947c8fa37406aa6145aea6d3fd9ed494186f35333d423ce31e0cd473a031a5803c5593e9a4":"545fafa43afcaf38063d8a312c3a27e0d74bff957f8ef4d51cb29698"
+
+SHA3_224 short #89
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"267a14bad702ef0a8468b31c72715f0533f6b97e6e943839dea420719d6defc5a399f84689e64ecf931ee395ee49f1fe362199b73cc6cb0105b3654b16f19f06ee8aa6b5d5418743d4804f9a059270710d126765e6a49c4ce2e3":"9b9360a5c747e6e1288f6f9d971051ffd84641f6d64e0a4b5142e4ec"
+
+SHA3_224 short #90
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6c98a8eb3ea4451401e0424c10cb722683b23f75ae254d62eba75abb9aa9698e65ba1ff7c9f86d36d1ca6f0425d19428441b00450e9a2ef685d5da1cd4de1e779184db743fc95a461797333808ae6e42fce1e9da5d82f90cd71b54":"0c6f33f9534fc52f3700f37b9ee678b4c5c8a90b1a2eb1574002e377"
+
+SHA3_224 short #91
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"4bae62a008d9fdba351a1903c66d58e587361990f7c9eea05a2f51f90a2892f60e6c14c4ed36b908c4039bc89797fd88e54281b37f619b3d9a274587229ef48351e8cb1881cb0fc83e6ddc90a05b160fd7d0a1eb0835d57158e42c7b":"989c156ba1fd1f70deb378e46ffcbf6f2cf9cf977a92ac51643c97b4"
+
+SHA3_224 short #92
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"83ca6d4ebdf1c04062ca1abb977670ef9bcc889906935fd64ff4c739912e541b8f8c7932f595ef66e18256dfa1f51f63bfe7a9df3ae2aa431771d19318d6aa3bccfac1a4c8aa0a0433ff807a881e0d5a9722aac6cd57c77eb6a9edf8c0":"fb831f2456595fabee9d458625283a80bb4f8f031e9abdbf48b7b51e"
+
+SHA3_224 short #93
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f4c7ad8d24ed5a682c473463e85391050c026fef0b0e6dca388e1a7e2bc872a46746a63f3a2c1ca6e4c8b7c5fb6b58850d77a58988ba091bd7fafb66ced184e548bcfb1b0e6e1485fb6a19cd5ed07640a0777b82273d5e80799b7fa7a57d":"13bee617474b3fc3447025f2a488dba8825d46a4e128b9a8bdeb1b85"
+
+SHA3_224 short #94
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"5f81c5aec92385bfdc55ebd600f23cb04ac9d5c7a1396f801ffea1a6b94aa617231761bdeebc9ec0f4bf9bfaf5ebc7ac82a2c96f1a74c46d94f0dad0bcb9ef7b41ddaff8cf63d2b278239e6558dbaed2797ef3b7f4cff8fe592f6a3551b3d7":"143a6f0a20d5b4dbc5df64a7e50f9985631453eb09ded71667709083"
+
+SHA3_224 short #95
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0735cecaedef99bf4c53242f0552f49f56bbe589a2f611af75f4f3aec366cdd6702d46391512580202b869097fceb8a45889fbbf9852472f94bc2f432bb8309c4d0c4d3fba01f6e90c5c2ea3f890ed95d132c31f4dadbf268c378fac5604e8a4":"9f5e9f7429e5488a843c52ffb46ae2e84228919d32330a9193af3b21"
+
+SHA3_224 short #96
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"9b4e4df92e5152fe1ec56a9fc865f30bac7e949fc4f62f0b158d10b083636b4de9bb05db69fe31b50103fefc5f8daf3af7156b4552ca3667a9d720bbb2e4bcdabadfd4b7f4fc5bc811faa36710a9d17758a98d4a0474fec27e9ef5b74f5c689935":"487a6f2f875cb253de4cef18ecb4f2a54388ebaffbfc4259bdd97f09"
+
+SHA3_224 short #97
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"a61bef838867710ff4341b26b13b8d7af7e461ccd317b160cc4fdaaec7f1805a28ddd3663a4210a7d1b64a752e866aa7224a75bf77bd0d618bcc3b0a3eed6bfe0eb2b882819e6a4cc437bd38915ce53c55d94e9e9339286483dc230d0049777ea1c4":"e257bc45b62d0853ba4b0f8578698f4262c31a778cb6a6317b6e6d60"
+
+SHA3_224 short #98
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"c0bd79e0c5f72fcb1de6c234bdb67bd0d3f481b962a3a01f2d8c483bd7d5d98548d51d27532716b195fdfb0ea0b77db759b54e269e69e48e2cb07bc9c06259927d2755f48e8d9a020c58a9c9221a9d836f03b30eabf9099c8eeba6abed63bb38275b28":"92df7f848ada8a9698ddc2e7452ac8fc43cf83d2ca2cadd712c595f2"
+
+SHA3_224 short #99
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"77823af9b8796c63baebe7ba9dcde12c626b840ea04f42d878646970ca5bf7aba94eaf110da36ce0c834b654bcac93264a349f520e505f1ec903d3589e3a4adf82687a65ee6dd072d6bc05acdfbdf257cd70a5183a54b4fe8e87d1c22b2e9f4ee817c57d":"819a4340938497cd8b1def8444bb03f8429b9e87bad8000002d60b83"
+
+SHA3_224 short #100
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ada5651b4e240335600940f207b98371f7e743988957bffe0de8ef0862d1ba52c52b6950e7b05c3542c2fb13acaff0442d33940a0e3ea67232f8437eaa02128283ffc0cfe254ac8f542be3f05fbe4e855dd22ae98a81b9a55b3d3753111210048f2b50e068":"b6177d179cf17eddcd8988c9108b42af9c41adcc5942c4d33b0f1be2"
+
+SHA3_224 short #101
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ff4704bbbd719b011244ebedf2f2355338fcc7d64844c3a0f36a21569b55f74a9710f8f3d8d83b9bcd733f5885c32b3d149a5ad137d016c03b93a4d11aff8218e8eeec6d6d12a41d1441f3df040feb098ca2f003c4c277fc71300cdd2a399a7bb98ae711c446":"a1072b28f3453422e611421309aa49aaebba0273c72b835fdeea1132"
+
+SHA3_224 short #102
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"eae4b62f697cf0bf40a1c2c109143c1dde18e24f1c289aba67e5c83eef52b70cf1433bb98013949285969630054e074ca2e249d465cb383dba51561cbcb626f0b3b1d542db1e1ff168f371c7c6764b4f25ade9eb351622212e99903614bbf1fe3914cdf203035a":"f5273e4d0bf9779a0975fee23c447b3abb1cd17c34c723d62f3a2fd1"
+
+SHA3_224 short #103
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0e39e0e6933c6104984fffe115dd8cde77edfee495480aa5e5def424f066a5770345fecb28b16caa5416bc79e2b83145409bd4bfe9a00c8493f06ea2a99dd658fb87b71eb57dafe58da55fa0411e790341e31a8ba8f35bbe71af23b4e8833fd65ec8b4e621e95340":"62fb7d6b3810d0fd7d96b4ff5efe7bd283ddbbeda4a21a62f985a3dc"
+
+SHA3_224 short #104
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e32bea9ab02de7d893ecb7857ba66df2c35ed258123065ca80e2a067fabb7dd4e79839ea0b3c58abace8e97bf42b0b8d97fcb09bb606a1da0243c32d24cc98985df008f8698362f2aa789e2a82b3e5b5011853d0c0e8fbd20c4d2b5f4733f2df8c5ae02e92a90d95d3":"278e06fd12a3e314f60d59a323673ba0a22003e42ac48e1cd04a70d0"
+
+SHA3_224 short #105
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"4157752d3d175a4bc1334fd42c204111728e7059659dcedf334ea7ce30378798d67c598a0afacca5a1c5fba923d54c72cffc9887df1b8df10d96514955056815fd2dd855d32e8b58b6fdf4d45715f636416a0137179f7eb01d786daffa924ccabd523bb31d1b5f0d05c4":"1cab43635d501e43ac42beee263755b9a29827e2a18b21d7be42e447"
+
+SHA3_224 short #106
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"2df12d8c256cd1a127e525ac3763e30c895982eee67ab7c150ce3deae906d2b9110d829ccfdf2793729e31e478e3a310ae525e059971a29515bad2273cee77ad89ad88d63d44e98402c63180cf5eb06d0be3b1faf5adfc5c43a79ffc09a6ee6cddf9c9a039421d5b2184ad":"ee60f0d01008cface49af2ee5780ccdee37404c37642008a55fafaf2"
+
+SHA3_224 short #107
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"03be6940e859f9b072660dff28a187551c2425481dd0555d2dee4acc36164f84f8505b6f467ae6f772eafcc9065490d9b4ed12a690d044bf7da14986e571fe34aee28e1d698c4136cc9f95d462c990b6815a54467da6f41c1baa86c448f37ac10bbc2ad1b957b17368ce01a7":"a8aa80d4c925889b58eff41b89682b92bea60c1c3995043dac312d2d"
+
+SHA3_224 short #108
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0baf1ac243c1f34ca5e00aed4d867f967bc2b963e93956c35b6b68da7737de23d7a1405a5dd4a099c663cdc182d4c91bc35f7d3fd5f3ac35ad7a26dbc45e3e86264c7decc538984214a1a0a1d11679ae22f98d7ae483c1a74008a9cd7f7cf71b1f373a4226f5c58eb621ec56e2":"f12f7a1c5c1c383a2a5fff8932e2ae9dc342b37652d47356ffc1cb37"
+
+SHA3_224 short #109
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"3c29a8c83e48194a7b87b69e376a06063de2449bd171fa91e58ed2bc904ba853bb35e3f51e7c06e96b5482aac89acfa383bbba3701d20104f8101d69de615f45a24c3e02991bf0d3bb3d37390fe87ecc64032438424218862093a69dd7b99008573661f9996ffe8ed50b7e54f49c":"5c6b29c3cbfd1d2eadf7c791513b27f21c934de6378ef748b779b71d"
+
+SHA3_224 short #110
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"68a3c06e0740b569c72ea6a90d8b45e83c7c350d2bcf1cf6d6dffa7553b8b998087c052e1c065d862bcc6a7a3e0a90acfa1dc410172c9dab140ead9a296811557e1647359acd40341efeb6f5b3fdc0044162a45e62b0ec341634bcecb830626930392f8c6bde85fa088a322054acfc":"58a691524398a5746df28ac083f15861750e0cdd1fd5e5f57c982c18"
+
+SHA3_224 short #111
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d4f757d1c33b9c0b38b4e93e8e2483ec51b4861299f1d650961457496d86614d42a36e3696bf168fd4663efc26e88cd58d151e1531467b73f69dc9ce4f8d41ce579ce1c91e6760e340e7677abdf4fec1040745aa5144640a39b8c4f884df80753a691653003d634fa5bfce81f94ec3f6":"be11259377f09821d9dc358592b6565d8ef2b414dfaa7db5609fb751"
+
+SHA3_224 short #112
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ecd9e95f7c5efc8336f80fe67e113657b31482bafc22dc5b45073482846cdc48414d2ea855ae75d9f28a0bdbe30dbe511503788e578f20f25e20bb770ca1d787f2f02911139275dbeaa5ae1aaf155f40d7134915dac34d0938358dc8be97cf1005a922bf3d71c331282f41c86993e0ccff":"6950ad0f91398b39965b1859ea918c531212face1e51d4d390f094e1"
+
+SHA3_224 short #113
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"834ddd8fc7ea0c3385ef8280d3a7b22d59ad17d710a51a544a293544f30659e816a98d38a2d4d92f6f96626a7c79d6f17bfd0a558f45e2fb541172b720ec629c88a7971326050f2b9ab80d30cf8c777f80e37c98fa61797523e81e1bbbc7cd6ee22e4249dae679ce0f3eccfb54495d7e7046":"ef21ee8d568c009eaa8d1ea770968cb718c4d56e7b2d966bfcbbf398"
+
+SHA3_224 short #114
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6ff611208395d81500505dae050ff0c29c0afde2a8e89c96192863ea62c17e292d0502e94dcb7f47f4cdd574264f48716d02d616cf27c759fdf787cdcd43b169ea586c8bca25fa3ce1a08eb615655e2471a0faa81d2edca28eff4030fabf36f10fb5f50fe4eb727c308f317bba995b6310ae12":"8a29f2c0d564935b8d31b7d007f58138489d140917a28ee85d43b6f2"
+
+SHA3_224 short #115
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f977ea38076328bb0ee2297cbe3b2a9755fe8bb95ae726298e04df05201a7ccf2046b82836e092da94a4eb1c291450121718159468e8a330fc2b1272c661fb62397e874ffcd7cccbe5425af725791001c0c035ea41c8c48dabd206ddb217666e2b688237c2127e96eb049d941b34126b373e1345":"15180df5554387337f04de2f37a16b28125adbd02b6fa6cfdb24195d"
+
+SHA3_224 short #116
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"22a8fb43d54fff82749cdce98abe8adafcd443ffe16bf0e99341e1f7064fc07a5907c816abdb326c30fef0f5846e9e313f32b602c9e00352706358fcb7fb81eaf1857a7b0ffddf27b741a465961806ccf672c17993f284b2aaa9a2c854250a4212aa7937a9bfeefc30ec5f0067c3aaf34a1dce2ee6":"d11fcbbb2fa03109f952a56e16867c70904552eb580a6659314bd5fe"
+
+SHA3_224 short #117
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"68727636ff38c0ba8999dde3cbd9503900d5ccb01d3c9b7959fb411eedf95cce1805cef6670d1e1133901cc06b55c41d945e654c0d18035498d4f92d167ae21b927cba3a810a41594885a00bff354ffc753e368274d01374469f1b3f7793e436ddc0822ad698f13bd15fb3ed10e0b97fac5f8778d9ce":"21c71bd09ebf5d09155347c4f476b8f9c5aed4579573211887ab6084"
+
+SHA3_224 short #118
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"167cb772f096b2e3b1599cce3440d1af57c5b7df5d2f460b91acc7e52c9fdb19793bc0833751d09f3f664a4167095586a564420a7810125b832e38ae7bb3a0d14403ef6157c20d3d67e6e13a44115b19ff1fb8b64ffa018133b6d532d9da69b9bffbcd74189071a57101e7239401ea50ad1ea04aab961c":"c46cb2dfeb8b961e6e84d72e05111e04d62e3f93a055164b135b9072"
+
+SHA3_224 short #119
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"b88ff728c8f829841a14e56194bbf278d69f88317a81b4749aa5fdbc9383486e09bff96a2c5b5bdf392c4263438aef43334c33170ef4d89a76263cb9745f3fea74e35fbf91f722bb1351b56436cdd2992e61e6266753749611a9b449dce281c600e37251813446c1b16c858cf6ea6424cdc6e9860f07510f":"8891cdfe486a582e8340bd8b893996d7a4e547e3bf50551902e722f2"
+
+SHA3_224 short #120
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"520f27a4d096d4193d2bc0983cf83bbb5084845b41844800c1f5669b4f67f5785c9c886eac51b059005cc3caf2f7dcfc205c230a8c924f604386696f3d5dd2a68509879d991aa49314d7271a8a8ef711b42825d3cd0071ae3bf6109772bfac1b167fad995f99b7afc2c573f2ce6493e25411101dca79b6d2f1":"216ea50997596f71edc94ed96e2b686628640f94a3c64adef05c2b63"
+
+SHA3_224 short #121
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"75c23e556178f00440533bcd25257934d0c6f5e68a64f1aa511bee9435c5277b02145fae1fdedce3b6b7b47015c547be55d00dfa3999920d586dbecf7ff95a775160d057308b32c661c17e5d6a772166bf69b9919ee91fe93877a50711939c85a9cf1ab65c28fa94879623faece20e1458b8821383fda2253762":"d1631028a8e0ec4adc689cabba8bf681d11e2e2a5059f293f7ef5be3"
+
+SHA3_224 short #122
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"d23373b9405024d0c4b17aa503f7e2ff7d308083124ed2cbc4d990b9bee0d70b9635872fcfdaea58a2b696d1fd8c9492cd2ec11179ee755aae5663626219c0981348a8be50c9bdf77b061121cde246649af1f30bd7e84a93d952f8025f854d7bd3d59d0ecd07e6d4d909b23c7ae03fa06fe1de1c3424999fcc3618":"726f6584ff9ea998ff326c9f73291ace8726d8697e7aa94f1ed42f7e"
+
+SHA3_224 short #123
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6f057f91480fecee8a7e3879dbf8c52040f96f5929c6b8b6aea223b91843ddeba387a2288264df3d241d14b5b6bc7defe9bcf174f5060a88de1f86fff59fed52a3e574f2620922dc0c12316e5869b779a18e8697ea0a50bf20a50f169ed8a308f785bd98efe6fdf4cac4574dcae9bbe5f3d7f56a11bad282fc9c84a7":"6b40e5c86db3d9c384c22a46cbef5f8e8c427bb6bf43268edd918aeb"
+
+SHA3_224 short #124
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"6f77874dcad9479f5bcac3763662cc30cb99823c5ff469dcbd64c028286b0e579580fd3a17b56b099b97bf62d555798f7a250e08b0e4f238c3fcf684198bd48a68c208a6268be2bb416eda3011b523388bce8357b7f26122640420461abcabcb5004519adfa2d43db718bce7d0c8f1b4645c89315c65df1f0842e57412":"0228626c63c20465d5139d1af0b9ce17e334ebe10a5eee2cafe96cb1"
+
+SHA3_224 short #125
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ea841bd41b22e4c98b223332918eb791f51d1978540785f9c617675dbd02721831f7e7fdfa7714af7d671b588a64f49d8556b5d1c448116839771faf51a85dbb1bbff59fad8e3fe3c4eb8631aa050f505df85757ed9e9d1a26a8a0e96feeaa7af204cd23fd0e6d4ca8d5ff25b91a0f94c42a887297b230f6d5d57271e07c":"ff33c64231dedfc247e11e35aaf82d283a9ad62034102ee2bb5d4609"
+
+SHA3_224 short #126
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"7216a825029da1c9a9328d499b3ff98f6e18b8af368e2b19efc1c0121b35b965ab282f55232356d7fad002fe3f0b6ab7833b2cb6f2e392b0c37414cbd3661e538c8613ae0c9291928303f775dd2a2445a27e825a1a3544a9b411eb3aa87d0fdcdcd85c170511db620e747296bdc3afa39489c181f5abc76a8a404e47e4a214":"9440d3710b43e79899e116987366b2dd36b44b2f39e377fa2d4fe143"
+
+SHA3_224 short #127
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"44a8508a3c3976d563e933705be4dbeebc726304b511203df7c7d1efceb6e06e91f1e57f3d8e6c105dfdf8262d984816fe7ad8f8dc95ab596fff48301f8d03137ba37dabdc4a6e664583a26b8edc42d3c2405516c51386c33a7f2875a3087702ca6721f56195053fe5263a29c8d8538dce6ce146b8b43ae520ee79a5a450c6a2":"a2743d341023ff5f775d90185d3139a7756b0a65c19ee876ebeb92ae"
+
+SHA3_224 short #128
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"a8ef4107f41ebbc5799a716b6b50e87c19e976042afca7702682e0a2398b42453430d15ed5c9d62448608212ed65d33a5ca2bcdca7728037df2e5f9fd9e974d0315dde8290241e3e2b2cc06f8c653ebc95bc2195c24d690caed42fe7d96589f3a85eae9bad995ab829e674abcfb8efaacb1eee5703f52b979d5d99a1c1694855a0":"b411a28ff46513d0c3d63cf78a9b6353466cba3b926a8d895ee14fdd"
+
+SHA3_224 short #129
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"f649d801b4040b7b5152f58a01e7852f565efc77b5dafe4607eee953b0ba6774c5573f1c79767121d94381c3ba9013ebef2fb8b0bf9f081f96ecf13cfad04e44c11ebb358160a89049bfad5e8e241d71689ddeecff0278063fd86b0ad475c6a25265f556b30ddb50078e216267edcd4a2b7016345d4b76806d7b02c625f3f717e0f6":"b94debadc833d5706cd4736bb1dc75039827832ae408859e2e6a6941"
+
+SHA3_224 short #130
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"eb71b45a494e76462edf41a9fdcbb3f46fb863b9e259d0c8f4a79898516eebe8c90c3ea5a675440f3c7b1a18c14dc20c5f3dd27788c66d448acd73226327f52cd65cecc8beaa2acfa34d90ef8bfe824e12ba9870bdc4965b8ced9ff9ce13a5bd39e824893af410d08ade0cf802e7dc02b0b71d6c2a5c3356229084e53b3ae4e51b384f":"fbbec05ee1fb5f5cd1106ed7384850059cdcda474ba7cec0407a272b"
+
+SHA3_224 short #131
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"4eca0c51d30829b9a1d2712da1fac31f52942d77c9f20c2bf6d3751028d7d4f0d336d3dc92b27ec368caa4444b3180c1e37e98b58f25e647a9a6361f0b04cf78d17955766168eebaa993a435a88e0b39307423d6ead87f639afea75ba44bbc6bd0fb5ac84a12c2c6ed9539a7c0f9abb0c1dc9483e2f321a85244926dfd95e2f05624aa7a":"fe313eb74f955c0cbb1c446dd4ff853f32b3232d93faba7db6d1fab8"
+
+SHA3_224 short #132
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"97784d14db62a7f98f5ac3df742e013489ec0b8777b05ef82bba06edc5c3a807b191c65513ca3fc7690615e56c2773c036edef29aac50c2211e20392018fc33d83c436f274f7c6062c3420025e7037993f1b8cddebf4aeb20421fc829c7fb23255372455c69244a0210e6a9e13b155a5ec9d6d0900e54a8f4d9f7a255e3a7fd06f1218e5d1":"5504f39131773550b6f459f33a5b57a2ce60ce8bb78c574fef83dcf7"
+
+SHA3_224 short #133
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"1ee9047351e2a13e4a2d5a826e304fef82241fbab5100835e1f850a20e51e34938b93dc852e58aab8adb0c3ccf61be9c90b53713c77ed0a5370309e6f19b290f1d642550f738c36818ddff74f77cae04af55617403b08c7a9f17e8fba0c21523575384b44ac4949e7c9dfbd1ef6a684f666c67856f8f84dba19cb38a23b0efad6eed229c536f":"b8f253512dabf9d89d2080830f23da5893b0f87edc0bd624ea767f14"
+
+SHA3_224 short #134
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"1f363d2f7aa89e2b6c5e172f530d1a35531d0083a5acfcd232d64db06134b8232da2368f7a46ead9a9ce55cd6af8cdbdd1582b6bad56c52a15769c3f43dcd68da60f6e7232fd2aecfb3fcd00029f8e5c4ed7ca3b3f9cf68920dbd747fb43f532b1034d9f49d546aa893be68fc3084658f22343b9068877387b8f68903071fe5877083be068d626":"e59a19686df36bf5fe798a9565722b8e0bdd9f8eedbbb4a34a9ca7ab"
+
+SHA3_224 short #135
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ecf5d9e29c1c04c11a9503cc223d0cee4866fa26df2b4f7c1a017939718f545746c0f137c9169692194105b2acf001e2f0e70f2332517a20c05899644af454cb8e00e5363593dc83f78d66bd0670ce8faa7244ff28d0de59e964dc68d87a30ec0ce03e49a73ce07dfea2ad54fa667bdfbe2f2222894d830dde4dc9aee3caefa4088683d7e8b9a966":"a886eb94f15df208be122912d4edf02561482278a9f847ddc91c9bd2"
+
+SHA3_224 short #136
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"9f44357664b5e3a958780641cca52049f3b49f07484b5f762a5571f7c9541b4346f81fa416f04065a80003864754b3b54114a77a4938c8b21a9e4d3e5d59c9fccd4d68f699f975da099320ab655a7fb51328d2c6ff460b9b40858e99f88a35be7b6a97d6b4778af2c559e616ee608c32b018a753321e321be333bb6f618f666f9a7734ab3112859323":"8839f755eee84e15c586b52e29a41ddc640ac432cf31370680987a44"
+
+SHA3_224 short #137
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"c1aa1266f223c148bfa3d0ab29f278334d8fcbfbf0f4ebef5c1b7a766b415155e1ea75d0fe2546115411faced7a04a27339b6bcd62e740697d06ce3cd2e0f00238c44c1d9faa85efebbbb3880313108124c5f3277c1f03ddf430a4bb4d88b67b6e3f7f96fc39e5aa2ca7e11fd5d1300aca144c5166269a1168a2e53c01c00b872c63f6833e5ace09bedf":"439e3c7a0d655a30a9749afdefb7e048814335849df76d526c287727"
+
+SHA3_224 short #138
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0a367d3789827ccd4bef5fe8eb78c20503241f07fb8c41d81e97fb53f3891962ca3c976395ac11d1f9ba7b20a52912e8e3ed92466ca5aa808166ade737ba8a0213e8fee8d67608ee9aed9e821edc9e575f1f07c3686169656ae09a0a0f70abd10cc31a8ef6e7496d56102fd8ff984e9a9f44e54495c966cf028f2a8423b46419de54541d9a08bd9654ac98":"40318036a595630e4135f10703be1d759a6c7e5146e0fc82abeba184"
+
+SHA3_224 short #139
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"8a05b00ae2d5f652f02f98a1b035003f8fa7ba1b17fc3778cdb1cae35ae1f768ea16ed05d25f515f75a23db468348911d4a749c51ce39615c07892318233a667c7f00e973fae98e7c8e9a8b7902480d87ac5bef8c4252661e6e8a2e4bd8a870fe83b1aa773ed5352b2abe193702c6dfb4aa8239e55ea6fc507a704e2540e23c917a01a1cb4420b07fb90ee2e":"9a26f054e57aea14242d7801f3d61ddca1523b738fc26fecfa5d9a6a"
+
+SHA3_224 short #140
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"ba6442c6d2139201dfef32c1ffb0ce92dd64091bd507c250595395e993d9a5124b5199640c2fe51482774b6a27d1a1751fe0d4fe5fd02dba152ed3c344fd9249af06da85f96f0bef0a8fefb1b501885b97f70dd842d12fa19befa03080c3d6b8ae2a0d13e2fc8bfc3fe1277ef0670cac0e52bb93c4344f6db13d05188d53fbc6106538f50ffdeda2e915fab921":"58470da58476bcb89450c521fc396c6dc51b9fb6465c979aba5f8eb4"
+
+SHA3_224 short #141
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"96fdb76f83bf12b3f4f322bf613fc38b2c8e0678856230418b6b062fb358488d6eed7c5c0656ec48c9bbf2da6a1473eea43faa68204f27239928172a3e49c52b58e861282c4401702337e5ce280aff00528eb26ac368db0cd0ad0eb262af226a9b16ef3bbd325614488f820363ca6ea77da4a7e8345554e57623732ee6326534819eadfe81c7f51d81ec51e1e3fc":"be92d4a6946de0e93d5bbe420651a8befb97cbdb5d63b22aaecf453d"
+
+SHA3_224 short #142
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"0eef947f1e4f01cdb5481ca6eaa25f2caca4c401612888fecef52e283748c8dfc7b47259322c1f4f985f98f6ad44c13117f51e0517c0974d6c7b78af7419bcce957b8bc1db8801c5e280312ef78d6aa47a9cb98b866aaec3d5e26392dda6bbde3fece8a0628b30955b55f03711a8e1eb9e409a7cf84f56c8d0d0f8b9ba184c778fae90dc0f5c3329cb86dcf743bbae":"98ec52c21cb988b1434b1653dd4ac806d118de6af1bb471c16577c34"
+
+SHA3_224 short #143
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_224:"e65de91fdcb7606f14dbcfc94c9c94a57240a6b2c31ed410346c4dc011526559e44296fc988cc589de2dc713d0e82492d4991bd8c4c5e6c74c753fc09345225e1db8d565f0ce26f5f5d9f404a28cf00bd655a5fe04edb682942d675b86235f235965ad422ba5081a21865b8209ae81763e1c4c0cccbccdaad539cf773413a50f5ff1267b9238f5602adc06764f775d3c":"26ec9df54d9afe11710772bfbeccc83d9d0439d3530777c81b8ae6a3"
+
+SHA3_256 short #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6"
+
+SHA3_256 short #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d477":"94279e8f5ccdf6e17f292b59698ab4e614dfe696a46c46da78305fc6a3146ab7"
+
+SHA3_256 short #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"b053fa":"9d0ff086cd0ec06a682c51c094dc73abdc492004292344bd41b82a60498ccfdb"
+
+SHA3_256 short #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e7372105":"3a42b68ab079f28c4ca3c752296f279006c4fe78b1eb79d989777f051e4046ae"
+
+SHA3_256 short #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"0296f2c40a":"53a018937221081d09ed0497377e32a1fa724025dfdc1871fa503d545df4b40d"
+
+SHA3_256 short #5
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f"
+
+SHA3_256 short #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"37b442385e0538":"cfa55031e716bbd7a83f2157513099e229a88891bb899d9ccd317191819998f8"
+
+SHA3_256 short #7
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"8bca931c8a132d2f":"dbb8be5dec1d715bd117b24566dc3f24f2cc0c799795d0638d9537481ef1e03e"
+
+SHA3_256 short #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"fb8dfa3a132f9813ac":"fd09b3501888445ffc8c3bb95d106440ceee469415fce1474743273094306e2e"
+
+SHA3_256 short #9
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"71fbacdbf8541779c24a":"cc4e5a216b01f987f24ab9cad5eb196e89d32ed4aac85acb727e18e40ceef00e"
+
+SHA3_256 short #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"7e8f1fd1882e4a7c49e674":"79bef78c78aa71e11a3375394c2562037cd0f82a033b48a6cc932cc43358fd9e"
+
+SHA3_256 short #11
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"5c56a6b18c39e66e1b7a993a":"b697556cb30d6df448ee38b973cb6942559de4c2567b1556240188c55ec0841c"
+
+SHA3_256 short #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"9c76ca5b6f8d1212d8e6896ad8":"69dfc3a25865f3535f18b4a7bd9c0c69d78455f1fc1f4bf4e29fc82bf32818ec"
+
+SHA3_256 short #13
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"687ff7485b7eb51fe208f6ff9a1b":"fe7e68ae3e1a91944e4d1d2146d9360e5333c099a256f3711edc372bc6eeb226"
+
+SHA3_256 short #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4149f41be1d265e668c536b85dde41":"229a7702448c640f55dafed08a52aa0b1139657ba9fc4c5eb8587e174ecd9b92"
+
+SHA3_256 short #15
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d83c721ee51b060c5a41438a8221e040":"b87d9e4722edd3918729ded9a6d03af8256998ee088a1ae662ef4bcaff142a96"
+
+SHA3_256 short #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"266e8cbd3e73d80df2a49cfdaf0dc39cd1":"6c2de3c95900a1bcec6bd4ca780056af4acf3aa36ee640474b6e870187f59361"
+
+SHA3_256 short #17
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"a1d7ce5104eb25d6131bb8f66e1fb13f3523":"ee9062f39720b821b88be5e64621d7e0ca026a9fe7248d78150b14bdbaa40bed"
+
+SHA3_256 short #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d751ccd2cd65f27db539176920a70057a08a6b":"7aaca80dbeb8dc3677d18b84795985463650d72f2543e0ec709c9e70b8cd7b79"
+
+SHA3_256 short #19
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"b32dec58865ab74614ea982efb93c08d9acb1bb0":"6a12e535dbfddab6d374058d92338e760b1a211451a6c09be9b61ee22f3bb467"
+
+SHA3_256 short #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4e0cc4f5c6dcf0e2efca1f9f129372e2dcbca57ea6":"d2b7717864e9438dd02a4f8bb0203b77e2d3cd8f8ffcf9dc684e63de5ef39f0d"
+
+SHA3_256 short #21
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d16d978dfbaecf2c8a04090f6eebdb421a5a711137a6":"7f497913318defdc60c924b3704b65ada7ca3ba203f23fb918c6fb03d4b0c0da"
+
+SHA3_256 short #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"47249c7cb85d8f0242ab240efd164b9c8b0bd3104bba3b":"435e276f06ae73aa5d5d6018f58e0f009be351eada47b677c2f7c06455f384e7"
+
+SHA3_256 short #23
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"cf549a383c0ac31eae870c40867eeb94fa1b6f3cac4473f2":"cdfd1afa793e48fd0ee5b34dfc53fbcee43e9d2ac21515e4746475453ab3831f"
+
+SHA3_256 short #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"9b3fdf8d448680840d6284f2997d3af55ffd85f6f4b33d7f8d":"25005d10e84ff97c74a589013be42fb37f68db64bdfc7626efc0dd628077493a"
+
+SHA3_256 short #25
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6b22fe94be2d0b2528d9847e127eb6c7d6967e7ec8b9660e77cc":"157a52b0477639b3bc179667b35c1cdfbb3eef845e4486f0f84a526e940b518c"
+
+SHA3_256 short #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d8decafdad377904a2789551135e782e302aed8450a42cfb89600c":"3ddecf5bba51643cd77ebde2141c8545f862067b209990d4cb65bfa65f4fa0c0"
+
+SHA3_256 short #27
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"938fe6afdbf14d1229e03576e532f078898769e20620ae2164f5abfa":"9511abd13c756772b852114578ef9b96f9dc7d0f2b8dcde6ea7d1bd14c518890"
+
+SHA3_256 short #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"66eb5e7396f5b451a02f39699da4dbc50538fb10678ec39a5e28baa3c0":"540acf81810a199996a612e885781308802fe460e9c638cc022e17076be8597a"
+
+SHA3_256 short #29
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"de98968c8bd9408bd562ac6efbca2b10f5769aacaa01365763e1b2ce8048":"6b2f2547781449d4fa158180a178ef68d7056121bf8a2f2f49891afc24978521"
+
+SHA3_256 short #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"94464e8fafd82f630e6aab9aa339d981db0a372dc5c1efb177305995ae2dc0":"ea7952ad759653cd47a18004ac2dbb9cf4a1e7bba8a530cf070570c711a634ea"
+
+SHA3_256 short #31
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"c178ce0f720a6d73c6cf1caa905ee724d5ba941c2e2628136e3aad7d853733ba":"64537b87892835ff0963ef9ad5145ab4cfce5d303a0cb0415b3b03f9d16e7d6b"
+
+SHA3_256 short #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6ef70a3a21f9f7dc41c553c9b7ef70db82ca6994ac89b3627da4f521f07e1ae263":"0afe03b175a1c9489663d8a6f66d1b24aba5139b996400b8bd3d0e1a79580e4d"
+
+SHA3_256 short #33
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"0c4a931ff7eace5ea7cd8d2a6761940838f30e43c5d1253299abd1bd903fed1e8b36":"dc5bebe05c499496a7ebfe04309cae515e3ea57c5d2a5fe2e6801243dd52c93b"
+
+SHA3_256 short #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"210f7b00bf8b4337b42450c721c3f781256359d208733846b97c0a4b7b044c38dbb219":"3305c9d28e05288a2d13994d64c88d3506399cd62b2b544213cf3539a8e92e2e"
+
+SHA3_256 short #35
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"3cb8992759e2dc60ebb022bd8ee27f0f98039e6a9fe360373b48c7850ce113a0ff7b2ae5":"3c00bf3e12ade9d2de2756506f809f147c8d6adc22e7bb666e0b1d26469e65a5"
+
+SHA3_256 short #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"22634f6ba7b4fccaa3ba4040b664dbe5a72bf394fb534e49c76ec4cdc223f4969e2d37e899":"a87e5c78837d7be0060d8f5eda975489ec961b28d7088f42a70f92414ae17793"
+
+SHA3_256 short #37
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6e1dcd796b2015ee6760f98fdb40e668b2cf38b05c91f6a91e83bcc8ac59f816f90a59d64e8e":"746bf845c08aa186b5fe1ca35528232c4a491a3a2a32cd23e990bc603f3268ae"
+
+SHA3_256 short #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ee0be20320f9d44073281265a6e9fa6b9d252495624b8d016b8ef57e1b4e859d8ad3b50b89416d":"a3257baf14ca16e1137dc5158703f3b02ebc74fc7677165fe86d4be1f38e2f7c"
+
+SHA3_256 short #39
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"8ae2da242635b6568289bf6bec8a438dbac1f5b4d50a90bb7449bdb92a59378e23452dbcabbbe879":"e25c44802c5cf2e9f633e683d37aa8c8db8a0e21c367808121d14d96c8a400b5"
+
+SHA3_256 short #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"bdd0252dec5b798ef20e51791a18e8ca234d9bfde632a9e5395337a112dd97cdf068c9f57615424f59":"e02c1b197979c44a5a50d05ea4882c16d8205c2e3344265f8fe0e80aed06c065"
+
+SHA3_256 short #41
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"c4c7b6315cb60b0e6cd01ef0b65f6486fdae4b94c6be21465c3a31c416ad2f06dcf3d6eae8eecf84ca7a":"2da21867cd6b5402d3caff92a05fddfca90199fd51a94a066af164ce3d36c949"
+
+SHA3_256 short #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"b17977aced3a1184b14b0e41a04dd8b513c925ca19211e1abdc6c1b987ac845545fb3b820a083b4f7883c0":"f91b016d013ede8d6a2e1efd4c0dd99417da8b0222d787867ca02b0ea2e80e45"
+
+SHA3_256 short #43
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"f65c3aa1d9981a84e49fc86d938f3f756f60e3858d5e1f6957dd4d268e28d68e90ba9a11d7b192d6c37fb30b":"3acbebf8eda9d3c99a6b6b666366c391e8200d55fd33ad8680734def1dc7ae85"
+
+SHA3_256 short #44
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"49abba1fa98f3c4470d5dd4ed36924af4a7ad62f4c2dd13e599238883ed7d0cb95bbaae58b460332e6b7681446":"02bcd9ea4f1aa5276f38e30351a14a072bc5d53a52d04d559a65ca46f1bcb56e"
+
+SHA3_256 short #45
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"275645b5a2514fe65a82efac57e406f224e0259677674f1d133f00a5ee9a6d1a8fed0eadbbff5a825041d2a9715d":"c70a874d786cd0f3f09fa4dc1bb8f551d45f26d77ad63de1a9fdfb3b7c09c041"
+
+SHA3_256 short #46
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"cd02b32107b9a640fc1bf439ac81a5c27d037c6076e1cfe6ad229638037ac1550e71cf9557c29c2fc6017afd5a8184":"36c73d11d450784eb99af068cd4e1cbc5768c8a2118010aceec6d852dda80d95"
+
+SHA3_256 short #47
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"5a72e0e1aec82a6541f04883bb463b0c39c22b59431cfb8bfd332117a1afb5832ce5c76a58fcf6c6cb4e3e6f8e1112de":"90fc3193552ec71d3315ebbb807913afd4cd2f0833a65e40d011d64de5e66513"
+
+SHA3_256 short #48
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"43402165911890719f9179f883bbbc2a3be77682e60dd24b356a22621c6d2e3dcdd4cb2ce613b0dfe9f58629ee853e0394":"5c4b6ceac9441defa99b10b805a725d4018b74b3e1f24ad8934fc89b41b8fd9e"
+
+SHA3_256 short #49
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"fc56ca9a93982a4669ccaba6e3d184a19de4ce800bb643a360c14572aedb22974f0c966b859d91ad5d713b7ad99935794d22":"e21806ce766bbce8b8d1b99bcf162fd154f54692351aec8e6914e1a694bda9ee"
+
+SHA3_256 short #50
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ace6297e50d50a11388118efc88ef97209b11e9dfcb7ad482fc9bf7d8deecc237ad163d920c51f250306d6cedc411386a457c7":"f5581403a082bbf5ad7e09bdfccc43bf9683ebc88291d71d9ce885a37e952bd6"
+
+SHA3_256 short #51
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"3bad18046e9424de24e12944cd992cfba4556f0b2ae88b7bd342be5cff9586092bb66fac69c529040d10dd66aa35c1023d87eb68":"faed76ff5a1cd99183b311e502c54e516d70a87050cf8961c8cd46f65c1358cd"
+
+SHA3_256 short #52
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e564c9a1f1aaf8545a259f52c3fd1821ed03c22fd7424a0b2ad629d5d3026ef4f27cbe06f30b991dfa54de2885f192af4dc4ddc46d":"811529c600c9d780f796a29a6b3e89f8a12b3f29c36f72b06cca7edc36f48dc0"
+
+SHA3_256 short #53
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6043fa6465d69cab45520af5f0fd46c81dbf677531799802629863681cea30ffa3b00836fbf49f87051d92aaeac0ed09bcb9f0755b7b":"b0fceecdaef6c76d5fc3835b523ce2416f4a9b9bd1f90234445df0f2b689f2f5"
+
+SHA3_256 short #54
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"2040c538c79237e6f2b8188c6375ec2f610ac2301607b9c23660c3a1e1c3a902cb2950c59aac3af28f984f6369c4debe8623dfa74c967b":"e33dbdc0acc23fcfad3c759c4333410bd3a40efb1366ade157d2c81d65a0a6c7"
+
+SHA3_256 short #55
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"00ff6c96b7aa3cf27d036cf20af7031434113252574bda9cf9244d85aef2593d3a7a83bff6be904b75164a1766828042bc3f4f090d98a03d":"d000eafca34815783bed9b050c6901c97f2e77d4771a0ed724dd8f6ff1448791"
+
+SHA3_256 short #56
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e8df14936cce118139e690f1662f88cfbc9c333b6dea658c02cb1d959644592842542fd9d8d61a04d4a892128f0ddff7b6502efffbabe5cb0a":"3479a9617a3adca35854c08fe987c2fe7ff2b01b04f2d952c107b3f066420551"
+
+SHA3_256 short #57
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4ed981a31f70dd6b70c161be1f01fc1bba54d06d9494e7eb194e213d5e0e71e0fddd49cb1f075353da22624cbe4ba871aab32906e45b6fbb691b":"9c824a00e068d2fda73f9c2e7798e8d9394f57f94df0edeb132e78e8a379a0cf"
+
+SHA3_256 short #58
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"7802b70c6158bc26d5f157671c3f3d81ab399db552b9f851b72333770348eb1fdb8a085f924095eb9d5ccfd8474b7ba5a61c7d7bcde5a7b44362cf":"fa9726ccb068c0adb5d20079c35a318b3d951eb43b196c509ab790b7e9202207"
+
+SHA3_256 short #59
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ff83dcd7c1a488e5a128d5b746284552f1f2c091615d9519f459bc9010ca5e0ac19796c4a3fd7a15032a55a1410737d07855b07f61fbd8f5759e9218":"8bd8d494a41acda4b7cd2994badaecff0f46ba2743458f6c3fdc0226f9492ede"
+
+SHA3_256 short #60
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"afd4764cc7d5de16a3cf80c51d0c0d919f18700c7dc9bc4e887d634fe0a3aa94097d590e4123b73f11ccb59e23496a3d53d2bfa908056c11c52c23abfb":"e9e3b3da648cf230f1973f3814eb81316d2a496826ea39adf4674576f97e1167"
+
+SHA3_256 short #61
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6fa6de509719ffbf17759f051453c0ac3cbe13346546bbc17050541074b034af197af06e41142211ee906a476039b3e07d6cb83a76aac6fca8eac307c034":"766630993fbb651fd8d3603e3eebc81931fb1302a46791df259a6e13ca2cba9f"
+
+SHA3_256 short #62
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"93cbb7e47c8859bef939155bea488090283ecf5023d99767c960d86baa333af05aa696fc170fb8bbac1e6473956d96b964580ee6640f0cc57be9598e55fc86":"d3212abca1100eb7658c0f916daf2692c57a47b772ee031c4ec6ad28a4a46de9"
+
+SHA3_256 short #63
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"67e384d209f1bc449fa67da6ce5fbbe84f4610129f2f0b40f7c0caea7ed5cb69be22ffb7541b2077ec1045356d9db4ee7141f7d3f84d324a5d00b33689f0cb78":"9c9160268608ef09fe0bd3927d3dffa0c73499c528943e837be467b50e5c1f1e"
+
+SHA3_256 short #64
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4bef1a43faacc3e38412c875360606a8115d9197d59f61a85e0b48b433db27695dc962ed75d191c4013979f401cf3a67c472c99000d3a152227db61de313ab5a1c":"8703a1f7424c3535f1d4f88c9b03d194893499478969fbb0a5dc2808a069ab8f"
+
+SHA3_256 short #65
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"f0be5e961bb55b3a9452a536504f612a3e66aec8160a882e5156eb7278433b7ea21de31e39383d57fcdfb2fb4a8d227a9d6085fb55cad3abb78a225535da0e34efea":"2fa180209bf6b4ad13c357d917fabb3e52c101a0cdb3f2299fa0f7f81dfb848e"
+
+SHA3_256 short #66
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"206f1c36ba25aea73398fffc9b65c4637cc1f05a6bbee014dccbd61e3b7aa9423887bbac62152a4bf73a4b7afabe54e08720589464da7985d8e6591ac081d115df2fe6":"558ea7c800b687380cce7e06006e1ebe0b89973f788c4caac5780f22dbf382e8"
+
+SHA3_256 short #67
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"8cd71434c00663f3bda0205508a4a266548dc69e00ca91fde06d165b40279af92674f75bd8133e5a9eb9a075c9068f68f4b820008a1fb42d89d1d759859e68f8efc6fb60":"085b343b08516f320a9b90fe50440a8bc51ae0850fa38d88724a4d6bd3df1ad4"
+
+SHA3_256 short #68
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4cf5bbd91cac61c21102052634e99faedd6cdddcd4426b42b6a372f29a5a5f35f51ce580bb1845a3c7cfcd447d269e8caeb9b320bb731f53fe5c969a65b12f40603a685afe":"f9dbb88c5bb4415e17dee9222174538eeab371b12d8d572cfdf55b806e3158e4"
+
+SHA3_256 short #69
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e00e46c96dec5cb36cf4732048376657bcd1eff08ccc05df734168ae5cc07a0ad5f25081c07d098a4b285ec623407b85e53a0d8cd6999d16d3131c188befbfc9ebb10d62daf9":"3571326a1577c400b967ac1c26df2a0dcf5db7070eac262a8071da16afa7c419"
+
+SHA3_256 short #70
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"981f41a83d8f17f71fc03f915a30cd8ac91d99aa1b49ef5c29fb88c68646b93a588debcd67474b457400c339cca028731df0b599875ab80df6f18b11b0b1c62f2a07b3d8209402":"62aea8760759a996f4d855e99bcd79e9a57ea362522d9b42fd82c12c9294a217"
+
+SHA3_256 short #71
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"5c589fc54fefc4d6e2249a36583e1992fc6b8a9c070e8e00c45a639af22063e66ae5cdb80238c82db043a5e1f39f65626e6d7be5d6a2d3380fa212f89211200412e5e4315fc04e40":"18deba74e9d93ae7df93c6c316ef201bf5e3a661e68868e14d4f56264f5d858c"
+
+SHA3_256 short #72
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"7c8691e7b2560fe87fcc5e2877f7e3c84d9101eca4818f6322a58986c6cf05627c0d6919ef2edc859f81fa1f33e0cc1f10edf7e52a9c33981af2ff0d720c94ea4d62170b2a4d1224fa":"5a5a438b57c1b3ce8756094252362afeaa9fc91cd45b385d16994ec8af49aa6b"
+
+SHA3_256 short #73
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"97359b564b2bc20800ed1e5151b4d2581a0427ce9539d324c3637cfb0e5378dc2cf6d72946e2a3535a2f664ede88ed42a6814c84072b22c43de71e880a77c2d9a05b673bc15a82e3255f":"be54f2e435f760d5b77c0ae61ef0aa7f5f3366f47819f350dc8a39aff8c73a8f"
+
+SHA3_256 short #74
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"a0dfaecd3e307c5ddf9a93603f7e19725a779218734904525b14586ff0ce0425e4efe7e1c06e745c28ed136f6031c4280fd4061d433ef700b6d1bc745064231fecf387015f94f504b6ad8c":"60d80f1c703dad5da93db222fb45fb7fa768c8aa2787f4b81f1e00365b8f49e2"
+
+SHA3_256 short #75
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"568d66d061306c3419a1928ce7edc8e3400c30998f09bdac6f63ff351eb23d362e8dc5927eac805d694ac9563dcd7fb2efa9591c0d827af9f39146f0424873aa8e3963d65734b1713baf0a44":"7a4fe37f296991121792dd7c2c30390725a1eebbf20b766a5a1c3c6c3646d996"
+
+SHA3_256 short #76
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d65b9f881d1fc7f17d6dd429faca8404e6ce60fba7d89b7fba003c8ef84d8083182979327611fc341291ba80dc70ad3b2f28b6d29b988445e7fdb7c6561f45822ac81dbf677a0b27d961dc6358":"51cc71b6934afcf28fa49942b76323f36cd6a0aecc5a0e49c10994ddcabdbb80"
+
+SHA3_256 short #77
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"711c88adf13e7a0e694652f2b9a397543f4937fafb4ccca7f1ad1d93cf74e818d0fedfaee099f019014ec9e1edfe9c03fdb11fe6492ad89011bf971a5c674461de15daff1f44b47adad308baa314":"1780e52e306858478290c46b04d8068f078a7f6ad8e3790a68fc40dccfbdadc9"
+
+SHA3_256 short #78
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"f714a27cd2d1bc754f5e4972ab940d366a754e029b6536655d977956a2c53880332424ddf597e6866a22bfca7aa26b7d74bc4c925014c4ed37bfe37245fa42628d1c2ee75dc909edc469ee3452d894":"f4afa72f3e489ad473dc247aae353da99fb005b490e2c4e1f5bd16a99732b100"
+
+SHA3_256 short #79
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"fe0c3280422c4ef6c82116e947da89f344d6ff997bf1aec6807e7379a695d0ba20ae31d2666f73bbdbc3a6d6ac2c12dcfb5a79173dfc9cd2e0d6000e3114f2767edec995772c6b47dadc136d500251e5":"89198e2363efd4e0ba7a8a45f690f02712e6f856668517bae118d11e9a9dc7cc"
+
+SHA3_256 short #80
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"02e238461d0a99d49c4cd16f442edf682c39b93114fc3d79f8546a99e5ead02f0cfc45081561da44b5c70eb48340418707fd6b2614580d5c581868ba32f1ee3ac34bf6224845b32ba7f867e34700d45025":"abef81b33591eedcac0cf32fb5a91c931f2d719c37801409133552170ce50dbf"
+
+SHA3_256 short #81
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"fb7c8cd4031007f8159d5c4c6120dee6777a3ace0a245b56f31e8aae7828dab3cf35c308de1d0d684592ef3a9e55796603a92f68d109f7a3ac1635f7c4d334955614c812753431bb0a0743291a0fc41547f3":"5a67284d39e4f37caa64ca1a54593c35f6d8f3a3ec20d460393a39f6f57c4486"
+
+SHA3_256 short #82
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6b2e868c7d0ee1c240d3a67e2fdf36e8e23817c02644a54453d10454da5859d41e833a5285ec63e8ce28aa64a50435a7740eea4b7d5827892678b35993d3f5da7a1c64f533173f3d0fa37e1aebf70827052c26":"aecf5dab6fea9ffd1bce2cdfeec0bee9d214a669e8306d5b6688afa8957fc91f"
+
+SHA3_256 short #83
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e5f3ba000c43bb6aca4e0a711a75912a48241cffa5b4b0b17f901f9e5097d94036c205f7a307d008567d05e58ac0dfaf6d971bf9d3d450cf2c7c83f6b328f676e9ab425642f5a5a71e389dc4fa49b6d7e848a09f":"182d6e4316f4bc18d7163b1b21462d99f99c6f34d2c00ee771ce54fd6c5018b9"
+
+SHA3_256 short #84
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"939c61e68af5e2fdb75a2eebb159a85b0c87a126ce22701622f5c5ef517c3ab0ed492b1650a6c862457c685c04732198645b95f84ccb0e726a07ce132827a044dc76b34d3f19a81721f1ea365bc23e2604949bd5e8":"121057b0b9a627be07dc54e7d1b719f0a3df9d20d29a03a38b5df0a51503df93"
+
+SHA3_256 short #85
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"9eadaf4811a604c65eaa7b1c6e89f2c0ab96bebec25a950ba78aac16d9371ca1e7458acf331e077ef6a735d68474ab22d2389bdf357fb2136c9f40e1e1eb99592c2bbb95d94931016b4d37faa08b1e9bf71bf2d3708a":"c237194b902e48dca5bd096cb51562079d0cdccb2af8088197676c17b0896be2"
+
+SHA3_256 short #86
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"71dcca239dced2ac5cc49a9bf9ea69a99be22ba62216716b524db80f337dee5eb7e032869e4adc1497babd1fa82fa8c3cfbd30d2eadfb4c5d40f99f9d194d7182c9cb7d41e8adbdcf2917e086782fdd756e2961c944070":"377d1cffb626735810b613fd31ef9bbb4577cd752521abe3a41afa921e623da0"
+
+SHA3_256 short #87
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ea130d3236bca7dffb4b9e50e805309a503e7347227aeb9f1bd15c263a98dd65753d2eedaa734b9ad88f41158f32419ca529f3062b910c019f3f239f635fc1116e5ab7b242feb4471ed9168474e501d39d6bae52cc21061a":"85c7a52d53f7b41162ea9f1ef0d07c3fb8f0ec621617f88cb3828ebe5388ab3d"
+
+SHA3_256 short #88
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"28f1be1156792af95c6f72e971bf1b64e0127b7653ff1e8c527f698907a27d1544815e38c7745529bc859260832416f2b41cd01e60c506239a7bf7553650bf70d1fe7a2c1220ac122ea1e18db27490447d8545a70bf0ffc8fa":"b2eb3762a743d252567796692863b55636cb088e75527efd7306a2f6e3a48a85"
+
+SHA3_256 short #89
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"c8400ef09c13e8acc8a72258f5d1d20302c6e43b53250c2f6c38ff15be77e3cac04d04b8421fc8fdff8be5ca71edd108e9287b42dea338bf859100eea376da08a0e695f0dc90b95e467cbd3c2a917a504a5ae01c310ae802c4bd":"69966e89b7bc7f39cd85791b92180ff3fed658d8240e393e1e6d7c24b8d0ac95"
+
+SHA3_256 short #90
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"a48950c961438e09f4d054ac66a498e5f1a4f6eabfde9b4bf5776182f0e43bcbce5dd436318f73fa3f92220cee1a0ff07ef132d047a530cbb47e808f90b2cc2a80dc9a1dd1ab2bb274d7a390475a6b8d97dcd4c3e26ffde6e17cf6":"44c00cf622beca0fad08539ea466dcbe4476aef6b277c450ce8282fbc9a49111"
+
+SHA3_256 short #91
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e543edcff8c094c0b329c8190b31c03fa86f06ace957918728692d783fa824ba4a4e1772afbe2d3f5cba701250d673405d2c38d52c52522c818947bcc0373835b198c4cc80b029d20884ac8c50893c3f565d528a0cb51bf8a197d9d6":"6d5260384f3cefd3758fb900dcba3730d2b23cee03d197abeff01369dc73c180"
+
+SHA3_256 short #92
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4e10ab631718aa5f6e69ee2c7e17908ec82cb81667e508f6981f3814790cfd5d112a305c91762c0bd9dd78e93ef3a64c8be77af945b74ff234a0b78f1ed962d0d68041f276d5ea40e8a63f2cab0a4a9ed3526c8c523db7cb776b9825b4":"d88e5f3b2d0a698fd943233760a3000a3360d9040e7374b22e39ea58d868102d"
+
+SHA3_256 short #93
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"604d8842855354811cd736d95c7f46d043a194048b64bf6cda22c3e0391113dcc723e881ae2ad8dc5740aa6bda6669ddb96bb71acd10648380693f7b3d862c262553777004bd6852831618519fbb824759f4dd65af1b2a79cc01096d7c8d":"8a8ab6cf5c02b9ae8f4c170740eff1592f3eda11d3420ac8b421d93cfbb35db8"
+
+SHA3_256 short #94
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"628180e14f41ebdfde3b4439de55ee9cd743d41040f3457ef2280370dd659619fa0ce69580c709725b275a6eda8bcb82a8447c20fdf68cba15412f83e2a10079fe9399a3e3fa61975ec0a64041c0ecde59e4844e9f8a608cb22d2576854182":"8d154bf6f9cb72efc0d8b3927a8f690060d1d48bbe5cc72094d2c8b149a75132"
+
+SHA3_256 short #95
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"fc150b1619d5c344d615e86fca1a723f4eeb24fbe21b12facde3615a04744ef54d8a7191a4454357de35df878cb305692278648759681919d1af73c1fb0ff9783678aec838da933db0376e1629fcca3f32913f84bc2ff3ffc3f261d2312f591c":"3f626c8bb20a132495bd3022b3fcd0ce0604b91a9d70132dab4099f73dde23d5"
+
+SHA3_256 short #96
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6dadbecdd15e5646e3f37a6fe5b328e06113cce3c8cf07285939afba44d117321017902b3a9d2ff51f60d18e1b585dcdf34e49e170ee60fa4d1dc246548d2c1fc38e7983f42769c43d65a28016f3f4d479ebe1cd8fec5d1f886dd21aca5067d94f":"9098ea34c40b541b153e80a8bd92da19432b18b7d329760b302f8a54c395dd06"
+
+SHA3_256 short #97
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"9cc5fd3035b72dc63b8c3c326fd013081e6b8716f526d3fe176b45256d4c37cc3dc8417dff49ada96c702b8fd715c65fc08a17a0a720b9cf1eedfd4922ccde6baba437f782ee33b95371056b0350dad743470c3b663299f16fcfd34f6fc459cd0ee4":"b0c04f24bb6d3d4fcbfdf9222d0e886f1eb60a0566a478085f7623a025a5b981"
+
+SHA3_256 short #98
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"f3f063fbcf2d74aa5a02d240c962ed7bb119b3a212bdb41594e28428108e613152ed16e01e451fcf702b0e5a08f82eb12677652b93e05fdee00ae86cf2dc9a1fbf05b93952ec5b8515eacc324fb830e1ec236afd7d073d4b7f7ab1c2e048b99cbfa012":"f930d79360b581b1bbfdeac57133a339444f5c44538c921631eabaf058277d32"
+
+SHA3_256 short #99
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"840739a3d6992c13ec63e6dbf46f9d6875b2bd87d8878a7b265c074e13ab17643c2de356ad4a7bfda6d3c0cc9ff381638963e46257de087bbdd5e8cc3763836b4e833a421781791dfcae9901be5805c0bbf99cca6daf574634ec2c61556f32e642730510":"19795657e08cfbb247a17cf209a4905f46e4ddf58eea47feee0be9bb9f5c460f"
+
+SHA3_256 short #100
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4a51b49393ab4d1b44fb6dc6628855a34e7c94d13b8b2142e5d5a7bf810e202cefdca50e3780844a33b9942f89e5c5b7dd6afb0a44541d44fb40687859780af5025fecc85e10cf8249429a3b0c6ff2d68c350c87c2fcbf936bd9de5701b2c48ce9a330c9ee":"128fb4114e43eefd19277c708be9e6873e66d7fd59c58a1485b7b015facfa795"
+
+SHA3_256 short #101
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"afc309e6b7b74dfb0d368e3894266fc4a706c3325e21f5550d07a6560e3d9703c134ca6ad078e4a7b82ad6fa85b0bc1ddcab05d43f29d5c58d1da78ac80c37051b089ff31ce2c0c44e9ce3abea1da0f1df28008e178fdefafca493413bf1d256c729d0a9225e":"03e782b01a4ba10f640470bb3cae487eb9cbbaab8c9941978b194f6a312cf79e"
+
+SHA3_256 short #102
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"c5ae750f2230642092397b84ad5526c46ae9480ada16892816e0f2db7690b751035653ea2f33da3cc4168b591b46a5548eff7d012f60ccfdbb854deec9f0880c472de8e127b5144c56147cccee4732fbac68fc59a48da74b33ed9e643644bbe279795c7c737eba":"f64b7ab243ce6e6c04b483888ba8a655465c21d95eb60c7b8d6e566a3811bae2"
+
+SHA3_256 short #103
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"603e13f61499e12ec6b33b68847a281d314f54dc705c0f3fc428981ff5689c04b519fadf83cbc9fcd0409c326035045df480570e265bb080940037ce4076a36437aafdb371c1a62af9ad9b614dfef89708fbbb5ebef2cb9528cc399781e4c5b22f1aa4dba623809f":"5f76962fd3d373e5db2953c0823a51fe81f874450bedf7e46876394b04d3ef66"
+
+SHA3_256 short #104
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e03115cfa19efcd796da389063c4be6acce684d983f8edfb3da6887b0b94fbb5e89e3a1a8e64fdd68f0670b1a02c2c33384a660c5a2266b3ae8a3b4cd76faecf011a7467b9b2a818020278a5a57d1eb1c87f1224c2d67dd02e81f1553eb75841532c2b7cca8fe5e418":"d107ee6ee4a58871a33c49657faa2573e475f11918c4a4e3801d0e17fb93c6e3"
+
+SHA3_256 short #105
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"0e6c1d58b1b9d3a2d399aafd60529e07d483a2755bb7e44c373b5355632d5fca76d6ff56c93af93ddcec5ed6f62753420c1b1758e48542df7b824b00a3a54dfaf0470b18d51e31e10b12dd8e324b5dc1bb8f3b7305cb762ec6ef137dadffd4a2466748861d9004f626b0":"02ab2dbb02944354799051247b1a25c19f3696e1afcb502b859e83798b33fd77"
+
+SHA3_256 short #106
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"6db2a43a229b10c3629249fc5136468b4d84df7b89ec90ebf7aa7a036c53aa2dffae9e81b2c60580543dc706a5e3457abc87e248a60ec29150c2d221a6ec08a1fda4ec0daee8576904ec7ab059b1230e7bd93c4e55ba9496cbb1e352e5b8086e303b94c861288ce53c466b":"8cc4d39b2f5ba0bc9d2ee2a8777cf08533e60cc69b65a7b31c5c2121193aa31e"
+
+SHA3_256 short #107
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"31d995f7ff8b6de70829a8336c610f10df2c866107a4922b25151849f8566861df5a79163d02767f21357ad82733997899261f03dafb1ce1056f20efd16d4374b89768565823c38e19e899d910b847b023f1867b6e4fed02e604b8243c0bc7cb05b9ea1f17955bfa36698c9c":"c99c7191b34c9ad3f941d4ad442cc865205cbb4c2a6927c592e831cbc4d36fcf"
+
+SHA3_256 short #108
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"cb0b8cb7de621c8e0a0fc6be2fc18d0e8818a2c2dd0b3219fa87831a61583f903c4d105495976ccac973b3ae3a09771145931a9e74c19f22f45cba4c492b29b1401347122581dfe2370d3e0359578cd10a355c619711810a8f8c232578671312c0a45c7cf7e81bdd3b249044f3":"6d2f57a7e42b35369cf2cd60caf9e65aca7d9aa019e6824bb806348f1acf3c7c"
+
+SHA3_256 short #109
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"48dff78aed5f6e823054924a78dc1b8e51a117f1610181529f6d164ebf0f6406f0b02422cad8c916823759a361437ca17423d3fd84cc8afe486a31ccda01c732685418a32c064a7b9effb288e811ecc99adb2a759feecc3f702f31d9877dcdb717937c15fa2f163bea744400f58c":"14b631f0f00a3024ad1810dabf02711e28449668abe27f69380942268968d4f6"
+
+SHA3_256 short #110
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"06cc9fa542ceb35c88fb6ab82c29d5dcd530f807d3f1c3bcb3974421101d1aa6ac112de6bf979cd28eb0f70c40bcaf91ed3eca9bf9e0dbc6a0b73271d1c7506740ca9ebfb72d5e00ac5ce189193ffa308804b42a6d20402bb99031cdac65ec36eb7f59f5d299df2e0b8690f760b9a0":"574fd82a9fceb8f7bbbf244d16e0412cbda8153b720846c32b8f10fe5779a881"
+
+SHA3_256 short #111
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"8d93627c0b7cbf61a7fe70e78c2c8ed23b1344b4cfed31bd85980dd37b4690e5b8758f7d6d2269957a39a1ac3451cc196696ae9e9606a04089e13456095a1ce1e593481b3ac84f53f1cb10f789b099f316c948398ad52fa13474bdf486de9b431bd5d57ef9d83a42139a05f112b2bd08":"344ec86642eabb206b2fd930e4c5dde78aa878577d6c271cb0069d4999495652"
+
+SHA3_256 short #112
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d0af484b8be6b41c1971ae9d90650a1e894356c9191d6be303fa424f2b7c09544ec076a0f1865c8c97927ca137529d5bedc0df2ef08a4cc7c470b094b1eeaa86731c041633d24086b60f7369d59c57652dec9b3817477df9db289ba020e306c9a78a99b539128992deb23cfc508c5fc3af":"b7ba998726477c32792e9c3eddc1cb6feb7c3933e49f2e7590d8ce7a2113e6f8"
+
+SHA3_256 short #113
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"b212f7ef04ffcdcf72c39a6309486c0eeb390ff8f218d6bd978b976612f7f898c350e90bd130723e1126af69295019b4f52c06a629ab74e03887020b75d73f0f78e12785c42feb70a7e5f12761511c9688c44da6aaa02afa35b31edc94c3a0779b6ab9462525c0ccfba76986f873fe1e6ba9":"2f26b96c1fa3f3dee728f17584e733b4189821c659b8885a5fb1d12d60d2aaa9"
+
+SHA3_256 short #114
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"86591ada83fba8175a0fe91d264e7f9b2df97ee4c32570e76b579d6140508951932abdadd6a4ca53b8bb8c42927aac0a02126881d52d97b82b80e72dd59f6a42021651ee1bb5f7b3eb2b21d003d784b75dda87c13f714b216282e8175474fa661b445d071bd5341f3a88302f410d0f8a857962":"e3edbc8c42ce5d2384dfb24fb1de5d4798b1bc3cc78c97033894040dfa6feb6c"
+
+SHA3_256 short #115
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"92b5a8e84b6a2ac4d5b1e61d63804abd641dd630058ec6d5f752f135724ef1947a0a84c6611d32448de6307f7b7d857404e96b81df94f87768fcfdf09faa2fe37468847542afe012995ff1bd40b257a47a7309f8896bf4fb711de55bfeb3a8be0837729ef6067c578182f17ebb080a754f22773c":"80ed0a702812297c2aa1b6b4b530c2b5ed17ecfba6d51791cf152d4303ced2e6"
+
+SHA3_256 short #116
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"d284a0a9a4de5d4c68cc23884c95ad7619aa39b20a2cf401deaeb3362c3ce356f79cc3fa82d3d1f565ec8137e1f435f171496afaa1152f722315dca5209f0031cce39b6c3d718e007dfb4fd8de5ce1408dda04476aa8a96817afa86a4f8fb5857ae091c67ebd7db5d783f434ead699aa96e56f610d":"654eccefd0a4fdb2ac0ab56288c64399b37bc4d57ff4a9f1cce94362fc491bda"
+
+SHA3_256 short #117
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"f57f0f8795385b805246a0a2573afc274346a9eccf50c626b0455a50bfb09668578b5a5afe54fbbd486444bdf97dba586aa224ce2e2b4b52f418ff06afa65a26f5204983a5f84734cd166c88cb70a73fb2db48f9ef20c1ee2c53ade07460114e98e7e2ebd24ac84ea90422eb143c4a42e2991a565959":"135ec8b144a667dceae8fadd287df81c10ef3ebef87ff2fb56e60ae708a88f3b"
+
+SHA3_256 short #118
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"2a41a52e6578873588a57f11f1be7c7eb398d01f3bfdec2c33fe6b65a68a534a6540978daa82e0c8fccb8c6c5242f7f97b8ffa75bdedb217bd8083439eea5cbb6d193c13bd62f5658ed4304774c6b1faf5b3dce432487840cabab415fb5d67640a739ca6e5414e760869708a9d7331e7e7ad7d55e035c7":"a6a1b8a26f6f440f19f16dce1d3001477d73ee7f6c374bce2922167b81970d6a"
+
+SHA3_256 short #119
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4d11aa5d3c6b6900f49ff90dd815744572be5648b64bde638b9db7a9877dd745fa8ea80e2f7f655cee85c71a4509e21d899e49b4973579815f947587a404ad83fd4a248020d9d2a65f46485373fc926d793161f63a196ae0af590923c5be2a0e5d2f69da97e0788550c9c1dee9574ddc4a61e533275d7729":"fc5159f0ddd6d765c85fcc3fc3ac1dc0d317d8ea0b110e96ac9f7a398dc386c5"
+
+SHA3_256 short #120
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"05cd99bfe031d123ca7061d3de0956f4bbf164bad792db881713d6599ddab55ee24fcee804e360896152c8766424f8309f7a24641a07be0feb5da5e5076a9af45842f385101f93433ca5199f9c6b5872b2b808e4198aba8e18dd12db772930b4912d6f5cabeb529884f4bb142de55e021b3276047b22b64cc5":"8aa07742e6f1f47ad020ed6684edc8dba4af36b782955f0f972be3ae980aea0e"
+
+SHA3_256 short #121
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"529684398d68bdc19e7a00ce32cc1a8c1315b97f07137474f61f0cb84a04f2879b1109c78c6dacf7f0abf362329e3298f36fc31ef4ec06653723a5f961301dfb63537ad15946611cb2cd54ea928e322e7423fd6d146ee0b98c2c71e3bdcd33edf0845fbebd9ae4192d07acd01b432135e05af0d22f3f0c5a3d62":"a07049b6ebd7b355479a3d802fda436b83ae6747d741cf9626f7c62f47cbd563"
+
+SHA3_256 short #122
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"982fb5f4af498a4a75e33a033235ea3ddb70d9d236519f883ff5b388cbef30126b98d96e93a65a26fb00d17246d18cf4e2db14a52f0f6b10e35a93beadc14ff118b02e95b38fc4736f973ba848e40b5527cb0599076d96bc578c4aada09e8faf6820bc4f562d5199974f808b7f95edca74e6b3940894a7f66534e0":"09c60fec5a089a23f5da3ed2492aa21fcf7aa36183850fafc15ae8c63f596db0"
+
+SHA3_256 short #123
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ca88614828f8acdb5fcffab6bb2fb62d932b7808e4d9cc3139a835b0cef471d9f4d8ffc4b744dffebf4f997e74ce80db662538bceb5d768f0a77077e9700149ea0e6a46a088a62717216a14b60119dd19c31038ed870b4709161c6c339c5cc60945a582263f3be9a40cd1a04c921947900f6e266f2390f3c970f7b69":"fe2d4183ccdaa816b4446a9b6c07d0ba4b42ac743599db5dc482b1941f443c71"
+
+SHA3_256 short #124
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"ab6b92daf83275cb9c1b76cfb59fbcc8ac53188e0b6980918e7ac0c07c836ca9372d19e11251cca664bbb3c3db2e13b412a9820b65e95612042f5db24643cf9340b9808597735a1f92670ba573a2fb2f088d81087d70565574344af7576d35b2ed98318e2ca0067d4fa8e63f28045b83b6887d4ffa0668a10712ed5759":"744538e1ae1cd7357710b56c3bc6f1bd7a8564118a1e0f9acc30fcf0b5396eef"
+
+SHA3_256 short #125
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"bfd4c7c8e90858ccf9c8834abefd9c1846ca4a11966fdd139d6de24a6bebf4b19f58d5d51e52bddd0bc6f1c7f35998f44707cae7100aeb4adefe373101429da3fca1d15737329dbbf47c783a84de59bfbb2fcd75a1a148d26aebb8d3a9a76089c0f8e4d49b71a06f9e323e2cdb54888189887a44b1fa9cb32b7c8fb7c9e0":"58b17843bc851a721c5a258eef57b3854d02190e732d9b8e7a9f926ac409c173"
+
+SHA3_256 short #126
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"c5019433c285da2bb93f119e58b4f36cd1e4d99dda35dbf4f8ae39c7fe65fa0ed03bd2b96dc649472d8f1a94477ed9f29592d97c9cd54da7c790ad1af3bb5cc030b7871bc64050db779d2caf0419895bf3b7b50b8e22fbe62fe30fe7bbd6ace86ddf7b00d5d9370f20cf0f97996f4bce70bb33f1ba022cdaba0f25d55fa031":"f7c92a3fb7f180370d628be78de874d693f74ccc7a54c741634258d8c512fd7f"
+
+SHA3_256 short #127
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b161175fd3a33aacfb1483f":"8814630a39dcb99792cc4e08cae5dd078973d15cd19f17bacf04deda9e62c45f"
+
+SHA3_256 short #128
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"14365d3301150d7c5ba6bb8c1fc26e9dab218fc5d01c9ed528b72482aadee9c27bef667907797d55514468f68791f053daa2df598d7db7d54beea493bdcbb0c75c7b36ad84b9996dca96354190bd96d9d7fbe8ff54ffaf77c55eb92985da50825ee3b4179f5ec88b6fa60bb361d0caf9493494fe4d28ef843f0f498a2a9331b82a":"9b690531dee948a9c559a2e0efab2ec824151a9175f2730a030b748d07cbaa7f"
+
+SHA3_256 short #129
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"4a757db93f6d4c6529211d70d5f8491799c0f73ae7f24bbd2138db2eaf2c63a85063b9f7adaa03fc348f275323248334e3ffdf9798859f9cf6693d29566ff7d50976c505ecb58e543c459b39acdf4ce4b5e80a682eaa7c1f1ce5fe4acb864ff91eb6892b23165735ea49626898b40ceeb78161f5d0ea4a103cb404d937f9d1dc362b":"1ac7cc7e2e8ea14fb1b90096f41265100712c5dd41519d78b2786cfb6355af72"
+
+SHA3_256 short #130
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"da11c39c77250f6264dda4b096341ff9c4cc2c900633b20ea1664bf32193f790a923112488f882450cf334819bbaca46ffb88eff0265aa803bc79ca42739e4347c6bff0bb9aa99780261ffe42be0d3b5135d03723338fb2776841a0b4bc26360f9ef769b34c2bec5ed2feb216e2fa30fa5c37430c0360ecbfba3af6fb6b8dedacbb95c":"c163cd43de224ac5c262ae39db746cfcad66074ebaec4a6da23d86b310520f21"
+
+SHA3_256 short #131
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"3341ca020d4835838b0d6c8f93aaaebb7af60730d208c85283f6369f1ee27fd96d38f2674f316ef9c29c1b6b42dd59ec5236f65f5845a401adceaa4cf5bbd91cac61c21102052634e99faedd6cdddcd4426b42b6a372f29a5a5f35f51ce580bb1845a3c7cfcd447d269e8caeb9b320bb731f53fe5c969a65b12f40603a685afed86bfe53":"6c3e93f2b49f493344cc3eb1e9454f79363032beee2f7ea65b3d994b5cae438f"
+
+SHA3_256 short #132
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"989fc49594afc73405bacee4dbbe7135804f800368de39e2ea3bbec04e59c6c52752927ee3aa233ba0d8aab5410240f4c109d770c8c570777c928fce9a0bec9bc5156c821e204f0f14a9ab547e0319d3e758ae9e28eb2dbc3d9f7acf51bd52f41bf23aeb6d97b5780a35ba08b94965989744edd3b1d6d67ad26c68099af85f98d0f0e4fff9":"b10adeb6a9395a48788931d45a7b4e4f69300a76d8b716c40c614c3113a0f051"
+
+SHA3_256 short #133
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"e5022f4c7dfe2dbd207105e2f27aaedd5a765c27c0bc60de958b49609440501848ccf398cf66dfe8dd7d131e04f1432f32827a057b8904d218e68ba3b0398038d755bd13d5f168cfa8a11ab34c0540873940c2a62eace3552dcd6953c683fdb29983d4e417078f1988c560c9521e6f8c78997c32618fc510db282a985f868f2d973f82351d11":"3293a4b9aeb8a65e1014d3847500ffc8241594e9c4564cbd7ce978bfa50767fe"
+
+SHA3_256 short #134
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"b1f6076509938432145bb15dbe1a7b2e007934be5f753908b50fd24333455970a7429f2ffbd28bd6fe1804c4688311f318fe3fcd9f6744410243e115bcb00d7e039a4fee4c326c2d119c42abd2e8f4155a44472643704cc0bc72403b8a8ab0fd4d68e04a059d6e5ed45033b906326abb4eb4147052779bad6a03b55ca5bd8b140e131bed2dfada":"f82d9602b231d332d902cb6436b15aef89acc591cb8626233ced20c0a6e80d7a"
+
+SHA3_256 short #135
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_256:"56ea14d7fcb0db748ff649aaa5d0afdc2357528a9aad6076d73b2805b53d89e73681abfad26bee6c0f3d20215295f354f538ae80990d2281be6de0f6919aa9eb048c26b524f4d91ca87b54c0c54aa9b54ad02171e8bf31e8d158a9f586e92ffce994ecce9a5185cc80364d50a6f7b94849a914242fcb73f33a86ecc83c3403630d20650ddb8cd9c4":"4beae3515ba35ec8cbd1d94567e22b0d7809c466abfbafe9610349597ba15b45"
+
+SHA3_384 short #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7"
+
+SHA3_384 short #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"fb52":"d73a9d0e7f1802352ea54f3e062d3910577bf87edda48101de92a3de957e698b836085f5f10cab1de19fd0c906e48385"
+
+SHA3_384 short #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6ab7d6":"ea12d6d32d69ad2154a57e0e1be481a45add739ee7dd6e2a27e544b6c8b5ad122654bbf95134d567987156295d5e57db"
+
+SHA3_384 short #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"11587dcb":"cb6e6ce4a266d438ddd52867f2e183021be50223c7d57f8fdcaa18093a9d0126607df026c025bff40bc314af43fd8a08"
+
+SHA3_384 short #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"4d7fc6cae6":"e570d463a010c71b78acd7f9790c78ce946e00cc54dae82bfc3833a10f0d8d35b03cbb4aa2f9ba4b27498807a397cd47"
+
+SHA3_384 short #5
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28"
+
+SHA3_384 short #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"17510eca2fe11b":"35fba6958b6c68eae8f2b5f5bdf5ebcc565252bc70f983548c2dfd5406f111a0a95b1bb9a639988c8d65da912d2c3ea2"
+
+SHA3_384 short #7
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"c44a2c58c84c393a":"60ad40f964d0edcf19281e415f7389968275ff613199a069c916a0ff7ef65503b740683162a622b913d43a46559e913c"
+
+SHA3_384 short #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a36e5a59043b6333d7":"bd045661663436d07720ff3c8b6f922066dfe244456a56ca46dfb3f7e271116d932107c7b04cc7c60173e08d0c2e107c"
+
+SHA3_384 short #9
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"c0920f2bd1e2d302259b":"3d1584220409f88d38409a29ecaebb490ef884b5acba2c7eaf23914bab7f5f0fc97ee1e6336f88dfd4d0a06e902ccd25"
+
+SHA3_384 short #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"70ae731af5e0d92d264ec9":"563359fd93fe09f3fe49fcf5f17e7f92aab589cdec3e55e4c3715e7775814bbbfb8c4c732e28d3b6e6404860812dc6e9"
+
+SHA3_384 short #11
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"69c74a9b0db538eeff64d93d":"88c66389ca2c320a39022aa441fa884fbc6ed2d3cc9ac475372d947d4960579a64e061a297d1831d3524f98d8094404b"
+
+SHA3_384 short #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a4a9327be21b9277e08c40abc7":"751f5da5ff9e2460c99348070d5068d8a3d7ffcec7fd0e6f68f6cd4a2ef4226df8d9b4613c3b0d10a168eaf54eabe01a"
+
+SHA3_384 short #13
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"cc4764d3e295097298f2af8882f6":"10f287f256643ad0dfb5955dd34587882e445cd5ae8da337e7c170fc0c1e48a03fb7a54ec71335113dbdccccc944da41"
+
+SHA3_384 short #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5a23ad0ce89e0fb1df4a95bb2488f0":"23840671e7570a248cf3579c7c8810b5fcc35b975a3a43b506cc67faefa6dbe1c945abc09a903e199f759dcbc7f2c4d0"
+
+SHA3_384 short #15
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"65b27f6c5578a4d5d9f6519c554c3097":"dd734f4987fe1a71455cf9fb1ee8986882c82448827a7880fc90d2043c33b5cbc0ed58b8529e4c6bc3a7288829e0a40d"
+
+SHA3_384 short #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a74847930a03abeea473e1f3dc30b88815":"dba6f929fe55f9d66c5f67c0af3b82f17bcf58b36752f3165c16083fea8fd478ee6903f27f820ad2dd9950afb48c6700"
+
+SHA3_384 short #17
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6efaf78ed4d293927eef2c3a71930e6e887a":"8218498ab01b63041c2ba0709e3309496124ddf0904543a9e0d9d096a750dda97f7a02208af3d8c618d4be7c2bb2a288"
+
+SHA3_384 short #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"fd039eb6e4657388b947ec01e737efbbad47da":"c5b3130ef8dbc580e1103fecae69c9a882d9ebf5a3def5938b07f843452a09c9f72f0dbca91d33b021cf6aa6fe60d2ed"
+
+SHA3_384 short #19
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"9c694943389bdc4e05ad7c2f63ceac2820e1d2d7":"f692c025c5c5f3d1275213c1df9bf9eb6d2188eda90ab5bffe631f1dbf70ebd628caee88b7d149e1ac4e262873979afe"
+
+SHA3_384 short #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"0fb18357b018b9bbb2cbb4cac50bc85609c92b8e7f":"d164306c99e3798790f0923fe92dbf2f96c3907127dacaa467c766ac75788062589272cb7690b8af2030dd8bd61a3df2"
+
+SHA3_384 short #21
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"26cb40a460e2e727aeb867e0140d0f34790110deb5d7":"af2a42a4c67c3226c55b89605b0dee27e796c2792115f6097203db5aed89e35f563a8246d399fde00c2a5b97ed5a5e17"
+
+SHA3_384 short #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6690a3a0373c829facc56f824382f4feed6eb184642b4f":"84e1b68bc9e2daefc19b567dec911ef46f5f37a74fdbbb6155e7e646f2735df2ac44e239689eb5b536465dc571e55cb2"
+
+SHA3_384 short #23
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"7d80b160c4b536a3beb79980599344047c5f82a1dfc3eed4":"041cc5861ba334563c61d4ef9710d4896c311c92edbe0d7cd53e803bf2f4eb6057235570770ce87c5520d7ec14198722"
+
+SHA3_384 short #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"02128283ffc0cfe254ac8f542be3f05fbe4e855dd22ae98a81":"3840981a766d725f83d334e8982965033a5fbb5107d94ffef33b1f700cd46348091a49f6620c37ae3ef5b20513494826"
+
+SHA3_384 short #25
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"27911dd0a6843ccae965d876aa1916f1dcd71e518f7f2197152e":"f59f8428555984d1526cded8129c649fb1b683d35cec7c5e1209441a6a9e7c17f0784151b5ab8a8c492b402a3acb98c4"
+
+SHA3_384 short #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"d9378bb66e8c8dee556d691cbc9fdddd6333ca5d50668862c3c57d":"994532d1a557e990b1cc9e0395a2ad8b05619ca322db9da3c4ed2ee194c051d04582fde72dd2b8f674cf6ec958db75da"
+
+SHA3_384 short #27
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"ae1828047c5f82a7b9712f3399832124b892f2f7aea51c8fe3536cd6":"d51111f8bffb44d81ad19683198f29d2033144d3cd856c749cac5b9cae0e712f500f8d0ef813f38e305ce175a7d6162c"
+
+SHA3_384 short #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"7dd2d76fa054cf461e132e9ef914acdc53080a508cdc5368ab8c6224ff":"6c0b3395e4c86518ab0a06267320ee9ec95e50385b7a2527ddaa1bd0ead262c56122d4f4eb08b0ae22b3ee7e6f44dd18"
+
+SHA3_384 short #29
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6fd72888a021f36e550967cb5605b55b78657c9272d93c3ded340d67da6f":"0551583a5b4007401c77ef4382fd8e245c9cf12e976c9766af6b7ae3c7e07a82b3079f903b083d5ec85cb94e46a85ac0"
+
+SHA3_384 short #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"d500eb9546553619cdc31e0848c502db92d547efef3ae5eeaa22258afcf0a9":"5edde2f94f8695f277ec05efcc00761fafd272200aed0e63d221c2b6c65b4972a6526f9a1f2e6ace0e81938f043fe877"
+
+SHA3_384 short #31
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6189597e0198a18c65fa0bdd0797f13037c75c4058b7d3454c0f71bd2dd13b6c":"110630ca7631b7620e6bee6ed6e929098965571936c34829484983eba9532b8175528c228c57439453f027a4f7c83ca3"
+
+SHA3_384 short #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"243b941d748541af303f8e9d2c371cd03e437d62a9df485ddc176dc65da8c7da00":"5884201f7a555ea3c5deeb019fd9e8c161e1b89756045e475b141ec5135ce5a41c93e5e1f79534d36fd8345ba434da43"
+
+SHA3_384 short #33
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"2dc3d789582c1a806c3b491d5972ef8f1733f1f5e02866dc9de2a8029ec0ab608d13":"05a3903b519cdf679120c7ccb4ef178b58e4502fcd461360988fa06669294851e629d9dd3e77ffb73d24599d5d3edd36"
+
+SHA3_384 short #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"e5b3f6962fe57230780b3d55b29effe0dfebde2c81ba97d4512ecdbd33eca1576a7f82":"7ac2776afb74f55bbc4f6eccf825ee13ac7445fb54974e6c24ebc0f03fdcd8530199a61106a31b4279e02201ee0f54fd"
+
+SHA3_384 short #35
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"da03486aa3cebbd6502e9f5a6f0f835e973a581befcc1aadefe7b3696ba71c70cd58c584":"02c44ceec0bb7dc0f664ebe44230192b5b0bb646bb944d23fa1ff3586dc0523fa9d7f0dd6df5449ab9edd9a1096b07dc"
+
+SHA3_384 short #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3c686d321ba66185cdca83ba9f41984fa61b826ef56b136e13f1239dadf6e03d877866ccb8":"ad624edd9f2c3a32b56c53d9e813c01d66bcfe424c4a96907d52ac1ddd68370ec86dac67504a90e8a8e75502e01081d2"
+
+SHA3_384 short #37
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"4dcff99fac33840f6532547fb69b456902d6718fd5d4538e23462db6d00da61975f2b8e26298":"cf37dd27997c1bb7e6dc405170066e74c6ce517c029ed8dce126d025da74e0b8e86da567e8d7d8d5b5d3e2a546df7489"
+
+SHA3_384 short #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"2799f672328834d7eaef9439795d35ce93c9094f58ded9f17c968a97a50a9e461489fed988e7f6":"85cfc23c97cb13910b808e7033809a45aa0b7f7138de618c2ca622c8b813c988e264af3b96c7925dcbd1d2761757d800"
+
+SHA3_384 short #39
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"c7e947507822f28a562745a8fe6fed6cb47d73145804c894954e21245cde04fa9155a35904926aca":"8bddf3baebbc5b04fe0b0a9c3c2b730abe918ce4892d2843c613ee96da0228512f0d1307c7d1a8922e79a92e957dd18e"
+
+SHA3_384 short #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6c497bf6ff69cb39e3faa349212b8b6691ca237905ac0099c450b6d33abf362bedb65bdeb307bfea23":"3639fab6191b35246278522cfacee0cd5b15580a26c505ae3c46b4b1c2572016b48f1b012bbbedec47916950fbb33a1d"
+
+SHA3_384 short #41
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"d15936f3b0c9018271812b4c81453c4457c7edd110bcea7f5735d6f5882d8f27155eb4cc285a65138ad6":"0293eeef0aa3392c93d9c6ca89c08b317622572d4de2286a4b9ae6c2f9c9e0e64ee6c483d4f10859077e3c6868430214"
+
+SHA3_384 short #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"df18139f34b8904ef0681c1b7a3c86653e44b2535d6cecd1a2a17cd5b9357be79b85e5e04dd9eff2ca8b9a":"db9e171d6e3336631c9ceec6b4d732ce62b015939269fb69fae7d22725500e8a2fc9f1459cf0a31fb9d16d7c44583f52"
+
+SHA3_384 short #43
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"0459dcbc149333ea2f937b779a5f3728148449a9aea3662cdd2cc653ce6a2050f9c0d54bf9326c039b263eb9":"464ba409fbb45e985f84ee24662eb7c042c3c2ad9649f1ac4a8b2be9c07d37ed2e4284362057493f6a7e52c356b05bc5"
+
+SHA3_384 short #44
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"eb3f7002c8352270340b8da8643622e5f7e32cdb208a0dec06c6cb9e6b64cc4d8cb9de1d49397b3386464a25d1":"a26bd76ce42d818dbec462d8fe7cdd957e6b84ae8750fb5e1c9c76bc6000e23737e073a59b4600e5056524edc667909d"
+
+SHA3_384 short #45
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"47e3e3d8c68ac9d9f4b3759d8c7d9dd901e35b096ee4c8b6cbe0cdf467463630926c08289abe153bfa1bcde3cd7c":"b504ef475a568f9caba8352a0b2d243acdf3d2b41d8890a6fb3abb8aa28a29e0c7527d20e2d79b25b400ec27c314db72"
+
+SHA3_384 short #46
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"838d9c181c5ab59592723bd69360e0d7fd15232beada7591ea899ac78ffd53a32fc73a5fe522ed35d92a6e2bc148ca":"53e99e1158d59032ffe4b5ea304c7d2f7a61b6b2a96ac97832ca26013549fe3f7dcdf926bd74ceabe4f1ff172daed6e6"
+
+SHA3_384 short #47
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a90d2aa5b241e1ca9dab5b6dc05c3e2c93fc5a2210a6315d60f9b791b36b560d70e135ef8e7dba9441b74e53dab0606b":"4a16881ce156f45fdfdb45088e3f23be1b4c5a7a6a35315d36c51c75f275733319aca185d4ab33130ffe45f751f1bbc5"
+
+SHA3_384 short #48
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"8c29345d3a091a5d5d71ab8f5a068a5711f7ba00b1830d5ed0bcdfb1bb8b03cd0af5fe78789c7314f289df7eee288735fe":"e27b39a96255ff69c45285fca6edaaa3954ce32c1e3d9b1f60c1b6676594bb45caf0889fc11daf93a1b60746229689dd"
+
+SHA3_384 short #49
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"32876feefe9915a32399083472e3c3805ef261800b25582aa7c36395fd3ec05d47b49c4944bbcc2b8b5ebd081f63ae7943d0":"f96433cdb69a607433ea2eb77d87d3328867dc4076b67ccf17f50f9e08e89a86624b60f2ecdb8affcd431fc13173fe75"
+
+SHA3_384 short #50
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"e2e77eb54f321f86f52ea3d3c8cdc3bc74d8b4f2f334591e5e63b781034da9d7b941d5827037dee40c58dc0d74c00996e582bc":"a352ab33ca730482c376bdc573c9d1dc6d3597f9be9f798b74a57beaa8e9c57b78ee6761056eb67363e882fefcad4fb9"
+
+SHA3_384 short #51
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"da14b6d0b2ec4cf1e7c790e7f8f4212b8f4d05f50e75e2a56a5d70623c0d2e0115a15428129109b3b136d756e38a5c8463304290":"aae7ad977e17ac0e560c0e0186433420f9fddcd191b9e91567cee05df88f1e1aee50424a313998a873f7a9c289a02217"
+
+SHA3_384 short #52
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"2db06f09abaa6a9e942d62741eacd0aa3b60d868bddf8717bef059d23f9efe170f8b5dc3ef87da3df361d4f12bfd720083a7a035e8":"85d4e3e5abcb1b59ca6f551eb43b43ff64890511f73a9083a2ce6e9c2861c6e9664c765629024f4b01b0cd1594a5981b"
+
+SHA3_384 short #53
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"26bad23e51c4560c172076538b28716782ee6304962f68e27182048948d5c367a51a1c206a3e9b25135b40883b2e220f61cb5787ed8f":"a44c7f84ab962f68283404f8c5c4029dbc35d2138e075c9327580baf89f292937bf99422e45756b3f942bf0a5ae4acb6"
+
+SHA3_384 short #54
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"77a9f652a003a83d22fb849b73fed7d37830c0dc53f89cea7dbec24e14f37197765206fe0e6672016e4dec4d9ebbe3e1b4423771a5d0a8":"29c8bb39bb2aad419a00a80216ec71ec5ec9ab54c41927e3e3f2f48f079a5886d7fe89db98c807ab686d2339001d6252"
+
+SHA3_384 short #55
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"268c7b3a84849fec5c769bc4ad377dea10c9d20c91dd17fdbd9670a2fc909d0e212129ec40dee41dbf6194a3b04ae8be5e84ad5426ca4496":"0dfc6ffcf4a387ec09ff862c6139a6f7ac77abb2b5e1f6dc814eb71525f8657ac74a7697c2975c70a543af0e227d03ca"
+
+SHA3_384 short #56
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"b8324341a6891a6b5e001a7d2ebba6e02e8335c124185309a4c9e9907c43bd8d4fa73c527fdf783650316dd24b148870e1436ac05111e9cdcc":"6278d1cc17fb6d54129d04987d4774fa846dcac4ba8b6b72f41e63dc387ce0081ba29fb2c17c6744edae24e669cc9e75"
+
+SHA3_384 short #57
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5ef8b3d79d299bee2c414560c7de626cc0d9fb429884aa69cc30095ef1f36b7e03a8ca25fb3601189f163b209e0facf8dc447f690b710fb47b72":"7ec9505f33f4a5493574422de078e0490b61be8e8d6f158192bb7d2bdc2dc335598dc88d9b443cd1c14b883a77119df1"
+
+SHA3_384 short #58
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"ad7321c9a8b8f0bfe100811114270daad57f6e88772326b62d88a37a6f55c2cf9f759115ed6a590878e4dcefb592db151538db7de20229d26a181c":"3782d2caa537294e809e9df837b1b07e2f1df07d0f4c12e12459f56eeaa478d5b3a41e519d9414eafa5ddd5661c831ba"
+
+SHA3_384 short #59
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"0719d9664541f0a824f71c83b809bb6afc973c9f7428e1ed11f7c29a558e1698b796aefb49eec2b098faf06bd43e82e1312bf0388c38a5bb523506d3":"362c05f678df92883d56e19221391fb00d0f0afcec51d3e0feb15ba2fb60693b09d69118af649648933259d7b1e240ab"
+
+SHA3_384 short #60
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5415c2596aa7d21e855be98491bd702357c19f21f46294f98a8aa37b3532ee1541ca35509adbef9d83eb99528ba14ef0bd2998a718da861c3f16fe6971":"8f9fd7d879d6b51ee843e1fbcd40bb67449ae744db9f673e3452f028cb0189d9cb0fef7bdb5c760d63fea0e3ba3dd8d1"
+
+SHA3_384 short #61
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"b979a25a424b1e4c7ea71b6645545248498a2b8c4b568e4c8f3ff6e58d2ac8fbe97be4bea57d796b96041d1514511da5f6351120be7ab428107ef3c66921":"e248a64b6ef112bf3d29948b1c995808e506c049f3906d74c3ee1e4d9f351658681901fe42c8e28024fe31014e2d342b"
+
+SHA3_384 short #62
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"e64c7bb9cd99ce547d43de3cc3b6f7d87a2df9d8a4760c18baf590c740ec53c89bfa075827e1f3f2858ce86f325077725e726103fbe94f7a1466c39f60924f":"d1e5a72d2595f38714c6198ac14f8a5cdd894dcf9b4b8e975174b100df7bbf4f7ce291b4864f27c0b64e6330f6c1c82c"
+
+SHA3_384 short #63
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"91b7a1fd0e20072d9c5be7196e5eaf8df36fdf145895b30d4e4c02010d7c663499ac9d7a44732f4c7430511ba6fb0ae4b3dc9405523a054fdf962f5c5b79c423":"07c2e0aeae30da83b5a6b320aa1cf727b10c2034583d7acda55648fa3daa017aa15588b6e2149101c56e3d7df7c76df1"
+
+SHA3_384 short #64
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5bbc2d4efe63cbfc9fc221dd8d8384075a79c80a27d6a8c5219e677f4c5bb8338013dc2ab1770acf735d13c0bc704621ec2691350cf3ea2f53bded45ef8fc70702":"dd0bbfe4b799642191abe316df9d59a3743566778b4459c51c3be3f658bdce45516ad188fbe1a8cad8a1fa78f8ebb645"
+
+SHA3_384 short #65
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"129549278e8976c38b5505815725400c3d2081edf141ad002e62ff299d9a0743f9c9f25971710b194dc88285d50b6cec6e140c19072f51cab32a9f6497abd3e407c6":"ca26aec527fadcd5ebeb4eafa7c102f79a3c2edb452afd04f6162dd7a17bdd1aad7d616508a89a3ec6a40791d915acc8"
+
+SHA3_384 short #66
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"b9a9f378adeff4337bc7ec10d526c6dda07028375549f7fda7a81d05662c8a0da3b478f4152af42abb9f9a65c39da095abb8161ba6676b35411234bd466c2914e00370":"99914f684e0b317f9338af0c71e9655a3af7153eb9fabaae61454bf8de9e0bfd274c1eff6c4b550e47afcb3b20fa7d9e"
+
+SHA3_384 short #67
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"101da5b09700dcadf80e5b7900f4e94c54d5f175569a854e488aa36fb41ab7220b0662178ca07a596768528123de3b2a3d944aa412875cedfeaf58dcc6d5b4a033a53b69":"d3e32c9b271e11e4968397d85d76938b974ac1ba55bcbe8d7b7da02dbd7e3b9c9af0d98bbd7e50c436fcf9e3551e3432"
+
+SHA3_384 short #68
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"14761bbc5685b5de692973e2df7c9c4750889c19a952f912c817890546d5e37d940d13a14ac7925abbd875b8cd60e4920896ce6decc8db9f889da2b5489e1d110ff459d885":"272222ed50631aff465c0e6fe49ecdfdca983bcb7231e50903e200b335b845108202c28315912c9c4fd50e2c6f13a9ea"
+
+SHA3_384 short #69
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"ed538009aeaed3284c29a6253702904967e0ea979f0a34a5f3d7b5ab886662da9b8e01efc4188e077c2cdeb5de0a8252aafbee948f86db62aae6e9e74abc89e6f6021a4db140":"8361b680243b1661d6f1df53db363cae41c2ebb7438c00606d76b9c2a253faa1f09d6f520d69d692ec1dca0c7885119c"
+
+SHA3_384 short #70
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"c434d88468f1eda23848d0804b476933f24baeadec69743dd90d8455f1e1f290f6f1aaf3670c4c74f76d3ab83e9bef21ad8d9208c712ca478e70d5fb3c4bd48834c969dd38f484":"9c26e96fcc09a76cc13d24ad25c9cef4300e96e97e4fb59b441baffed07f6a70b1464f2548c7fd7839810dbb9e9c1e18"
+
+SHA3_384 short #71
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3064e5ba1e7751bf7198e0811ff4d4ca17d1311c25d9c3a316b562691cde75c974b0b52645c134ddcc709d77b6c1bd24cd684265d723c308bb4d0159e6b16d97ed9ceaa57436d302":"1ea779739b204abe911b4923e6f60fece271eedfc7f074fe1919f0cbc6ce2a99234b003389520884b660165f5a1e80f8"
+
+SHA3_384 short #72
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"89d9521ad84b1c9afc2fbd0edc227193acd3330764b0d2cb71bf47c7aac946af85be13858b55976009f3b36b09ced4308052c817c9c4d0295225f61a9659a0874b88667cdcc5213919":"4209bb8f869f6f17c8d5c368c489ac51a75e24a85a12de1b16fefc292ce636ff8fa360e82f05684f6b0b074ba370a933"
+
+SHA3_384 short #73
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3216662da0227993d88288187177a0287de4eccf245d7c718b8045bbfb8869d93f1fb9e94d7478b0298e628c07e0edaab01dcf79264dc05f8b2181aa3f831dc949726fbcf80de4c9c9ed":"64c45e018cfbc88f8f4ffe3cef0df3a94aab3049fafae28e28efbb2a4b94809eb302caf901010abfa194f72965663d35"
+
+SHA3_384 short #74
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"e776e6749c5b6c7def59cb98340984539280a9874f80412d4df0ee73d58acd1094d49ed4e35125834cf8cfe349e599144e4f2e200aba4fd3eb6d78cde027c1d5620e0270b5e83ab26b8d32":"94bd67b7f2587b0bda5487cc45d00e4365f1ee40073cdf0d23a5ea3fba01eef42a46bfbac5306d67be02d8d918ae5c9a"
+
+SHA3_384 short #75
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"5d8f84b2f208b58a68e88ce8efb543a8404f0ec0c9805c760ad359d13faab84d3f8bb1d2a4bb45e72c0ec9245ffda2e572f94e466cffa44b876d5c5ed914d1ff338e06b74ad1e74d1405d23d":"947350307748c29467f00103d0a07c3c228c5f494fc88fe2352ca5d10449d0dda7076780c05439a09694eb528d1f477a"
+
+SHA3_384 short #76
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"357d5765595065efe281afb8d021d4764fba091adde05e02af0a437051a04a3b8e552ec48fb7152c470412c40e40eec58b842842d8993a5ae1c61eb20de5112321bc97af618bbfbaf8e2a87699":"32286970204c3451958f5155f090448f061dd81b136a14592a3204c6b08e922ee5bb6d6534dbf8efb4bb7387092c8400"
+
+SHA3_384 short #77
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a8cb78e1485cbb7a9474c1c1f8e0f307cda5139a7e947df5ea20ac330a6dffcad4a9bd755f9f58724789eeee532615be550dd84f5241fde0e3058aeedbf287f02a460445027f5e6b3829bf71ecf4":"51168bfeef8a981c0def0c4cb067baf15ce5feb8d5f7e9d6076b2836267391aee1fd3a0b5d3434ceb5cf2d6fa06fa063"
+
+SHA3_384 short #78
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"81acca82545e767ab59dcc750a09849cebad08ff31c9297f4fd510ebe6c27769938319180ccc66f36b1a7cf9c9f3538b0f6f371509f77cf0bc4d6d87facc85b933f2e27f8e1bf6cf388f80c0fcbfba":"4ae44d6509986893a8414753b57d11f9c554d89c15ad6d70687c56c6c2ac73537acbb0d51f48e6bea6cf762d58890d7a"
+
+SHA3_384 short #79
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"94987498b1ca87a6f3fa4b999db726115c455d0ec24029b2f5810e49a94668864b8c470f7fc07c3dcd97f41c973b45ba4fa7879ee7546596881573b6863fc39d940eb3fa3444084f721341f5d23d2561":"a733b118be72a187ddcbe5ba67e04b589f9cd9f8482c4bd9d64c580aba7d19d2d1f9c1ddf95fe6efdeffd44f67fcabb5"
+
+SHA3_384 short #80
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"de6b32c2d40d0659166db235259b530ea43f44e75d8b3e9e856ec4c1410bbea3696964af8b6c5dfd3304282369a4bc4e7cf66b91fecd0c7c105b59f1e0a496336f327440980a34614ee00fff2587d6b813":"17ba30c0b5fc185b3245313b83dd0481145953101128914765784af751745b8a2b6a90a434548f3adaf1f07f18649890"
+
+SHA3_384 short #81
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"854211bedacc19f77b46cfa447a4ad672ea9b643f09f5cf5274ba28888207e2466b38127776fb976db8ad7165a378df6ee1e3a0f8109c9aff7e0d6126fd71333c6e6ebe15d7a65151d6a4a83b82c8a6f3149":"ca85632a9f7c32ac4705c6458770025dda4fd07a8d5d6921b897b0da490d64400587649f2d20bf608b9a18d071b63b48"
+
+SHA3_384 short #82
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"822373d9d3d5b06a8da48a43095740fb98c9caf717350fd2c3b058024ff705b9346b7f0a495a6d4d93802bc45ece777f8c6a6e7c2ef6b8135115ff911a2ba5241665b6f7cbfa1b9d93b011b3aaa1dac1853fb2":"6e84587c8c6e54353a6032e7505902ef7f0f0538dd1bb32922e13a7d4d98c47a541015381eab27e9186398120da7fb32"
+
+SHA3_384 short #83
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"c04b701f688092bbd1cf4217bc4b5877f2e60c087bdac46611482a61d51f820140403bc85be0c336332da0938734bde8c502014f3509266c73c6c93c22a1bd0ddf15a5ce7410c2894e9d092e32c079922ba1abb7":"75c585503f15a526113608bc183180b1cb80f4d1b466c576bf021b1ce7a1528391f70e10446681849fa8a643cb2b6828"
+
+SHA3_384 short #84
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"009dd821cbed1235880fe647e191fe6f6555fdc98b8aad0ff3da5a6df0e5799044ef8e012ad54cb19a46fdd5c82f24f3ee77613d4bed961f6b7f4814aaac48bdf43c9234ce2e759e9af2f4ff16d86d5327c978dad5":"02a09d37d31e4365c26bec0eaacecf29eea4e8d21ab915dd605248764d964f10ebb8fafdb591982d33869a1d08a7e313"
+
+SHA3_384 short #85
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"0b7dd6709d55e0d526d64c0c5af40acf595be353d705be7b7a0b1c4c83bbe6a1b1ec681f628e9d6cfc85ad9c8bb8b4ecac64c5b3a9b72f95e59afefa7bcec5be223a9b2b54836424afde52a29b22ab652d22cce34b39":"5c84ae39d959b79555231746ad5b33689a31720ed0070f6772147977edd0aead07fb8b7b71b0bd587ebc5c1a80d564c7"
+
+SHA3_384 short #86
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3e9b65d7bf4239420afa8639c8195b63902b24495b95c4143978e49843d88a92d1feed2eed1a88cd072d6d04ea26dce8ee4b14896fdb69bc7ff2971ed8ac5655148d2e9921218d74efdf17c56b533d0bb17d11e07d7458":"ab7890d1b51af10285752bf9da5eee5c3e87a285dc33262d0261aa9a575f303e94845d7ab21b48f4e6884568cd78b550"
+
+SHA3_384 short #87
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"9436da433d1ebd10b946b129cb34bccec9b8f705aaba3f8561352ed36a8449aba2dd7ba15b1bc308b0c02913163af63a346524dff5521432db477f529606afb5d552efc95cb040db566b4d39eddaa19319e518a7b5c6931e":"968ae9104f9c907c5a72936250dfedd62cd04f6e5ddd2c113490808a11884449aaef5d013ea3993a6cb6fc5c08754408"
+
+SHA3_384 short #88
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"37254bf9bc7cd4ed72e72b6bb623a0cc8eeb963d827aef65ad4bc54913235b6d3551533ce33421aa52ffbf186eb9a2787188eeb1b52ee645c6d4a631bc071415c80014940c28fbfeb0db472c326c8dacfd6ab21f3e225edef3":"975e10fac9aa77b780e5f6c2151ec4a3c72ff26e41233cc774c074df1b78cce5af1191ba955a0bce15926ae691b0ffe7"
+
+SHA3_384 short #89
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"79e77cd08a6ef770bbe4bedf61557ea632b42d78637149670d4d6157d56ed7b2ccaee45d9439dcebc557b4118e86c15aa0ccc21c474b21abda1676cc56434d6d46422993e66dc99387dfa985358accf69884b9dd18a2c4d04448":"94729f5f99a54f5a3ea69233ff9d522392d4596eb6ac2bbb07492ece3c67317412bb47ae317ddd20536c3adc003862f1"
+
+SHA3_384 short #90
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"64b76cb554f6becc238a3fcfc3eb97993667ec82fdc3fb28d42567709c3250c7997328aeddfdc2750451ac462281bf66fa94f4b8712c7a8342660574f20268e707c466627519c56259fea55be91e10faab3ad2ade6ce8b6557f202":"26d48ef5067d704ee9e2a64e399de23068908b3c911ffc4056c168362c37385c92d37d51354b6505a82c4d22fec37eaa"
+
+SHA3_384 short #91
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3df27829bfb1ab7d381f146b30370ef56b392b73b35b1be5d8bbcf88f499dda7f3c327b45350b8972991ee466545de96560cf451711fda884e3d9b2af3e909d655d25cee1c931beda79c40fa507097bdf1126771a7b9543ad5cb84b9":"5fa4ebfa24150236c03409f0857b31cb95b0150f381c8858b01559957b1268f73c698709233e6b15468675a102d0c5e5"
+
+SHA3_384 short #92
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"b00f4e67ca08ccfa32b2698f70411d8f570f69c896e18ec8896cfe89551810543303f7df0c49f5b94783cce7df8d76d0b88d155633302d46003711f233339b1c9a8c20164ec8a328890a4932b7d90d92d023b548e4820558f8bd327010":"eaa756b5892fdfc793d74e3f9f4d6c7a5a6a2241dd11e0c38ced59c8ec7be377a41d1d06774a5970ce9722d8e119d0ad"
+
+SHA3_384 short #93
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"a4f95f6a46a9cbf384a7e98e102d1fdc96839d1bf26b35a5a0bd6cb9734fd17e8a178d4581943c0fe469fb4fe94cc2f15e1ef59ae05b35324eb57ca07dfc69d42d41d80b3c3bb64e1aea143c7d79790a56697dc803ec93e6c68f27f6761c":"1aff8d9c64f0c162ed0195d1f3a342a010d14be0636903c48020ba42de1cfa8b98ae2142d89af3e69e9eb4c735857dd1"
+
+SHA3_384 short #94
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"02713084bf93fdc35135515243c3bc0f4b2b447f2d3461c0dc104cbfe23479ab036762a91d1987c953f7b3386abc80b8734a1d4eabf94f3a9f2fb62c943152b5253846fc2ec8dbb2e93dc74857a7b05fe2d7ec8040ba8b0d9ae69777ee739a":"84da02114e341a3636f00822b32bd21a8a1f7b39f2956bd97f39346fedf9aae63b304c65c93a541e8bcda549576d5f27"
+
+SHA3_384 short #95
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"00ce225eaea24843406fa42cc8450e66f76ac9f549b8591f7d40942f4833fc734a034c8741c551d57ddafb5d94ceb4b25680f045038306e6bcc53e88386e2b45b80b3ba23dec8c13f8ca01c202ae968c4d0df04cdb38395d2df42a5aff646928":"81d6e0d96575a9b8ca083ee9ec2ead57ddf72b97d7709086a2f4a749d3f61d16423463487562c7f09aba1b26e8cae47b"
+
+SHA3_384 short #96
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"7af3feed9b0f6e9408e8c0397c9bb671d0f3f80926d2f48f68d2e814f12b3d3189d8174897f52a0c926ccf44b9d057cc04899fdc5a32e48c043fd99862e3f761dc3115351c8138d07a15ac23b8fc5454f0373e05ca1b7ad9f2f62d34caf5e1435c":"00e95f4e8a32a03e0a3afba0fd62c7c3c7120b41e297a7ff14958c0bdf015a478f7bab9a22082bfb0d206e88f4685117"
+
+SHA3_384 short #97
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"2eae76f4e7f48d36cd83607813ce6bd9ab0ecf846ad999df67f64706a4708977f0e9440f0b31dc350c17b355007fed90d4b577b175014763357ce5a271212a70702747c98f8f0ad89bf95d6b7fbb10a51f34d8f2835e974038a3dd6df3f2affb7811":"eb396cfaf26ee2775af3c9a3a3047664ca34cbc228ccbb966df187d518717df6a328ecc316ed0ed09b170080eccc486f"
+
+SHA3_384 short #98
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"093e56d33bd9337ad2ad268d14bac69a64a8a7361350cf9f787e69a043f5beb50eb460703578a81be882639f7e9ac9a50c54affa3792fd38464a61a37c8a4551a4b9ff8eed1f487ef8a8f00430e4d0e35a53ff236ce049b7a3abdc5cd00b45c4f3d49b":"4a339128486e5b274fc4ed538c0ec9e57f780e9c500c5f92b04ae81a22fbeebf3785259a0bb3b6d9b47f31873cd8dffa"
+
+SHA3_384 short #99
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"0593babe7a6202077c026e253cb4c60ee7bad7b1c31a20da7aa0ce56b622eb57ed07d21a7f0ae6c6fe3c8398cc48353decfb287f1204e024fcf82a13059953b9f85797ab2217dc8dab34a13226c33104661c1ca79396e7d97e91039d32bafc98cc8af3bb":"5981815c1618cc49cd5cf71a4b7b32b8cd7b7ef553bfaef2149ac723ff2582a2d345c5bd05943e155ced1e5f091c5601"
+
+SHA3_384 short #100
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"ae1828047c5f82a7b9712f3399832124b892f2f7aea51c8fe3536cd6a584b4a7777cc1ecac158c03354bb467b8fe2c8ce2f4310afd1e80fec51cc5ad7702566b2c5d21bc6571e4b8e7c59cb4c9e23f1ecb57ada9e900e4aa308874c2d12d34be74c332bbce":"7257f5bfa7d33d1cf5f4550d0cb78750e84c5b7d25027da6acec64bdf30879a0e5c97fe7c468e743aa5ec2bddb29d193"
+
+SHA3_384 short #101
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"3bceedf5df8fe699871decb7dd48203e2518fb0fce0f865f46adce5c133a921320bf40915456204869a3ceb5fca3ed40e0a41a64b8951f0fc580694cfc55bd1f5ce926b07e3e32ac6e055de9b961ce49c7ee41e06b024559b933a79518192e969855889c85d1":"60d7f8bd85fb7a13701db5aded2b7771ab5e476ec34f1fd4298978defbd2b31bb2979391559a164b3ed28f6a39031a11"
+
+SHA3_384 short #102
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"6c36147652e71b560becbca1e7656c81b4f70bece26321d5e55e67a3db9d89e26f2f2a38fd0f289bf7fa22c2877e38d9755412794cef24d7b855303c332e0cb5e01aa50bb74844f5e345108d6811d5010978038b699ffaa370de8473f0cda38b89a28ed6cabaf6":"b1319192df11faa00d3c4b068becc8f1ba3b00e0d1ff1f93c11a3663522fdb92ab3cca389634687c632e0a4b5a26ce92"
+
+SHA3_384 short #103
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_384:"92c41d34bd249c182ad4e18e3b856770766f1757209675020d4c1cf7b6f7686c8c1472678c7c412514e63eb9f5aee9f5c9d5cb8d8748ab7a5465059d9cbbb8a56211ff32d4aaa23a23c86ead916fe254cc6b2bff7a9553df1551b531f95bb41cbbc4acddbd372921":"71307eec1355f73e5b726ed9efa1129086af81364e30a291f684dfade693cc4bc3d6ffcb7f3b4012a21976ff9edcab61"
+
+SHA3_512 short #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1"
+
+SHA3_512 short #1
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"ef26":"809b4124d2b174731db14585c253194c8619a68294c8c48947879316fef249b1575da81ab72aad8fae08d24ece75ca1be46d0634143705d79d2f5177856a0437"
+
+SHA3_512 short #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"37d518":"4aa96b1547e6402c0eee781acaa660797efe26ec00b4f2e0aec4a6d10688dd64cbd7f12b3b6c7f802e2096c041208b9289aec380d1a748fdfcd4128553d781e3"
+
+SHA3_512 short #3
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"fc7b8cda":"58a5422d6b15eb1f223ebe4f4a5281bc6824d1599d979f4c6fe45695ca89014260b859a2d46ebf75f51ff204927932c79270dd7aef975657bb48fe09d8ea008e"
+
+SHA3_512 short #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"4775c86b1c":"ce96da8bcd6bc9d81419f0dd3308e3ef541bc7b030eee1339cf8b3c4e8420cd303180f8da77037c8c1ae375cab81ee475710923b9519adbddedb36db0c199f70"
+
+SHA3_512 short #5
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef"
+
+SHA3_512 short #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"ec83d707a1414a":"84fd3775bac5b87e550d03ec6fe4905cc60e851a4c33a61858d4e7d8a34d471f05008b9a1d63044445df5a9fce958cb012a6ac778ecf45104b0fcb979aa4692d"
+
+SHA3_512 short #7
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"af53fa3ff8a3cfb2":"03c2ac02de1765497a0a6af466fb64758e3283ed83d02c0edb3904fd3cf296442e790018d4bf4ce55bc869cebb4aa1a799afc9d987e776fef5dfe6628e24de97"
+
+SHA3_512 short #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"3d6093966950abd846":"53e30da8b74ae76abf1f65761653ebfbe87882e9ea0ea564addd7cfd5a6524578ad6be014d7799799ef5e15c679582b791159add823b95c91e26de62dcb74cfa"
+
+SHA3_512 short #9
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"1ca984dcc913344370cf":"6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816"
+
+SHA3_512 short #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"fc7b8cdadebe48588f6851":"c8439bb1285120b3c43631a00a3b5ac0badb4113586a3dd4f7c66c5d81012f7412617b169fa6d70f8e0a19e5e258e99a0ed2dcfa774c864c62a010e9b90ca00d"
+
+SHA3_512 short #11
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"ecb907adfb85f9154a3c23e8":"94ae34fed2ef51a383fb853296e4b797e48e00cad27f094d2f411c400c4960ca4c610bf3dc40e94ecfd0c7a18e418877e182ca3ae5ca5136e2856a5531710f48"
+
+SHA3_512 short #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"d91a9c324ece84b072d0753618":"fb1f06c4d1c0d066bdd850ab1a78b83296eba0ca423bb174d74283f46628e6095539214adfd82b462e8e9204a397a83c6842b721a32e8bb030927a568f3c29e6"
+
+SHA3_512 short #13
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"c61a9188812ae73994bc0d6d4021":"069e6ab1675fed8d44105f3b62bbf5b8ff7ae804098986879b11e0d7d9b1b4cb7bc47aeb74201f509ddc92e5633abd2cbe0ddca2480e9908afa632c8c8d5af2a"
+
+SHA3_512 short #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"a6e7b218449840d134b566290dc896":"3605a21ce00b289022193b70b535e6626f324739542978f5b307194fcf0a5988f542c0838a0443bb9bb8ff922a6a177fdbd12cf805f3ed809c48e9769c8bbd91"
+
+SHA3_512 short #15
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"054095ba531eec22113cc345e83795c7":"f3adf5ccf2830cd621958021ef998252f2b6bc4c135096839586d5064a2978154ea076c600a97364bce0e9aab43b7f1f2da93537089de950557674ae6251ca4d"
+
+SHA3_512 short #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"5b1ec1c4e920f5b995b6a788b6e989ac29":"135eea17ca4785482c19cd668b8dd2913216903311fa21f6b670b9b573264f8875b5d3c071d92d63556549e523b2af1f1a508bd1f105d29a436f455cd2ca1604"
+
+SHA3_512 short #17
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"133b497b00932773a53ba9bf8e61d59f05f4":"783964a1cf41d6d210a8d7c81ce6970aa62c9053cb89e15f88053957ecf607f42af08804e76f2fbdbb31809c9eefc60e233d6624367a3b9c30f8ee5f65be56ac"
+
+SHA3_512 short #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"88c050ea6b66b01256bda299f399398e1e3162":"6bf7fc8e9014f35c4bde6a2c7ce1965d9c1793f25c141021cc1c697d111363b3854953c2b4009df41878b5558e78a9a9092c22b8baa0ed6baca005455c6cca70"
+
+SHA3_512 short #19
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"d7d5363350709e96939e6b68b3bbdef6999ac8d9":"7a46beca553fffa8021b0989f40a6563a8afb641e8133090bc034ab6763e96d7b7a0da4de3abd5a67d8085f7c28b21a24aefb359c37fac61d3a5374b4b1fb6bb"
+
+SHA3_512 short #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"54746a7ba28b5f263d2496bd0080d83520cd2dc503":"d77048df60e20d03d336bfa634bc9931c2d3c1e1065d3a07f14ae01a085fe7e7fe6a89dc4c7880f1038938aa8fcd99d2a782d1bbe5eec790858173c7830c87a2"
+
+SHA3_512 short #21
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"73df7885830633fc66c9eb16940b017e9c6f9f871978":"0edee1ea019a5c004fd8ae9dc8c2dd38d4331abe2968e1e9e0c128d2506db981a307c0f19bc2e62487a92992af77588d3ab7854fe1b68302f796b9dcd9f336df"
+
+SHA3_512 short #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"14cb35fa933e49b0d0a400183cbbea099c44995fae1163":"af2ef4b0c01e381b4c382208b66ad95d759ec91e386e953984aa5f07774632d53b581eba32ed1d369c46b0a57fee64a02a0e5107c22f14f2227b1d11424becb5"
+
+SHA3_512 short #23
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"75a06869ca2a6ea857e26e78bb78a139a671ccb098d8205a":"88be1934385522ae1d739666f395f1d7f99978d62883a261adf5d618d012dfab5224575634446876b86b3e5f7609d397d338a784b4311027b1024ddfd4995a0a"
+
+SHA3_512 short #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"b413ab364dd410573b53f4c2f28982ca07061726e5d999f3c2":"289e889b25f9f38facfccf3bdbceea06ef3baad6e9612b7232cd553f4884a7a642f6583a1a589d4dcb2dc771f1ff6d711b85f731145a89b100680f9a55dcbb3f"
+
+SHA3_512 short #25
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"d7f9053984213ebabc842fd8ce483609a9af5dc140ecdbe63336":"f167cb30e4bacbdc5ed53bc615f8c9ea19ad4f6bd85ca0ff5fb1f1cbe5b576bda49276aa5814291a7e320f1d687b16ba8d7daab2b3d7e9af3cd9f84a1e9979a1"
+
+SHA3_512 short #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"9b7f9d11be48e786a11a472ab2344c57adf62f7c1d4e6d282074b6":"82fa525d5efaa3cce39bffef8eee01afb52067097f8965cde71703345322645eae59dbaebed0805693104dfb0c5811c5828da9a75d812e5562615248c03ff880"
+
+SHA3_512 short #27
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"115784b1fccfabca457c4e27a24a7832280b7e7d6a123ffce5fdab72":"ec12c4ed5ae84808883c5351003f7e26e1eaf509c866b357f97472e5e19c84f99f16dbbb8bfff060d6c0fe0ca9c34a210c909b05f6a81f441627ce8e666f6dc7"
+
+SHA3_512 short #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"c3b1ad16b2877def8d080477d8b59152fe5e84f3f3380d55182f36eb5f":"4b9144edeeec28fd52ba4176a78e080e57782d2329b67d8ac8780bb6e8c2057583172af1d068922feaaff759be5a6ea548f5db51f4c34dfe7236ca09a67921c7"
+
+SHA3_512 short #29
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"4c66ca7a01129eaca1d99a08dd7226a5824b840d06d0059c60e97d291dc4":"567c46f2f636223bd5ed3dc98c3f7a739b42898e70886f132eac43c2a6fadabe0dd9f1b6bc4a9365e5232295ac1ac34701b0fb181d2f7f07a79d033dd426d5a2"
+
+SHA3_512 short #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"481041c2f56662316ee85a10b98e103c8d48804f6f9502cf1b51cfa525cec1":"46f0058abe678195b576df5c7eb8d739468cad1908f7953ea39c93fa1d96845c38a2934d23804864a8368dae38191d983053ccd045a9ab87ef2619e9dd50c8c1"
+
+SHA3_512 short #31
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"7c1688217b313278b9eae8edcf8aa4271614296d0c1e8916f9e0e940d28b88c5":"627ba4de74d05bb6df8991112e4d373bfced37acde1304e0f664f29fa126cb497c8a1b717b9929120883ec8898968e4649013b760a2180a9dc0fc9b27f5b7f3b"
+
+SHA3_512 short #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"785f6513fcd92b674c450e85da22257b8e85bfa65e5d9b1b1ffc5c469ad337d1e3":"5c11d6e4c5c5f76d26876c5976b6f555c255c785b2f28b6700ca2d8b3b3fa585636239277773330f4cf8c5d5203bcc091b8d47e7743bbc0b5a2c54444ee2acce"
+
+SHA3_512 short #33
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"34f4468e2d567b1e326c0942970efa32c5ca2e95d42c98eb5d3cab2889490ea16ee5":"49adfa335e183c94b3160154d6698e318c8b5dd100b0227e3e34cabea1fe0f745326220f64263961349996bbe1aae9054de6406e8b350408ab0b9f656bb8daf7"
+
+SHA3_512 short #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"53a0121c8993b6f6eec921d2445035dd90654add1298c6727a2aed9b59bafb7dd62070":"918b4d92e1fcb65a4c1fa0bd75c562ac9d83186bb2fbfae5c4784de31a14654546e107df0e79076b8687bb3841c83ba9181f9956cd43428ba72f603881b33a71"
+
+SHA3_512 short #35
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"d30fa4b40c9f84ac9bcbb535e86989ec6d1bec9b1b22e9b0f97370ed0f0d566082899d96":"39f104c1da4af314d6bceb34eca1dfe4e67484519eb76ba38e4701e113e6cbc0200df86e4439d674b0f42c72233360478ba5244384d28e388c87aaa817007c69"
+
+SHA3_512 short #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"f34d100269aee3ead156895e8644d4749464d5921d6157dffcbbadf7a719aee35ae0fd4872":"565a1dd9d49f8ddefb79a3c7a209f53f0bc9f5396269b1ce2a2b283a3cb45ee3ae652e4ca10b26ced7e5236227006c94a37553db1b6fe5c0c2eded756c896bb1"
+
+SHA3_512 short #37
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"12529769fe5191d3fce860f434ab1130ce389d340fca232cc50b7536e62ad617742e022ea38a":"daee10e815fff0f0985d208886e22f9bf20a3643eb9a29fda469b6a7dcd54b5213c851d6f19338d63688fe1f02936c5dae1b7c6d5906a13a9eeb934400b6fe8c"
+
+SHA3_512 short #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"b2e3a0eb36bf16afb618bfd42a56789179147effecc684d8e39f037ec7b2d23f3f57f6d7a7d0bb":"04029d6d9e8e394afa387f1d03ab6b8a0a6cbab4b6b3c86ef62f7142ab3c108388d42cb87258b9e6d36e5814d8a662657cf717b35a5708365e8ec0396ec5546b"
+
+SHA3_512 short #39
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"25c4a5f4a07f2b81e0533313664bf615c73257e6b2930e752fe5050e25ff02731fd2872f4f56f727":"ec2d38e5bb5d7b18438d5f2029c86d05a03510db0e66aa299c28635abd0988c58be203f04b7e0cc25451d18f2341cd46f8705d46c2066dafab30d90d63bf3d2c"
+
+SHA3_512 short #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"134bb8e7ea5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0a09921237acd7d66f4da23480b9c1222":"8f966aef96831a1499d63560b2578021ad970bf7557b8bf8078b3e12cefab122fe71b1212dc704f7094a40b36b71d3ad7ce2d30f72c1baa4d4bbccb3251198ac"
+
+SHA3_512 short #41
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"f793256f039fad11af24cee4d223cd2a771598289995ab802b5930ba5c666a24188453dcd2f0842b8152":"22c3d9712535153a3e206b1033929c0fd9d937c39ba13cf1a6544dfbd68ebc94867b15fda3f1d30b00bf47f2c4bf41dabdeaa5c397dae901c57db9cd77ddbcc0"
+
+SHA3_512 short #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"23cc7f9052d5e22e6712fab88e8dfaa928b6e015ca589c3b89cb745b756ca7c7634a503bf0228e71c28ee2":"6ecf3ad6064218ee101a555d20fab6cbeb6b145b4eeb9c8c971fc7ce05581a34b3c52179590e8a134be2e88c7e549875f4ff89b96374c6995960de3a5098cced"
+
+SHA3_512 short #43
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"a60b7b3df15b3f1b19db15d480388b0f3b00837369aa2cc7c3d7315775d7309a2d6f6d1371d9c875350dec0a":"8d651605c6b32bf022ea06ce6306b2ca6b5ba2781af87ca2375860315c83ad88743030d148ed8d73194c461ec1e84c045fc914705747614c04c8865b51da94f7"
+
+SHA3_512 short #44
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"2745dd2f1b215ea509a912e5761cccc4f19fa93ba38445c528cb2f099de99ab9fac955baa211fd8539a671cdb6":"4af918eb676ce278c730212ef79d818773a76a43c74d643f238e9b61acaf4030c617c4d6b3b7514c59b3e5e95d82e1e1e35443e851718b13b63e70b123d1b72c"
+
+SHA3_512 short #45
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"88adee4b46d2a109c36fcfb660f17f48062f7a74679fb07e86cad84f79fd57c86d426356ec8e68c65b3caa5bc7ba":"6257acb9f589c919c93c0adc4e907fe011bef6018fbb18e618ba6fcc8cbc5e40641be589e86dbb0cf7d7d6bf33b98d8458cce0af7857f5a7c7647cf350e25af0"
+
+SHA3_512 short #46
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"7d40f2dc4af3cfa12b00d64940dc32a22d66d81cb628be2b8dda47ed6728020d55b695e75260f4ec18c6d74839086a":"5c46c84a0a02d898ed5885ce99c47c77afd29ae015d027f2485d630f9b41d00b7c1f1faf6ce57a08b604b35021f7f79600381994b731bd8e6a5b010aeb90e1eb"
+
+SHA3_512 short #47
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"3689d8836af0dc132f85b212eb670b41ecf9d4aba141092a0a8eca2e6d5eb0ba4b7e61af9273624d14192df7388a8436":"17355e61d66e40f750d0a9a8e8a88cd6f9bf6070b7efa76442698740b4487ea6c644d1654ef16a265204e03084a14cafdccf8ff298cd54c0b4009967b6dd47cc"
+
+SHA3_512 short #48
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"58ff23dee2298c2ca7146227789c1d4093551047192d862fc34c1112d13f1f744456cecc4d4a02410523b4b15e598df75a":"aca89aa547c46173b4b2a380ba980da6f9ac084f46ac9ddea5e4164aeef31a9955b814a45aec1d8ce340bd37680952c5d68226dda1cac2677f73c9fd9174fd13"
+
+SHA3_512 short #49
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"67f3f23df3bd8ebeb0096452fe4775fd9cc71fbb6e72fdcc7eb8094f42c903121d0817a927bcbabd3109d5a70420253deab2":"f4207cc565f266a245f29bf20b95b5d9a83e1bb68ad988edc91faa25f25286c8398bac7dd6628259bff98f28360f263dfc54c4228bc437c5691de1219b758d9f"
+
+SHA3_512 short #50
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"a225070c2cb122c3354c74a254fc7b84061cba33005cab88c409fbd3738ff67ce23c41ebef46c7a61610f5b93fa92a5bda9569":"e815a9a4e4887be014635e97958341e0519314b3a3289e1835121b153b462272b0aca418be96d60e5ab355d3eb463697c0191eb522b60b8463d89f4c3f1bf142"
+
+SHA3_512 short #51
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"6aa0886777e99c9acd5f1db6e12bda59a807f92411ae99c9d490b5656acb4b115c57beb3c1807a1b029ad64be1f03e15bafd91ec":"241f2ebaf7ad09e173b184244e69acd7ebc94774d0fa3902cbf267d4806063b044131bcf4af4cf180eb7bd4e7960ce5fe3dc6aebfc6b90eec461f414f79a67d9"
+
+SHA3_512 short #52
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"6a06092a3cd221ae86b286b31f326248270472c5ea510cb9064d6024d10efee7f59e98785d4f09da554e97cdec7b75429d788c112f":"d14a1a47f2bef9e0d4b3e90a6be9ab5893e1110b12db38d33ffb9a61e1661aecc4ea100839cfee58a1c5aff72915c14170dd99e13f71b0a5fc1985bf43415cb0"
+
+SHA3_512 short #53
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"dfc3fa61f7fffc7c88ed90e51dfc39a4f288b50d58ac83385b58a3b2a3a39d729862c40fcaf9bc308f713a43eecb0b72bb9458d204ba":"947bc873dc41df195f8045deb6ea1b840f633917e79c70a88d38b8862197dc2ab0cc6314e974fb5ba7e1703b22b1309e37bd430879056bdc166573075a9c5e04"
+
+SHA3_512 short #54
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"52958b1ff0049efa5d050ab381ec99732e554dcd03725da991a37a80bd4756cf65d367c54721e93f1e0a22f70d36e9f841336956d3c523":"9cc5aad0f529f4bac491d733537b69c8ec700fe38ab423d815e0927c8657f9cb8f4207762d816ab697580122066bc2b68f4177335d0a6e9081540779e572c41f"
+
+SHA3_512 short #55
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"302fa84fdaa82081b1192b847b81ddea10a9f05a0f04138fd1da84a39ba5e18e18bc3cea062e6df92ff1ace89b3c5f55043130108abf631e":"8c8eaae9a445643a37df34cfa6a7f09deccab2a222c421d2fc574bbc5641e504354391e81eb5130280b1226812556d474e951bb78dbdd9b77d19f647e2e7d7be"
+
+SHA3_512 short #56
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"b82f500d6bc2dddcdc162d46cbfaa5ae64025d5c1cd72472dcd2c42161c9871ce329f94df445f0c8aceecafd0344f6317ecbb62f0ec2223a35":"55c69d7accd179d5d9fcc522f794e7af5f0eec7198ffa39f80fb55b866c0857ff3e7aeef33e130d9c74ef90606ca821d20b7608b12e6e561f9e6c7122ace3db0"
+
+SHA3_512 short #57
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"86da9107ca3e16a2b58950e656a15c085b88033e79313e2c0f92f99f06fa187efba5b8fea08eb7145f8476304180dd280f36a072b7eac197f085":"0d3b1a0459b4eca801e0737ff9ea4a12b9a483a73a8a92742a93c297b7149326bd92c1643c8177c8924482ab3bbd916c417580cc75d3d3ae096de531bc5dc355"
+
+SHA3_512 short #58
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"141a6eafe157053e780ac7a57b97990616ce1759ed132cb453bcdfcabdbb70b3767da4eb94125d9c2a8d6d20bfaeacc1ffbe49c4b1bb5da7e9b5c6":"bdbdd5b94cdc89466e7670c63ba6a55b58294e93b351261a5457bf5a40f1b5b2e0acc7fceb1bfb4c8872777eeeaff7927fd3635ca18c996d870bf86b12b89ba5"
+
+SHA3_512 short #59
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"6e0c65ee0943e34d9bbd27a8547690f2291f5a86d713c2be258e6ac16919fe9c4d491895d3a961bb97f5fac255891a0eaa18f80e1fa1ebcb639fcfc1":"39ebb992b8d39daae973e3813a50e9e79a67d8458a6f17f97a6dd30dd7d11d95701a11129ffeaf7d45781b21cac0c4c034e389d7590df5beeb9805072d0183b9"
+
+SHA3_512 short #60
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"57780b1c79e67fc3beaabead4a67a8cc98b83fa7647eae50c8798b96a516597b448851e93d1a62a098c4767333fcf7b463ce91edde2f3ad0d98f70716d":"3ef36c3effad6eb5ad2d0a67780f80d1b90efcb74db20410c2261a3ab0f784429df874814748dc1b6efaab3d06dd0a41ba54fce59b67d45838eaa4aa1fadfa0f"
+
+SHA3_512 short #61
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"bcc9849da4091d0edfe908e7c3386b0cadadb2859829c9dfee3d8ecf9dec86196eb2ceb093c5551f7e9a4927faabcfaa7478f7c899cbef4727417738fc06":"1fcd8a2c7b4fd98fcdc5fa665bab49bde3f9f556aa66b3646638f5a2d3806192f8a33145d8d0c535c85adff3cc0ea3c2715b33cec9f8886e9f4377b3632e9055"
+
+SHA3_512 short #62
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"05a32829642ed4808d6554d16b9b8023353ce65a935d126602970dba791623004dede90b52ac7f0d4335130a63cba68c656c139989614de20913e83db320db":"49d8747bb53ddde6d1485965208670d1130bf35619d7506a2f2040d1129fcf0320207e5b36fea083e84ffc98755e691ad8bd5dc66f8972cb9857389344e11aad"
+
+SHA3_512 short #63
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"56ac4f6845a451dac3e8886f97f7024b64b1b1e9c5181c059b5755b9a6042be653a2a0d5d56a9e1e774be5c9312f48b4798019345beae2ffcc63554a3c69862e":"5fde5c57a31febb98061f27e4506fa5c245506336ee90d595c91d791a5975c712b3ab9b3b5868f941db0aeb4c6d2837c4447442f8402e0e150a9dc0ef178dca8"
+
+SHA3_512 short #64
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"8a229f8d0294fe90d4cc8c875460d5d623f93287f905a999a2ab0f9a47046f78ef88b09445c671189c59388b3017cca2af8bdf59f8a6f04322b1701ec08624ab63":"16b0fd239cc632842c443e1b92d286dd519cfc616a41f2456dd5cddebd10703c3e9cb669004b7f169bb4f99f350ec96904b0e8dd4de8e6be9953dc892c65099f"
+
+SHA3_512 short #65
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"87d6aa9979025b2437ea8159ea1d3e5d6f17f0a5b913b56970212f56de7884840c0da9a72865e1892aa780b8b8f5f57b46fc070b81ca5f00eee0470ace89b1e1466a":"d816acf1797decfe34f4cc49e52aa505cc59bd17fe69dc9543fad82e9cf96298183021f704054d3d06adde2bf54e82a090a57b239e88daa04cb76c4fc9127843"
+
+SHA3_512 short #66
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"0823616ab87e4904308628c2226e721bb4169b7d34e8744a0700b721e38fe05e3f813fe4075d4c1a936d3a33da20cfb3e3ac722e7df7865330b8f62a73d9119a1f2199":"e1da6be4403a4fd784c59be4e71c658a78bb8c5d7d571c5e816fbb3e218a4162f62de1c285f3779781cb5506e29c94e1b7c7d65af2aa71ea5c96d9585b5e45d5"
+
+SHA3_512 short #67
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"7d2d913c2460c09898b20366ae34775b1564f10edea49c073cebe41989bb93f38a533af1f425d3382f8aa40159b567358ee5a73b67df6d0dc09c1c92bf3f9a28124ab07f":"3aa1e19a52b86cf414d977768bb535b7e5817117d436b4425ec8d775e8cb0e0b538072213884c7ff1bb9ca9984c82d65cb0115cc07332b0ea903e3b38650e88e"
+
+SHA3_512 short #68
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"fca5f68fd2d3a52187b349a8d2726b608fccea7db42e906b8718e85a0ec654fac70f5a839a8d3ff90cfed7aeb5ea9b08f487fc84e1d9f7fb831dea254468a65ba18cc5a126":"2c74f846ecc722ea4a1eb1162e231b6903291fffa95dd5e1d17dbc2c2be7dfe549a80dd34487d714130ddc9924aed904ad55f49c91c80ceb05c0c034dae0a0a4"
+
+SHA3_512 short #69
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"881ff70ca34a3e1a0e864fd2615ca2a0e63def254e688c37a20ef6297cb3ae4c76d746b5e3d6bb41bd0d05d7df3eeded74351f4eb0ac801abe6dc10ef9b635055ee1dfbf4144":"9a10a7ce23c0497fe8783927f833232ae664f1e1b91302266b6ace25a9c253d1ecab1aaaa62f865469480b2145ed0e489ae3f3f9f7e6da27492c81b07e606fb6"
+
+SHA3_512 short #70
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"b0de0430c200d74bf41ea0c92f8f28e11b68006a884e0d4b0d884533ee58b38a438cc1a75750b6434f467e2d0cd9aa4052ceb793291b93ef83fd5d8620456ce1aff2941b3605a4":"9e9e469ca9226cd012f5c9cc39c96adc22f420030fcee305a0ed27974e3c802701603dac873ae4476e9c3d57e55524483fc01adaef87daa9e304078c59802757"
+
+SHA3_512 short #71
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3:MBEDTLS_SHA3_512:"0ce9f8c3a990c268f34efd9befdb0f7c4ef8466cfdb01171f8de70dc5fefa92acbe93d29e2ac1a5c2979129f1ab08c0e77de7924ddf68a209cdfa0adc62f85c18637d9c6b33f4ff8":"b018a20fcf831dde290e4fb18c56342efe138472cbe142da6b77eea4fce52588c04c808eb32912faa345245a850346faec46c3a16d39bd2e1ddb1816bc57d2da"
+
+SHA3_224 long #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"31c82d71785b7ca6b651cb6c8c9ad5e2aceb0b0633c088d33aa247ada7a594ff4936c023251319820a9b19fc6c48de8a6f7ada214176ccdaadaeef51ed43714ac0c8269bbd497e46e78bb5e58196494b2471b1680e2d4c6dbd249831bd83a4d3be06c8a2e903933974aa05ee748bfe6ef359f7a143edf0d4918da916bd6f15e26a790cff514b40a5da7f72e1ed2fe63a05b8149587bea05653718cc8980eadbfeca85b7c9c286dd040936585938be7f98219700c83a9443c2856a80ff46852b26d1b1edf72a30203cf6c44a10fa6eaf1920173cedfb5c4cf3ac665b37a86ed02155bbbf17dc2e786af9478fe0889d86c5bfa85a242eb0854b1482b7bd16f67f80bef9c7a628f05a107936a64273a97b0088b0e515451f916b5656230a12ba6dc78":"aab23c9e7fb9d7dacefdfd0b1ae85ab1374abff7c4e3f7556ecae412"
+
+SHA3_224 long #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"ab4f9d765085ccb474be6e2369568292532f6fa4dd9c50d02a7d8fab0fabb56a7f9680a2462c3753fafd3a252f9dddf1eb4a76835acfb59fc2a83441b8674f2995573697245e40549d2883f1d781a153b903e470f2f28e53e9646a66f7a5a7f0d5d9e6dd50e392be44867010c7ca77c1a5a2e1f00dcb82f589f759a1332b65c62766b9fa3483d399d7602a0969400642976e948d13243a8b89aa287ad5c230b47344d7783606aced3dfed86424abf7de77b026ce6cc35d20d1c500794332b0c1a1bc67dfc033c4c360a8a3aa5fd2f19d2db1bf3b807094b949900827e6438ef5991692b539d3c42227a6b362847e9d88a1b6855db7f58760d953690b26bd7258439a7f8409ae53137a3f2f14fa77a2a6bc0aa3bb7a19dd1c69554aae6c6703f3879057d3978c1a9d41bd3f492985aa0064f43fde2fa33ff6e1dfd4961e0aeacd4e3f412b4d35c0c864660d8779705a9c82bb824c405c54f429392e4da66ecfee7ef066139270ee9ccc83be5952ff5c84ffa8938f130cc52129ab825b6a5b585f01ebed13ce074c225f5b7d441cfc58c0c1039a2f127b3982ca7df546d4993027bd78ffb36ac08161063870d23f2df556b214":"d61f04985026eee29d0f9700f8c5aea32ec2c23b1a9357edeb2be20c"
+
+SHA3_224 long #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"1050e9023d6cef2477171a5af4875e12763dc68568ce1d9629e9eefda896b0a431bc3a5186e67d86324671a61afb5058558f03303dc4d98dc6907fbd0f662d6837b71d2b72b941835c6735ed8dc9734b6d75c68a49560182a7acf01dd7548fbccb4a7ad6296ca5e29d804d7874792eb367f6f7d9b40cfb3e7445296528e83e69957b399bd2870f6d9f9ba18ff893eb57ea1a7e66a66e3089d46412dd29aba2373c5442c29592e9ea07bf197941a011009fea43794605082a6f0f93cd032423ed69dd7d939b169a2280f59d80762808762d6d2e5abc58ecebee51947cdddc2a55c31dd3560c9b8addb04415eabfb137813eac285031ef4292f92ffd33e0591d35f31c2a5210a721e33fb4690045c508e977ad17a4cd5373e837b3b63a34256656a0e26cd0cdc4c7fbd64d810a30ebe275827ae59fb70be8b551e4a7d900c86b8073787f186e79e4ef1d184550a8ac2def071b7886189f08c1eecab9586cc8967a13e54d72194ee085bb1c9e19d48e521dad96baa417983ad3b76ed2fea2af4e0e2a31bc26f7cc2386596172afdc1bb7c71df59140dd7de8b554d7db14c704fa025d65b67b2f7a15b99ef0ab58e9dbc5b7ff40e7a191d6792d6c0dbde20650041f568722bae9e11fe833d02f5d2355e4b4fa7da3105c2c5504a7195eb0851ad32dbda2e72c4f87a7d9bf09e806b1117d85b6b6add56605e402af02a8c66ceacff439bbef1686f61755eba4bc9abb97f6f3dcf2ed38d6ec8dee29d0826be448603b73dc21c3b9b6d5245fa895636b70b9c6143a4b81d466bb91c08cd3e915bdeecc130c65":"5c029633dfd4cd9b6ce97e1d20783a41cd2235b03c38832b90f759ee"
+
+SHA3_224 long #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"a63ebf8f97c6529298e4d4b573ca01d65d6758837bdec40fa4367ce56953281d5225454d6b1fcaa2ffeb0c2fa45cdf8477a4fe83a9c7ad6f3b4f9c4605420f51fd513cf9b652f4dc27f08620aea1e10755d9f8c4537e6b8ed69b63f2ff58bd6d2e2a6c3a81471869975d0b319a834e877c700fef80ea4693fd8299925f7f7c9a6e189cb9d3e67e70d798630a6fe9702b76cf0bac39f588a6386c05cd2b9e92004483961eb4176e1a700b565235ba8d1cc960b4a2858677f110c1704c6d9c48c638d320102cc22f8fe91cacb1f4e0ee820089d27a6c865d990ce9a2b72c63e615d270033744cf0af6ca352cd1b542db84a0b42cdcf6db80c9b54d63b571dab4149bc2073c032647779cbda0577fc89b4a33488b6e2c6e29a791537bee43e9faec1a32f3c772af2e3ce61cceee5b5a78fd41adb7db15279f5b2a64b10baa78ffc4d726917f9753066a30b97e3c50e0b8c5504a78c9b9ee2c0e08e9ceb4ae6f0cc55b07a70d7cf8192c03fe7ae96642a4c9ea8996e121ac16e8b1489b9058b669162d3efe182987ada8e552899ea568843296d1d8ca5447a610afebdd48af365ee1d6315e49a4e90b06611d7203163ba027dd8b072c5aa924af8a385f83bbd5334bdc4a8e48f7047b6ffcc8febfc0a13fd1451debb13cb8d8ecc899e8ea857c2f7ec9f058bc2ac2440b40b9f57bac83ab5858f04cff015e09f0f3753f2514149ba2248a824e430ab001b4591fdee0ca2ae39e6cf2beb18201e292332ddb7183bfde7682d5a54cc3057ae0104391665c059a9ef9a597550c06eb2e3d7ab4a2b3e35b463f196a4cd78c9d4d472b3b462384a6e0002c31f4e361334efaee5ab18a4f411c2916444c2d8d9382649d858606ee2fece7503696f15ae17ad25072a5f24ab780a893dc53ad508307d1621630ec8d5c4b18d94b431d381e3b2d6aa787d21ee5fb245ad9693f1c9665f442984bbfa75684f98f1a044f45111773029e5e1111f4140531e496cb3bf3233704b0e06685451ff4394b":"c09d926eaef34cfacc701434da80c340337ba48e8b044b1a60da9cda"
+
+SHA3_224 long #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"0f625082eaee9f064f2501022e4d7df85310de128b17fd5a08db3e2d06b85dedaf446bf73cde13d55e8a22b4dcfc47187df216ce28c753234a456e5378bc4a4456504274b7976e3005642208e4ddb87f12d490079154542c0979810f68852316cb31e0e2a14137810d5b0ae58d195a95da5d53a30fe588de0c1f7f481d3e70cbd78d4a274303f72f3f18e13520d8b5c39c36678ce8a276a11dde71e8e00dbacb420d8a2de50635a26143afdfe5414f6f2206d4a864b4a6de025e5ed6f91a877dd458a6dacf7279423b847dcb247db2033276a2e1cd43a0fb84484efab08e624b5417a918486e4c77978152e125b366e5952eda1d6976ed626b44493c4c91d09c8cf198ce992234a93be536092f0cf17f13d58446827614797ff95884174a5bd9428f7de40bb7bb40f056312b8cb0dd377313a6435e6b9daa881082ba57e28a683f985f41e45569a47e7c4c2f82c6b2777f924afc457c115c4d30d0c65581e5b24bb547cf6c23c53dad018efd5a77f6a6fdf7775981d1f6f697024890594df51f2d8e3c75ed4a5774458a007d5cea332bb6ed36425993d7e22e2ef501ab714118afca461badf2a7af0dc2a898cf48f070721a8e9f14ea3987da5bdcff9213520397116da9f5413e57ce4e9034fdb8b6dcf8268758fbfda64d63310773585cae49ae0dba080d62a3d550d9c03a2c630cd712ba295556f5a59c905a7d464373df53bc64341e3d7b5e8f5b093e93a5707ac9867e7d7f6df9bfdc2a7b465e9c806d8889bee4d4cdb5f8efb7861425b008881a1d198abc87327a75f93f6ba5aaadde4fdcc4d0130437f85c2bf94ada9453bf339f3458f5edc861d0c54bf302b720bc127f1d02c12c2ae63e810ae6999b78a67ad476f013e8e2f953564ae65c09018e38387282c78bb54bfc7f60f2490ba0c658848859fcbea8cc6774e24c9de979dd29d06b560e6901ad00eea475d42df2a53676119b9ab7436175e6bb2eac9fb0304c0faf887d103597b1957d78214997cd7a73babfd31ddb40e3757e937173cd0f0bbce720fbc77a8e773e940218a7b6c68e432bcc913697f21ae9d384d4adf802cda1ba2472d5f81cbaaf901ba18e7816d8ae0bcabb4ca0fe830a6108bd945b92fb84d19ec983d6c8e2b11bcba4480547c27c02c239a51eec859fd12714711b46fb2ed395e8193d1a570cda1b091b84e1b274babbf38938458772cae9c18c63a736676912b7df":"f62851d28512913aff9f697fc17bf46fe4a2548899f29af5d0c412f6"
+
+SHA3_224 long #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"b7b8ac96733943c648cf833e75ca4dee7bb6cce48130fbbff6f96867784937fbf566690b10745f08c68f99f85117c46e4c4bf4ba191a2e5d803529c098695525eb2c1dddd57669bb2dd268ca27b48c3b790dd6a1bd1d53611788e76317ad490ee1334f748be46cc9c6bf771ac148ad3b4a23fa0237e174b2041a28babdbc1aa01ea28738fa696d19d97f4e51e57c305807b6e8434d0f983a8f12772c523fd0c1eca24e91e9ab7693ae3975d85cf81c79f7ed29cec84fc8e0ff9959219ddd745b915b2ae721528e1f8c167515ee63798663f144096f480b8c9ed65801673f0d5556f4a6a26b07bea5bd3ed4726266506693e9c15e0ca36926b2f2fb35780ca3978396472a8d720d0d87d81d5682a8a803cffe29346507ea978414ca2398ed3f09606897e74f3a833f330cd52914d289445f5802f2441d97c55c654e348f8ae79335931d427b07282408048652e18bfb118a1ed7026f8d7799820d0ed0248aa61d493e61a1d78305a250e5b73bb17c07529a792dcbaefe92fb3d3393602196818fe592ec6d2d5421a251daf14b4c4cb4efd5908eb5cb19f1d4d6ff634a4c5582d151b7450f4322840d5508bbea79a40bd1848c81288c859b0a959a08f86d70b0cbd5d4f4ede19637c9a29a9d80022c12deee948f8cbbea9887c22c0ad04e8e1366b9118271d15741c080b61f75ad8bd3ff5dd13e491ef2f131a5dcef3cb658b48844977602da0eaad83985ca32436a561d176a19c77e43adf286d341a36c759a1abf8e5807c3637bfb142e251d8b70a11e6588a56fa285d4b1ac39876d398ecd05721eb1ea55fdbb1058d9b99f4f46beec8f536ca754616f5660354a01e54b562fa56d0712588572ff4eb00c215593b56dddf2f5d85a7e85c8eaef11c938533c82a0a6e5e794a2a8b03ed8a80966008c8b978ec86b7d861ef19290642cfa4f87e5aaefd0d1d0fd660a6f7c15c04a354d2c044e6ec6851e42b8a040cb92f2e6403f0d705238d63eb3f72bc2d9afc9d9003a6d5b6e533af0fa055b26cf63e9c16e7a0f53f2846c0c985fb8d27e3dab94ab9c1adc507964a44dc00c6bf708a788197df9bd391d5b0f1c285fd58cd1b710583a53fa9d9fcae244d2fb36cce7f4e2493013d8ad6c6af0473b68f389d5b6f20efc60dddc2f3551e62170b0d5699877077ba4ccd8d7635721801b53ffb071e5d6ca88ac95906d993b96b3019af65af05a46f6c142c70cebb3dfc01e75caad8fb78c1590502a3a634b190b50a3f703f54b794fde71a52f5504419e7b748b3598b92a4db0966564571f93c2c579d25b2de1fcf84befd7923d1c8cfe93835bd0a9e48c7935eea9b21cbeea1e8aa3f12a4124b7393144c7fe4904aa288e2aa2456a419be046e15eed5b300868c4a9ba38d81c9359b8f6db3a24c3816493f1c85d82d73dcc0cf6ecddbb":"e93d038156082ba508def0a26ea9172930f546dbec5b5652928a28c7"
+
+SHA3_224 long #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"b7174dd7242f30f5bcd81cb23c6f52617ff1290845b0f8b4344b36101cdce0367f731bc551c41b34fc1c4366a79a8e7eb89b2df4977672e9b56aecb7ced4d4cd6ba5a7baaa14158741901a4ac1f96bf8180f137b5a2b5e04c12df6a3f2b54c15819639ddb887e696941ce98711f5b078a73623c4153685b05d7c9bfb10e711b6cb2c195602865508fca8f7441ff727a56ef6a5f85001af93933f25e8b0d2eb5951508f4e10772b85821c8daa746596287438e03e94f3a3556a5eda915bdea1a61aebe2ed6bc330b72d60f3e197a8c6a8c2e51dbf67742b9febc1031f9873fd442ee35b5a9ad32c43055d711010297fce5ee3a4a254ec0d191c50e7b9f0f9c5dc952242be250ee7d412f94f5f684f8842521cbd10e0c3126a07f4d088ead8c215578edf4095db28105d1dd4f72681ababa676b0319562023ab49304b30e78bc987d11790971a4b99fedb24900d229aeb160dbc42cfa2fa5332916cc63e4417b0c0f92594041d0602aca9ef6a1f5ae5afd8a32422a9793c3fb706670c0f59cc61a13f8c80e8ec7e659fdcb2303167877372b637252f5f7233a916938f1c8ef666a932d0c9bdef013d38d1f184ebdefcd074c559ccd9bc18e9992096c1fe5a324a396186d0ebcb5ae4182841ca9727b2313f4f208c2115bccbf7d2d5371d521c66d25a1358fad7d814ae5e1793cbe8443062b21fe5ae02ba55659bd36101fd0147247b0aa483bb15297bd1d75302872f386f9cac5bd8f9be1032fa05d234b17d857042d165eedb7eacf122259ad39adfc3b67d5a612a611477006c010d3e260d8c76400bffc4bf8119becd76dda779d26cf7c2be981aef7a045e60497486b12dd687012ee48dedc8ea35424f8e06caa38e741b2d6342eb4b429d85439a96e94afe22f49ea6a2dcc2b8e51f144e7a03dfc2ebc53b450aeb04bc5e298401e735016deaa8efd8bc12eae05ec2697169abc3849f7f7cd00b6532dc10fb8f2d103adda04e7ca6dd3206be0af2cac3a95e291b5e3fa84676acf0521c4649d98e7a513c2fbf0e38369d4ec89351969758d00223ba2cbe4cbb6802ef176eb2d798be2ea986ccdc387766518713ebb468f267cd9922e74fd410d52366381ab51dfe3419b22fe8450c12159565f731b2bd287df1d8130fdb91097cc85408aacf210174a8c295a1f7478933a101d7b400184d9b155d1506cfe827b76834f3cf7f6555085267427a515f6f38fad710032aeee4378eb4a35cbb6dde2d8995a3c9347f6b67bd1cd0e1f1d816ae19524a7fa1c58eebe46b48821c86af37b2d273588cb3b70b3f6fab794736220b72ffe1a9f3109010aced7f0771c71d7e6a980cddf6c6ca7b5fbc4c90cffe13c99e5c60129d74ba5e5eb7b16d49a3ab5a1732bac9f10d0820a4af3ed90a945e70f1e4603a1f56402d60567a1402a0cb635f5f07bd0a1b02a39494fca2659d848a24344c90e739d3f6584643ac4b43102299599e27a0654c6ca629f09d9f7e088d9ba89fb78383e851ad03a896620efc005bdec88a627047f46fcad51ae6ba6ce3decdd40e72e8ffb7e51b13530568f1852d4b3165cec087d347e3f4baf9d724355410740643cd8ca187090e72a3e58339642b433a23da7e71c521e9ee3768c0ea922d1":"b5151a41c59cc98cab7b493dae476f5a2d8b6dd9fd8ff982eca3907f"
+
+SHA3_224 long #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"a51ee3b7c42fae9e771e085d14fb8eacc2653931db58e1f79547ff1de26bb7cb945a166ac5db981576f9ed4a7656fce686c22950ba0cd3f4221821f3aa32ff183fa2630f3381d5d1e3cb2e6397b5a0c0a940f614ea0e1d2a4174e42895d2007aed1f530cd6c86ebc06bb540f3ebe802275062ae43205c7833a83cf246bf0c2d7e8f96dca76596abd26f2e6b5351ca6f5303d4c2a5b9ad7e6546c6a4ff4374e19765739b1dbdbd1bb8c976cbf42751a1f230ce54d2e74573ad8583d12f74cab26e061402accf7aba081d36e942e72e28a969c7cb5703c4e690e6ed1d33edae1e86e41099b135501534bce759cc0ba081cd01499caec99c55a3ed7adfb8f87f945671c1d6d769cdabc32af083fc2f694bf1b9dc5f36934c3f5b0ba59f3b3fbfa27151d0209be753fc3809fb0e5facd8c5abd5f869baeb45022ac405e2272dfec75be6942d5b38737507bc5f4f632e8fad5ff81672784c274c9799143ef93dbd817ab2b653b1c7bca4b6d4a5cda30eee518292ced00b30638d260d490c4e096c5f42489f1a2c2f8009c9c5570f9bd88560a8387a28e0327a325a932ce081fb9bbf670ab70726ea7e22b510fb9bca05e549555bb0d393ccebeab9cd2842219ebc204d9ba6912e62f77e0d39fbe89a317e7a0e6efb66a25a2904a80dd3a7c96d5e306a5de65ecf23ac8a46c2e07c98c5b17147f4c2687874c21eb9f7a787d5e1f25e51d3eeb675c6ddb5d62e41de524d4edd768fae4fa2a7379773fd2c78d38709187890383ebeb72baf5fee88743332870d2e9207829d6c0a1d4a90cae14ed702dd53154b5e066f16d528863cd4d81ffa9ed4ae66b7e53daa0ec2551b67a46c803b75c5a0aaf9691fa5e487c786ad5029e11d275445f686b7ea5fac9652808201b16543d09be43fb6bff855c0f01f8d85924caf58b36df1843e9729b4684fe1f7bd85f243b7634d7c81f892a1a7cb32ae20f7a8ec96a7e8bf89fd3f0def7ef6e2de7c637263f33cc17a59a0f2242cca03fbb2a6684630e6ca5af66efb7eaa2b53929d1a05482068262790133aebb0be17a0f22a847895662500073c158c3e09ba588c7844da576a2b08306bd464f3a969bf2a97a97442016037c428d49ec71c87bebf20e97124bd40aabf0d672661f66a84e0904fefc3230c50a1a7c13cb1de5c3399863bc2f4dbf77d909a5bb6884faab0a886f031955579f9245b63dcaac9a835c02ae4466440cfff59753a8bd2ff9ab0e6fe32f03513397fd09624f4fe58ec53b7815b51ef762aae7e307c2cde80cb14206870822ee6db831afa8d1c4916a90be41c099be2f6a819735ea8f0179dbc48e948418dff4ad07177eb14c9078d5edcda7d877b0b4cc8bedd52499bfa90decda6302e7a02a9a8e97c0a5481b6278e250f085d85b4e2fd0d20adc68703f4b310eb928fbce59dd549abbac4bcd17fa7a2f65ee4327c53b592c1d3a827d043c9c12df1eded2491e6106b9ecdf0e5e05ba524e3c407ce0992de55667714cc08934ce1d0d1812c204bec500908b46013eaca2f39657c268f154e3fd8bbd473ad9022aba1d2ff88c3772bdd8bed8ddc64f57059b25116126ead7105acdecd53cd50c0f0075adeb6e6085d88b9e4c3b76e0c3649011f5c1df2dbd52b556885d8c255c63353e1a52322700fc605a71c8d998f9a818818c4b5e620e93554e1949f370fa10a29ffc979e33ea139e17cfedb62000b77c9d5c656a30d3ba83dc2500395eecfc8fc1dd217b2d4b048e00ec10d61fe07b048fef78ca3f13af872836ea26983c1143cb445890bc2bb7783a529b023ea2dbf77ccded4738d65aa95bd36f82c6f23508e6baa4a7899314":"92219c95e8983ffddcd73fc9669ddf1085eb87fdc3f2a8b707fee881"
+
+SHA3_224 long #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"11964921b3db3564118a0f62b02225c3e7b21e1e40a6836d20e17ebeab0ce12be22d690b0e7b456a6271d2b7dc21a9bd6ccbdbd558ae7b59df1e5d5b1dd71e972e9164a796d46776e00eb1f786e3221711c436f081c38b3fefa59d187139d4d83ee9c25c138fa570d58a348a771098b91ec5b8d8838db907999fc55c71dc0cd55a5e09914c530740870ce3d97751138bdbf8e7f526b60f9925345e8ee365ce76ca18c3b00ac994cf3fbd474a4e4e9c748f834eaf32e395dddb8bef18907f20a3d53e77201599540344c4e746c3ae3a5f848e726f6ebe52bc03cd006140d00c44c4f8ae49356a4fc5e04a4b369f19f6310042dd9ba3ef4e1ce4211ad1ba009941df70ef9332e48efe5977fc80aa39d7d34cc6169d991e91e7c7b0c4d0c8b8cf826ecbc266d3b01894f872818eacb3e52db043a5db18f22403f4a286c630a0b7f0b934af2ae176f571056462c66d32282773e113bfe8130e5ab31ee81bbb5f587108d13f4725dd2e7bc8742892b45ca9aadfc7e6afd02a57d24c4c7337319ebbeea2caf925648eca9c88cb5a594bd96f9c3a1ea9159adf08550655ae835a04e650d048662c6931d1bb8f908082f85282e7cd0de1580cd927ca2b612165fe3ae37dda730cc5fb6d4cbf23ec2377846feb71e0bd18e0efc1bf1801975546e4e7ba5f08727556e1ea42928d07ca9fb7d7b124bb56d5150a3ed529d120d18fd5b471dda16e2949e451bb1b1508fd625833dce6a5ffa15f27f973e4e2241da6994812deef8eae04cc4abf4202184428312a75a1e8e003260c99a0317ecac2f5f84da44c38fb8ef1617c57ef9e5e28590865823cca2283d282c765f8eb3a47e2ba68300ec5dc51766a908a0a2f03305da68b0e9f94eda9cb512bc921729d34d7a643bd0cde5a7dfdb12d617bfe2ee59dd3451eb28d68fe79416cd4955b1b123b8586532ecb9d9cedfcfce22a5308cd7f563bbc5dffbc09451a338e3aeedb68761fd9fa5cd3cc35ae14a5170076b9726cf914ef8830105295a32700f97306bef03ce2bb7e3f0fd1a8c1cf08e3ae685ccd8279c01b698d62d2a5f131bb31c39d10a44c9d7c5790f743ca22bcbc443d1108ba1135fef25bc065e9382966713b8b401ebda93e63742fe7f9483b7480611b876985591913a1f4b434a5f1e37b9512e874dde6acabe602fc14e68df1aafc02b0577c31541488872951e0901b97faba6e6c565caf770cf6eae4a7bb1d0a354ced4b9fc7983c37002b06900ef50d920a3bcfcd132d0e0e95193130cbdfe83583a50f9622cbd5d6e7211d5d745824848ab764ed140fb91567f1c32cc81e8b242e3f69084ad7258fc5755cf1c92e25f9c24af55b663ec049f3db6141b7c43c29d625229d48a27588218e8cf1155e58183b5d48c211a16bd1c13dd517a2b8436c02be02fe23160ce983d4750860d0050a7c5627c81e1f01d55980e55790e2e8163a72d0d3e31a34db73afdedcb36c74f60d9f581594a2cc7f440d5aa98a2a734f07a956c3919533867a879015151aed05779ea3527b1112f5094bfbb497782b3eefcb5a77337152111fc4545c8fc2b75f41bdd227db531c5f30a19221bfb4590c7c40a597d495d9a4ebcef059284c1b2bf363ab3bbd5232e64179e5970ac645e03671ffca79e91069650e2cb3e8a0619216f7f83728f59cb2c53abebf819637e3a4c42fb82c553e8515ead212d7a6d1bb31e37fc22524a1ea444be3412b0d773d4ea2ff0af4c1ad2383cba820fe47b2cecc8e0985bbc78ab644161cc411114c15bc743568da15a369381a788264694ef56f605d28f2c79f3f4f0233f0398b009377a09a79e439697fbb3d08e311f5eb56a3c14552d20a28adec77ee6fad64d9e10690f6e61c15478e949e20e90ed4d219ef1987ab64796d28a4dd17e675822024f1aa11568a9284be4ca38a3c62ec4b67dcd0ecdcaffcb6d7fd9d740097cf1c87c158b27235966a366ab60d8515279d68f14e3c8dbb7c4ae2811dce631d32172ffd01a3e2250a3f1f763e706c306c1243b6fc3f6591df7272b8c6ecb70e9257":"c7ed1c52072e982a7ada5351119d4a03ef04b483c95ed386d054642d"
+
+SHA3_224 long #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"6c4688c2c4a18eaa6010b613be6a8935c6494b13fd6bd001fb5892641f4500ba813918da286e377c7efa30fb00ae9c5a3a3f7286f3a3d8daa5be38e8303e9577cec420c84a44061e6dae8d7cbace5fb15b7125925ac9588714125449eb76afe93c2ec81591eba3971774f41e529079410f268dc19aa3fb0e329c100dbab5f419b1c13a48642ab5ef62938d6831bd93123fa7d29a1bfa6679e5a392be04c20c0e16c39be92dcae42e385581e2bf1d542dd43d1ba5469544d0177102e33066a0d0547d16805394da5d8000f81464776599b42e906b813e3b19af4c8905a86958685137d0963e4d3c8422dd198789946d5ec9c25b7335bbf35e957d4fabd393dbddf739f4b255c0b5a905340dc2943d1585f943a145cbd516a6b14c7b5d19abd2372dcaa85d02b4ebd6134dfc4def3805152ef78d6aa95449faeb0035a4e27be47fda33141eadf08612336f0db1004de4164f284469390036612be3a70696c9babce8bd627dbc3d2f664de4687531465b91441cf1cae2a185e3593bf60d9d5efbf63eadb70298638ed84af23621e9ea118cf51bba160bfede885d514d4160025035c44e3e36a92a4a7310e29f3e8f00af124a6fc7d41ee0e7591f6dd229457c618262e71ca0575a0b3c88fcca538d51dc282b5f418c820f4b5d87d7ad4db596d5e400bf7cc90bba7b3d9a87e0e84aa541d8803250c79f53b09c7ed6073519165564861f84372b13407d2fcd08852ec3852931311b0bdd74bf1feab3086ad7c58809dc4f5c74212d02042d146bb3a175512426a4cbe3a4391fedb5b7d773596b17dbeb972d0853d06adb7ea530f90b814dcf47d387d45c6b780ec5279dd805d0a9e2993f1f792bc41f0908c880e0d4b020347d0578686dd2748b044e812245bbe727cf8e59510fd0ca96b5c483ef64ca735bae83c6263f36b96b5873acd880f678b176cd041769be138b6be360ae2497ed4ac39698963a5fefb6abdd45821d47068874454754a054a1ef146b40a57adf370ba5841641c715bf75e4d575a8867736b5b33b4b8f1c5b1dca97a54a5dcf69f8a63a956aae4c1fd1afeba364d3224eb23f19fa3750459a2e24dcd9a75d8cfed9216c13b9653346cc6ca88f398a5993222e90c9342083db7d06cb4f7e2d1766828622442eefe25258b403e11d5693102d8bffef6a853ee4b2774c4ef856da699add4472eed3c30b1e90e4e037be388b7c5d4db50009de7e7480471f3d5f3bceca2cb9e324993c38c60733d5b04ab0cdb7ac64631f34cb716b28a40b74d0a45fb97d6bdff6cab7a3f822d808af82649e85802b41ee8d6d8540774b58c6327ce20fd741b08ced9b125be8bbc15defbac58ee28a96969c2d829b75244e5a0b2b207643239d0f8a504e9761c448e1181b0c7bd969ac3ee9712f232b183759e619e194c7f9eda72a3e1f5595dce46485f039f46eb0c90ffda25581a00d59ea48aeed116eabe97b54cd4c3d8de9df0ebf9f15a0a84736315f29bc5ddcecfe36bb520b963d22d9b490659ff650d47f064d9268288f173bcb976c2c5de89e6c64c66d05cb3e440579666ede29e6860d75b72ffa332b061f052ed56d2ccb0aeb9df267a15778fab4f35f50d27d58e6d08286e0926a85fd2c08abcb46708d17c509c5a8a8e3f32d2f4a0273439baddb1256410cfa75a4e5a8fc96b581d237af40cfc998e116b8c3bfa5d73ff92aed4f1918701af8fb90a4dc0978fde4f9d0b9a618869f1699cea6aa2c671dbbd320292ff19c7455a452241055d70a388e601c3d0b83260d133dbc38093973523e4f519a094c81d81af14b8c0b3e444438f0c24ed148938f2d0eefb361d6aa871282aea28708a94b02750397513213d2a0869220915d50648f4825615fc42b20f7bf2a919458547407e7337a4f3ddfa86d2d74fd744bc354e0f3488c288d5de59710acad57c5ea1dcf4ec37e2fe6108f48ea502ba2995627c8183f7ae7b8a7a0977c1d40f9d6d30c02b29ae816b50e4fd9c70ef342cf70a4f1bdf273c2ce7317a20b6390a114780a491ba2032e3342b0c7cb979d7c75789500ed49c1e15628135ec667e678053fde4c92c2169fe7127abbfed1717a14d8c0a0ad2cab6dd82d5c73b41189a6339152b21ee268915ae7745c69a5b76133f7ed770783788eddecba8ade4ac35226d72c23c8ea422b122a685313fbb65c5b3de62d0236716becccf54b4af8daa46477354997c3ec9599411c4705bcb7901312726ba62dde2d8d35d45d020417":"14123df0afadc8a3142ac07958417877c4ddc5718acee7a8ee44c48d"
+
+SHA3_224 long #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"44533d2c876e82db402fbb00a6c2f2cc3487973dfc1674463e81e42a39d9402941f39b5e126bafe864ea1648c0a5be0a912697a87e4f8eabf79cbf130ea8e6f989f3177335e2b0b87d078b843aa378becd69ea596c85f078b9dd67d599976f6343db1b3297da6d93b20f817ebfc408300fd9f8186dc182f4abcd453881adc1af98340e64e15bcdc32b8960fcf51156a880fc29af290a2c69f6f3bf036ff2c525af8458d1ba6ebb8f11fd8fc784914a6e485de6e44968d61dc1d73e000a6f630cb1566141cb191c3e8cf378a7154dcdc98e81958175e3685935022bf5fb2b84aec52f907cbc66d919c3f48263504bc5037af2a04c5484ca657afbecabe92e0e5114994f49345dda68df8715c5dc951c6236376d0e8f52e589b74aebea7d81eb3ec51b0672db050773073599936233b82fe7d8668ecd559f0d15788e795f2b01bd013e1bbd5a66488164857696892b83b1b85df196b796e138bb0c3f2236343a15f088f7f3598886db1eff1596fa876332cf4f78ecf51c9454d18e65abaaa57c90b98302dc7f74a7ca5c2bdc5b5c4f42f8543662592ef09ea7818767dd6585b17485b7a43f75319594469234ac5889074c709817a50a18e97af17eaf800cdcc00a7bab46e5e3c7368105bb8652963f9a764affff98339e5b1449fba45c4ab3919ac4e74e976f3f74dbc12e3816bd78e3be0cf282fa4e89debfb286ae38c4110c6c87f3261bc4a036e8a174b4be753dc96cdbfa089206e259c154a835de25fe19c7ed58343988f263f2ce146012689537c7e29ef92900b0b36356e8a1141382a0f51e9de2bb643de53f7096a6dc3c8812184666bd87e7fbd6ede0cf5ba336a6893c414a9767ff8aa317ae83ede2991e43a732dabc7461cca9a71ce4c9533871bce57ee7ba0702e085c4b0629ced2860b2bccc835eb8162a14d830af54ebbeec2137fefdb5611448738d9fbb1dc59055479f3ce80c1ab01dffca44b86435731da17ce913ef3edec955b9a317d7327a05eb97ab912c64d4ad52c3818862f7fc0e22fa67b2d065076b1391e3fc32fc8e7984ee4107285c2ce3f50c0ea6b4fa04c78dfb9e61c0a03836965d88f596ea73b8fbea25d166cb60c6d1ed149ac406314ecbc5b9a827b51933c465b9876bc6d2ca39d480775078185eccadbbedf9e32badc3a0de0f6d6d516986f09f3c195652b825f479824c2dfbb4cf962a26ba589bec5cd6361ffa9089e1c547619b08639c89a6913979c4b0b1cfc3ee8acd712e291180aee85f37e668a167b3292ca1b45745a6f4e7e41fcae3b88efe026a852d7c26166f1c588a3697b3557a1c784a132cf50c66ac4cc54339751a0ebb865e1d3d320562fc905c4abd1e78e464066c46c3a0c02db0371ee35a104d66dda864c6133e37cfad9116e883ebb73b295e7016c34ea9911a309272ef90114d8f59fff0a75193fe5ae31ed99121f9c59209bc4bd507b1dc12bc89b79ffe4d0df9209762a1730136290cdee58ec828ccc88ebaada0d4bf54c2656b7b1361e9ec448594e5a8ac69c04296bcd323e92b96f375d103cdbcbc4350b2a086f2c1cc3398105e416405b3e4ce09226df78bea6b3947681703c88eefe42b90a0e527e0291c4a5d3e7e85c8eaf5eb7779b3b64d95c58be9afebff1ea1a759a39194990c18f9baf9a39e358e1adec623c0fe723c5bbdc9bb942c6954a0c0c34220a622384656e99b3a6b1beebcb2218e0a81c89f044a8a468e6f0e183658f2d317c4c74cfc5c5da9c98e41d0179885201fe3bf5ed99354f2655cf753a9976cc03c9592318233a08d19aeaf1d74b97941c6cd606122c1b227e09a2beb42a4bb6f58c28acd20023aadf2746cbb1b3d8559c9e7b29027fb294dc8d2b2ca49a8664a32f2b7091ef1b1731c888094544b31d0eed8bdd42f6a43cce5ab95d606caf6b794ce22cec32a8f465e91f38f670b060efe4989138335870cffcedbf9c033f22044fdd20259d25b8d8138cd939ba68b7bc0e11f376c867d76dee28c1ac10ae2ec0b28cf8e26149eb24e24178a3a44497ffe4986263082ae704990b1214f784f83b1f7225b7316df1c8afdd95b8a0cc6837e28c6ca1753a1630a8050f5b3a5c04dfe11d2508700a633006d19eed4278ced0927e8096b21deb8e759748035b8bdb2ba1fe754acfb7c5f771ae12b5fbd232767eef2cd7213eed5a9c422a91cdace1aacc86a51282fe708b6ac38fa75f511976024effd7652582418686458b2327ced9db5622e44c3719686cc27435cf7e0a7bc71e481bd05a40bfbee41753de94e93558ed7d348dfa271af22b4ee5dec17be427fdb418f555bf41bfdc2e90626cd749cfad2287cad0101f955eae3c0fc3f43bbf3db24366a0446413eed9a55127ff83aa15914275216af2c0ece0acd4edfa0f078ed14f96b27693358cc7172d5ee88f62c778293f969e10ff46a4bcc0b7f3ca6b418f91f814dc5":"664b21533bc159c450ba98f77dd81616e6e8843d4eb69f28add3b08c"
+
+SHA3_224 long #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"e9acd147a1103f6a34a8c62f199f2d50f1a3c1f90c51f7d72fed5273945787be333ae0ec4087de86f52222bb91db8df8a19fa7b87eef3d9c17924fbef08729436b3ecf2f47089e7d66cb3170d3fa822403c451685b8ccad0f39a62059a1002601a1f67b7bd7ac9770f0bbaf3e6e652fca07b89b2ac0fe4994c6d54f098d85b3ec745702daac7a59b794b87efd28545a9ff2a153e7860d422a873ec26f4c97b04fa18b23816d67b122bf15e0aa0c1a553a83bbeb3c767e2919214f450b6caacdb3b00f4810a8f9204ad6708ec5780b82124144cb9a10c550f8fb83215e4c234eb136500b08dda349888134d3effacc83cfa1f87fa0f3777c329c7701e889b5c5b09af9c6ca89fa7f6435ff4a8a12c1bccb2c2371b18d08ed6e7a97412a93c6c54a646915d62c6344766b2c7d143e8f9f8d56723c7c5bfe36f51c6069a508dacfd7092a62cc33723b37a738c62f0c8ace8ea7514a41decbeb7f086f05e8476637ff1fca581d3dbbc61060c0c02adb47bc57954d25a283f66d64b52f9054ddfdb01b1ea54039b98477a92e40f5a8494adb70a6b2592eea125f3eb90e838b3b05aac37c57d5b22570b25a6635d127c508be52624d5f478f8413656aa869ebfd129a70bf6e6317001518bcbf1bdd19dd05d7854e6a927cd2e03c816069be0782a901bb5e3582c8e7c61d388f6f83ff0fd6b971d1a6ad4f529b3d1b30eefa5e7a4d630bdf69af483b2832666dad6057cbdfc6b0826e0a2f9d39978b32849961225450dac9676325789ffacec051fcb4af9591c9d73d33ae012fde6a0be725a039623db0a2ab28e13eb1c8ca2e09b38609acbd164690b43b2d026430137339ac2e0b9c15d1c17afbebf23ef10d112f5c88698b2e6704f6677f45db65ffb52fe55e94fe82fd36d3e60ed5cfcbf414baa8aa708e8aaf1694b3866ea674172972dc69b2d7807b77ce2025c0fdc36990ffeace3659b38521f99fd0e157f2f04ccd01ddd9a986e300b44aaf684b6fd3f26993824f5f219fd3af8ccd42626b119b78e6096e070eba6e40b63a203b39d9d582435510216d4588212afa064835019221099b045290681cde03248d3fb9d196d47ac52d22ff1cdbe8cad5a18bf936cd3fecf1212eb47298f6b21d13db5851d2ca9a40fad64f9c3b811ceea8a01037a92ff0ba48edd3707f2533723890ade105ef3256fdddd73a236471b38027226ab29bb544e03285d81bd417c27ff212e5acbcc385da9c3e7d101d69b2cc83a87685edbb2f8b7f34100badcf9c5e62300633bdde3be583eddbae16757af2380ab17fb072d8af3676cedafcdb5e68837d99276ce307b3375dec49da255a75d6c1c22c6e6ceecffac65ae65bbb8702b8643514346277c82917157ff2e9ffebc2861ef88219c0723e9b4ada44f0b4d1837c5086cedcfa98db91fdbcdb43d9a89d902e8085f9fc1a747e2503331b5639773e81db76c30ea9b166fb8d0db35650baa87731049e003d2ed7601dc08be9cef6232f9ed6b5228f5d0e957d04c91458cc179fa668766b6ee03f827657c2fde6a2b2d04d6913e49e40e151e95ae5924524660e4d3c03ac041b3f12997370f134ef761a63987fb37aef87c76e6aa93e9a662c2991f9c620b1423e8713ade6622e4ed5548dff591d89bb7a5c88ce8497cd03c298112c5e87dae7b6566161c3df37436915091810916f573187a500f82c518fe1c0474e0d30059e4f070f2969b6e46f99d2815d66ad802535ef6f8c747abc6cd248a0c982c7b5b8612f798f7887ba15f0236339abc050c80fea24cba9f1921d4c87ba392fad5fd885263cee50c02cf9047e4b5760787592280e8168e92f47238903f017945f88712391d5d0830eb16b3f4996111544531606d2f1ceb28250124043eeef316cb414e4e8b0d0afb1ebff091bc0114aa27de624cde277a6a9416beade032a8743672621916a59076831170a7b75b261215a751a55fffe25f29f92e128e9442672164762226ef45a703565bbdf138f093f7d35501196ccc0fcdf19dbbaede66f7745db3f224b1ce9884d4d95cd25f1935b5ab95e67436e08366483331aad6be2d17a6401076b4d651efd5100bc29a4a0038773adfd824c5c2dd4417fbe845f210f387460486c003d82d9f2b5229af2bfd667f6b71ad0024d41b2e72a1d2f2aaa8ee47ed57bb9dfd37257a50b96f676333280a51265b90a4c2074e6baccea78dfef1305c907c126d76beb0a8c9fc8a9bab676113854a9dee9388eb2ba3462a4319e588bc3733e8fb9be2885a0939e07a6b09cddb16e3eea94f884ed90ea1447502b09834d447e74eb078498e028c30a97df794ce628c4d7effeec09e7647bdcbbf3ca8edf020d70fbc673c6e3a5e44cfe81afe16f0ae8015aaa287a261a05dec5a6f000f122680e5c899a91f3b18e295b55955db48b25015588beb0c5a14ec81da33e7c1c3c1aa79dbf5d8cc8d20d3a3eb9bdf44f3fe852711933604e60b3131486fa72b8a591c73fd63109bb6e0dfa092cae67a78fce7f2dea1aeb48fedf5a5ab0b8676ef569f7a36cb9ab440becd35b3cdb0a55f133d1fc69e9d42dc2200840beecdca7a20fb368f15be40b3246709558c85eb31aa5155d27049d655121a777102c34eb41ff8500f2ac467957973c580efaf77752be93d0900fb9983250b26":"6a9a23e09105428915a6b648b3eee2b6a97a3a27ca6973c2eb4f862b"
+
+SHA3_224 long #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"662c1cf710b71b5334e7fca1b65bed275331a4959029f443f0069ebb6a3869771ab975ec3735ccc7456d3a768cdd5feac89c029b2285a8cd5f9465125892f311aaf50185ae02cd89ac34f5124be18bbd4c1b67cb78d5c169d746ff352393cbff7ca869cc5d664721cf04d67eddaf992847747c2b7b6066a0c0e6112cb5801ac9fa9954c92dab621818a585c1288fb2b32170e8c61170c0f9833a46fdf4a407f88b926b83041745f4eedea9e316c9fee743d753a1234bf7fc860b43b2ca46bb1396595602ccf41940b878eaed8ea4a44b137167c69a3a32313220b3531ead5da285b8bc4e6b880581e03cf2e67769cc68fa06c93c5c859921ef433ce6d722162dbf744570cb1c3241cdef66d6bb61a0c4615d240b53745553263a8675dfed0e3dac589a6fd2f7c807e75cf1c541d145e9ae3f1e3c654f8e4f3dce3a071d566c59b42b63536a63ee5c964a39bcf104e65f4b745fd57c5d6b9e9ec700a579a5590a3fb447247aa6ccc74280e6c2b341a9ac9ec490e17fe715c7afed7f56db21fcd7b5bcefebe9098bd053c7a1e06fcfb65a11f759655635b452da0860222b137e487e0b03b0a1d453ff31e7121d0df736f10ad4616be98f6fc886df4a1151c306e502692a79894f4bdd44a8e081750151f7f32451fa203d6eb01a3be62c3679bd37aa9e0c5089c29cf1f5d2b31490352ef633afd01be386da9200e4dc7ac07dcac5dc71523c89746dc3aa2c35df44daf675323d87d51ab4dbf69fa2d303d816561701aca44671aee7dccc7f0ce97a3ad0fd58961e30ad0d98655f3d74d0678e89b68215a97429b832c3c493e03a1b9be5150d813c3484da3a67a87c66e8532b8a29c5750ad09ada7500f9305adb0d465d45b9c889ea8762e882e2285154863682f834936f62aa5cd91cd21e21d33a835f15c431af599fefcb407509df1ae6f698ac36397e314285859eb924de2a889a130e96855389b2c70b28cae7b6445db5f5cc322de2454b9ea10e150c39e9e1d2a2b7978b2083a933cfc2478a7ed9d2b9c0e0923841a6abef57f54d9cd9172c743498300dbb4e6d7b3f9755bae0e22c4c2271bd22445d4cc0cddacb9d67bc51c8f03ac7d1cff2e5e7842e5d3e836655b443061bb3927014592b45f6d68ae13716ff24c6a10278f8bfc60fc5df116d34394a2714b3d4eaed019abe3611eb8cc8a689de9343fce7904a2cc3f6652f00b125605c10e9b1d0be0242cef31432c8ebbfb5f1987f664794d1dfd159988725b4beac2e771ed22c6fa24afc95a8069a88ababe43b1fe8a1eb9c07c1553fc1e6254e5724b11ade05e72adad184950f0c88b0943fe6e929fc7ff3ca1c5124854bec1b88c726a57e6410e21cd429a3f625d117988b00a7d260371e5369b70d795bf26e689d3f875a50d111368dea9a63ed4c28de4ff11f8ad5fb64c830eec3481e1d8e1f30628719d1120050843041fd6de12a8f13201afa64b30f52fa5e0e989c56c5d408f86f63efbbf8934264616dac7967d260f75fca144765184d6fb512de8659afab6a05e2b3b53f264eecc25ab2fa25d0bcddb8a1eea0af43b489825deb9393d9a31e123b24e61d3230322c6d884eadb0b23aeb27f8a434fab4143b21cb67bb7a787e5d194b37dcdf719c674e355b479bc777c1053c3c3e66d778a90887e819b9b0f1b0222e90c35498943aa4c10b3ab985fa02e3c25113aea41d94b82600f4bfd5ded1fed7da19ba2d816f183544d031732c766890c9fcfca36cc4d9b09696b46eaf89564efb2738b8cbcc5198f04f2c1975e43db08e41755dcb00142e9145bf04cba0d299dd35f7c2d91af8f2f600d1003e160a2a862a4359a31111a7db4a081e9ade19c2668a1fd21520b44c3e2b49afedd276049bff8e1f5dc077235bedb844840bd4d18070d771e6a82eadb018bbaeece12948b4077d385fd3eeaaf975f7fff1eeaacc122d4726b4780d1d340e5086a10bccfeb88b392b131220459d2cecd5495044bd040a9879e85afaa4b25730be7617072c91d3ea80e047b2fb2f58c050f4f949ab3e4ff2f2e8139d4b123982ded1cf81dc2627b6c02d384fd597429af85ab1629fa7447c1a1d6e9d193cfd6f6f1cf9e3155fcfc87264ae9dd9bd32a354e44037a029315f78ef32a31718ea1ef8be5ed4e02412461eec7144118a6f03ecf86d6fb6ab5dc295c726564b8f4ab7011fc6fd445d3a594d2d49ed85e443e1480001b3e91611cef70b145fbf87636412a7f90549f28d28858ffe403cb5f465f162c5aa425095ab2825c2657be97f4bb4bebe96f7cb54dc517a57e43ee3cbb96e887efdc8423180b07bf811859ee4946eccde5557d1d69c36561e829357100247d8f75384d42d751577800be78dda68c93922ec70ea5d91be8b19c144fa0b6b05bcf7557cefd0b4e17f21faa99dabef4c6d4f034aff2fe27081114a57b304192f9b45abba7963629bfda286d1b89d507fd13041eef995b8d4a0cdc4d76942374ddcaafc465c2eaacc58cc5869c5fab4eacb8c4f63bed73b735117d8c9060eebe7e9eef0267e79b2fbf8671878ab084216c42ad4b1383d92d4fab52e3771b05d8629d93064c98ca2b0453b6e075410238a25d379e14d0fe68005706d289270b7b10432640823aea374a70f001da7597ece544fe6fae7945efdd8103da551951ef1e2c334187629ddcd86ac79c28c2d7c6bbb66c204ed1523d5dd5d48b59669bccd2b52469ea94377464adb7ffeebd245e8c0e0b60847da5c8f7a1f33604932b9cd47a845a1a44599645b62badaac9100cdcd84690cdd2b32b4191da9ae52393d799f8dd72a4f776db12109d45db8b2d5a3491b841b9750cdcb212050a899c66f5a99c9a440922018b4059a7290f5":"c445ddb56fa04b4a181ca4b1e97d2a3d4d561d10560ba6ceeab15fa4"
+
+SHA3_224 long #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"d18793d705f8597b71ec1aa00854935f8dbdaf4861d3f9059a2456395427f4ae4c7d7eb0ab7692b41fd7743e30db0401d277ed4736e22093e65581851110dfff239d2a869958e0eb142fc92aaca7e492861fa126a95950440d36da84f5c1afe37f6fff217aa62d67777b812d23c01d5bd43e32ae613f735e3750cafea9444aa3887c6648f46660717144040f3e2f95a4e25b08a7079c702a8b29babad5a19a87654bc5c5afa261512a11b998a4fb36b5d8fe8bd942792ff0324b108120de86d63f65855e5461184fc96a0a8ffd2ce6d5dfb0230cbbdd98f8543e361b3205f5da3d500fdc8bac6db377d75ebef3cb8f4d1ff738071ad0938917889250b41dd1d98896ca06fb8a48c45be11eeb2cde1866bf5e3293065a08eca6b38ee84e2f011c47be1da64d0391cb9e0fb0df50706965e76a79782784df6a274790aaa7426deba3517282291f301067ea7d6208866a95c1a5757e26550049c3ca025f685efd8ec4d6306435e70ddbdff9ed3cfc2a033d72968e6cabd653d1a1c64bcf388b994cd1d5be121c6210742dc46934d3631ca425c52d0c5d0dc14ceac2d3c2c0d2296ef3d78654849822227bd35713353a9d1300bbb824e5043000c5470200a83a953c5163eff41692292feeaf20a1ccb56ed22bff997deac389365bdc405097ccc5fe140161b879570ee1b0df2da63ddf7729cf1936df1550b536d309f57c358fa1fc6339446a55efba81e9ebe5ea33bda1601492f9120eb59b485656894a2b8b127e679401d054631456c05caf345459d2be21f149dd7cfa22b40c4c648321c8fecb4799feb31cba03aa5eb8f54e48baf38c1fbe8d09082534c11c72eeefbe4f4f2c2cd1a4da55fc71c3eb8a1efeb8e8ed1335822f5e5940b8b9af509055ab27ebe93ec25b0fa83245ea8e57920d4ceca6988cc396a4185295e2ec6fb07e9058bc4aa4f68c18bc6367676fa9b843abcd08664b0c2aa3ec64b585fc56b83313eba89687f59dbe3b97be82b707fa677e93fac49be253237e7dffe9068d0e3adfe799170e45f8c9cad634838efabf436c4663f9a4cf79eb75a55b58339d1c5b9a547613627003011329b0b11b09709d1eef2d4e8d5a04c47ae4b118ab0d4860ed3a27d3aafe282ebe971b5687bc733e3b963f0b7f0c5c763543e9729565fc0f7fa2939f0f75ce1773295bb8f99b31ee6c418178a16be9c94dc9ecae192e9f32f993a4bfb95f5c85d9e6591f9a2f127459fadbdc1c0114856b7fa01461ef998f0216417acf433c4098d6fdd592ff7f9aa9c8358117564371366beeec923051ef433252197aaad510590130210893de2605b477adbbf0df565797be7dd77a311963efc0e4e11b8fbdc470d84a247498e114c489a9305951fc750bf9105653a0d70b5571232d1ed20e802ade99102916937f0253bd9d19002b39ce85ed374606efe36d4e1e853b06cc36372b56f13abf04ed76be302ab653ab4ae74c5ca3d8cc2a923e3f1d12fb93bf8da0a6c9f230fafb0727b04c01bab443526135a5c2935850c1d02d67fbe5e2af2e6c363938923142751d125747ad8abdf641270fbbfe1329172cfe4569825964c0a3c5f0eee8cb9fde60cd9a27153cdfe0910ce3b7a1657c3d599cff845861a5ec4e3a343abb30dbeaf9c75dc77c3472b859cb6add05b713da5feddd73f1633c5a737c4e4491c7be42efeae84f69d93d259f4ce956b16fb49747db265fd5c5efb11d758635f5fa0f8e4a1d82e865930ad06d77ab492df7281c184d246f8af18799510c23356c309875124774baf7ca9f61ca34f7df02b53710da2a1dcc9a4dccbc19296f6b80d21fa0505207eca7e6c57fbf6b143fb713a81c965c5a9d8d4385bf7cb4b000b8466db70c2580a6fd4f44d252044b93d47745e753ca230be9397c4d83962f1c9cf54a614ca82a12826ee4038de7e400e24bd41a195cc03e3899770c34b534e5b5477d461ac34c55bda96dba78fc27b068f61e5cf0fa785d01ca3fa499fa06868aa5d00f7d5e2d9a3669a69e1a2c5bcbeee0eb56e18c9491cd349cbeba4def25a47509647e611607761758587b5dca78fc7103aff3fa5c01233f55029d9735eb8920f1ec23b44fc404194b90a378bae01b112d102f2c18d68b5334174cbe21ffc30f5050764020fa68d947ed9b66742bd22833219b0b10378dd8ffa6cfacfb89daa9ee387febd1d12bbd14176a0d4080aa1edb89427d8c4db2367f562c470bb35455924a459ea970d42f79b7185765072a5beef1296bd33f81d57cd06d7998a3bb7d0631d042f100eb964075ae2b2deada4733005abe2e36831ebebb9a29ec819688109328bdf2a8f95a2ff83370de4e424b745fdc5ce55a3e770cc0b93f4d766ede791956f9f19185e20fe9af10c15debcd77b5b72f40d23c492f87d4a204aacae7086a61dc39e21798a7ef2af21e3f5c3705abf31e86c705fdf0b7f23c5944320a872f515011c437e3c1b3adfe3d1c1defe6e9991001601ff915f81cf4936c2eb2bc0f2e3cc05f6e2b23dc3f1c651bb75fe216b1eff7c614a766f459b2fc4c474471b301878fda43d99613e934e064b1edc1da41a2b1206c6ead50b15eda0904296cc2d21bc65e3f53e200b22ef42093034adf53117797adb5b0b72ce176ceeec976e5a7dfad12e802cf4aa2f2ea77e60846caee24915361e638cfd32118c18b8c56c48abb8b1fc94e259ac1690a9030647e461bc3467b0f680d40ad07080a66dbd6068297aaac67a0ab9718799b94fc7eb7f9e1d6df3840a3f7b3c27b8dd2041cbc53975b50e24c5e2aeaae0be7aacfc0bc8b4845a4b17bffbed01b66f041efb9d155d2f0c6e9fff26b3a8b0834fb339154a558f8dd0f48e4293ebfae7a7eae18ddb13a3c54e808c23330b856cbafaf5946ef1ad7d2792fba02a6b63d70b2c9a3a812d8284107f0384d743cdff4edcc815b1095cbcb18b9e90faf09f91d04c8c0f91eb29cd7703dba80ad1f89f6dd106f5bb1d1ba0f136dd91902bfccc89d34d9997dd3815c487ab293836a3e1ba8058c0e79d78ee793d4f2e746e09db8a4955551d840bd19ba2c874fa024e5a97633403b11ae":"a88eb8ce917b17c34800b6bcfe9683deb431e128256f4edc7c084add"
+
+SHA3_224 long #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_224:"cf97461544530735f9349d0800dab7d1a432227642f63f265b73b53ee68f636eeb0a99184d0487f8e8c0f50adba735a8279056f37a3e9b75452a2b0514830aea1f7448431ca579a65804650706c500dbd7a79c7ecb7a5dd246deed2a664d7266945cbd5f593dc485738953c6293cfeb2db025addddb16d858616627583f48129714a5f33acd552de61d62810eb1519755c26f9d959ebb3d62c5af2b01480217ddfc69689bb740af84a734dadf457376b819de23ae730160d603205a1c0fa39a80659ca273122d41d55e92865ed0a42dd73ee7cc82e8981714c2703123069b1f30d8a63d6b4e79893aabf23007e37211359a12e4bd7fdd94b15c055c90cd571a61de2c95eeccc3ea3727da5454ee5bc555c3e628a899507e3e686618efb4760095de8658783d8af95d5ac15fd061cfbeba44e7f4eed58f381e500902ba5c56864f6249d191e14d1b1fad3ddf04de4c61c5859ed5fab4e856d3ab64a66b35a70fe0f1edadb68868d3f0a7a64e6cc460532a1e513856a7fa6ee0e30f809cd0b6120d15f85960638cc862c2912a72b49a073a67c5b88d2f43c4e89f700da9ae22112646e0412a33274cf89694ffa11f67f2890a52c2f8cb430d3d292cca2c3e6991cefd3c117e57a6e6248c183a926538b9886e9ee4340c76bc61289c228ef1fb1869a17226d741aa38793ba167a136baa0db1ce0a8d9536d46f70654c36c79652978fc191dbf91afa868fda71368043c5cd38dee6d23408521515acd192f3526298f359752b1c805aa666acfaa514e5c52144a1ebddc545cf0128e9b9051a5bcad1f16736238456ad3040b51a8e78589051fd9e8175eff5327cd2a16b57e4ba738aae743c8cdaa4da6c447f39ba54a410a58a5d11615a2163cc3b5e5150fb76440b5507ee2dc570c9a29b91c0f24fd22b651466016aafd149398aa7d2b80497249b0ca9b6d0eec4621a6c7315fc11e8cbd8c242bb58960bce0de8055656aa26fd84fbe1fb3bfca78d1be0aea2a043f1d747bd78a5f3b6d9d98e7cff45f3922ab60c4c372637982232ef1fc9cea88df237fa2c902902b84253066f1d085767ab377c24339d8c6a3b39dc504c00da96f5d3393812ae4f434f22bbe8e7054acfb2681cae5ec90219fc8a2b9cbfa2000701934c09879ca000062ff610e6a594724531330f3f12614e6d0d242aab1be0871f5f7ac6775abe977162fe0ea150fcfa6f7a0b725fe170b095ab0e2398d343bf561f0d98685271af98a31d0ba06f4c0c352beafd449cf8e87c4a33ae0c32f056aebb4ba6e4eb80f081db992f6c684a53a12c19d878adc19d2ad3d9f491a0b1f52f1b7d19728db50436f0bba18ca5bf74ba65e02c837a9378a82f491cae854c44e227ea189ba0d690bfcccb8a888c721a88be8621eb6d3621fd44cb4fec498aeacec8dccce58cac3f22551111e9872deb142055de3aec713f31fca6b5d1543390fbe4995cdabaffb66975d45f36fdb68f6571938cf7610e7a4d3e2475e70e0fdd72646af1029097a09c135e9bf756d6af839b8952ab33d37c57f18bb8b6e0e57a3a3197b3e4773ba3c117f5eeb5f955f377847f59ddca89ea5aff24a5c5307f0e5b3168c908d8b567e268e280f650fb024816bcc8158ef86f5b4f37659c67a342de4e255cf619cb9506f06d7845c29085fe378ac8dce7e7b164c90c1fc3ee1abeca6f159337a446d53696ddff27b7db23a2d12f81b83d1f587c55eafcc32bac29277c819752dfedce79427c3c2697a5853bcbf41a34f8690dacdb1b242288202cfe5cb18fcf348a29d7dc9058c9cbb652d10d21bcd5808b78fb43e5be6b6c406e56f9eda4370ae38d584d627a98b9d6336d7ffe8e253d4d40717591f2233fd298373a7dfe10c8c2a3057b3acb1ccacdd01509d3b9ab98790d165a66ead4689f51a907a8c4e5d8ed13e54f6073dc6662d0d493e764eff7d589f3d8aecb05516f42b548b81f3ba12c8400b11b9961f65fdcaf0583b87ac32b5a0fd8afc03f610a1262e5f3369c8b499f5f8ab46531e08a9bb047efddd36541287243b3ee0900376ab9c7a2328ffe0a0b09c07300d68eabb6de4173fa8243df9c25ff0080eb96c0f2c0d40c3a9d623970063da092d8668cd441dc573710c7cf5d2ff6de9c6d8b6b5181f57b774c1f9c785fe78342bdd2f49ee2fee2bd0458d814980e976b1848013004133510279dfcc91ba864390f39aabbc8905db4e65dc16969317214733349364f14832eb345200b42678a9f550377d4fb7b10443f405303a946b6bf07b50d0c6ce2adf97a7dd2e7dd0c3e9b1897239184a543939568568b6035ac965a3713596363fb9803aed804f37ec855df5f76996af83ecc733d92a896e69cbef61f24c63a81b534d641fb0c8ca770f632c23895b55b48155e27ce035440cd6263d608fbfb2222f47c9c03a4b06e7ea69928302c6eb5ab96e08ed444a12d89a827c5879fae308b017c29b87668bb398c9df927079cf0ad7980da6a12869516b8cc53695a599238825e4fe22abb76ead1c59ee5ce47f397e3c77359150a5ebdbbdae775d6063071a0ab754868b288d99c9a7d322877a6b1fe3bc268f63571c6d9d7eb74b8bcf27e83ea05b3d754d74e16a3ffd6bd35f142f2662d615d0fb679394dc62fab84c0a652a366eb1fa94c9167688c983688bc94e7d01d0af1a1151e04c3e06b55658233365e00b8e9b9cfe9b6718d413b79efed04fffb2d5bf277fc61c2a1f35e67206b56a43be2dd8d49a02b476899730f7296717d2d90430ac25c79d1718e6f928297dbfc7f30a22ca0fcf071876887522dd757d21dfc4ff2e0867478b80330ef91feecef346be19ebe462a7750761e4a09f7de8431382ab1b7c2793fde1b488533eab204c25b41ec89c504e22d8be100ec402d1dd30e7a4f3158b0af4b9e605c51a154c391c86b1debc3a438856e787bc0f86d256a44e8d5358f424f67541f7dd46cfbb4097a0639cb863204c0e88ac36b68c5225ea31b4aaab157a79b042eefa293cf609338bb491057d7cb45c1bfe1d7d85e9e16f3bcb67a0416404d7834baa55ef74e95cc3253a47eba177ec1c1dcea8f5f20fcfc72228cd1a8a1e776dae7c3159c0679fc12626e43056fd2af35bc8ed7f1317785e695c85f3552cfc7c87de6ffe511a591037b56eedd5ca955c68aaaf63c58ef58bf1716f8e4dc6f33a584f565fbf68353afa844c66c656c791a4d2535671dcc3ba6b05ee2ddc62d811905d88f053d7909bbf02014da1281e4d90de9dc9b0877f7436988664998737bce0677":"6081b2be0c1cf8977092b63deb954403a5879a0abe8ac4c153008cdf"
+
+SHA3_256 long #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"b1caa396771a09a1db9bc20543e988e359d47c2a616417bbca1b62cb02796a888fc6eeff5c0b5c3d5062fcb4256f6ae1782f492c1cf03610b4a1fb7b814c057878e1190b9835425c7a4a0e182ad1f91535ed2a35033a5d8c670e21c575ff43c194a58a82d4a1a44881dd61f9f8161fc6b998860cbe4975780be93b6f87980bad0a99aa2cb7556b478ca35d1f3746c33e2bb7c47af426641cc7bbb3425e2144820345e1d0ea5b7da2c3236a52906acdc3b4d34e474dd714c0c40bf006a3a1d889a632983814bbc4a14fe5f159aa89249e7c738b3b73666bac2a615a83fd21ae0a1ce7352ade7b278b587158fd2fabb217aa1fe31d0bda53272045598015a8ae4d8cec226fefa58daa05500906c4d85e7567":"cb5648a1d61c6c5bdacd96f81c9591debc3950dcf658145b8d996570ba881a05"
+
+SHA3_256 long #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"712b03d9ebe78d3a032a612939c518a6166ca9a161183a7596aa35b294d19d1f962da3ff64b57494cb5656e24adcf3b50e16f4e52135d2d9de76e94aa801cf49db10e384035329c54c9455bb3a9725fd9a44f44cb9078d18d3783d46ce372c31281aecef2f8b53d5702b863d71bc5786a33dd15d9256103b5ff7572f703d5cde6695e6c84f239acd1d6512ef581330590f4ab2a114ea064a693d5f8df5d908587bc7f998cde4a8b43d8821595566597dc8b3bf9ea78b154bd8907ee6c5d4d8a851f94be510962292b7ddda04d17b79fab4c022deb400e5489639dbc448f573d5cf72073a8001b36f73ac6677351b39d9bdb900e9a1121f488a7fa0aee60682e7dc7c531c85ec0154593ded3ae70e4121cae58445d8896b549cacf22d07cdace7625d57158721b44851d796d6511c38dac28dd37cbf2d7073b407fbc813149adc485e3dacee66755443c389d2d90dc70d8ff91816c0c5d7adbad7e30772a1f3ce76c72a6a2284ec7f174aefb6e9a895c118717999421b470a9665d2728c3c60c6d3e048d58b43c0d1b5b2f00be8b64bfe453d1e8fadf5699331f9":"095dcd0bc55206d2e1e715fb7173fc16a81979f278495dfc69a6d8f3174eba5a"
+
+SHA3_256 long #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"2a459282195123ebc6cf5782ab611a11b9487706f7795e236df3a476404f4b8c1e9904e2dc5ef29c5e06b179b8649707928c3913d1e53164747f1fa9bba6eeaf8fb759d71e32adc8c611d061345882f1cdeee3ab4cab3554adb2e43f4b01c37b4546994b25f4dcd6c497bc206865643930157cb5b2f4f25be235fa223688535907efcc253bcd083021407ea09cb1c34684aa0c1849e7efe2d9af6938c46525af9e5afb4da6e5b83da4b61dc718672a8090549cbe5aadb44f5bc93a6b3fbdc2e6d32e2eaaae637465179ea17f23ad1e4f1ebc328e2c6dc90c302b74a1edbbb0676c136b269d70c41040a313af06ab291bf489d9700950b77f207c1fc41884799931b3bca8b93331a6e96b7a3f0a8bd24cdb64964c377e0512f36444bb0643a4e3ecb328194cd5428fd89ede167472a14a9bf5730aff1e3b2c708de96eff1ebaaf63beb75f9c7d8034d6e5471e8f8a1f7efce37793a958e134619c19c54d3d42645f7a7263f25471fbaae8be3ea2fbd34ec6d7aacd7d5680948c3cd9a837c9c469a88f600d95829f4d1e4e4a5ef4ed4623c07815a1c33d9fb3b91333ff04eac92806a68a46cf2e9293f8bff466ce87fe66b46fbff7c238c7f9b2c92eb2fdc7d8084167f6f4e680d03301e5c33f78f1857d6863b1b8c36c7fce3e07d2a96a8979712079ae0023a1e3970165bfcf3a5463d2a4fdf1ca0e044f9a247528cd935734cb6d85ba53ceb95325c0eaf0ff5cd81ecb32e58917eb26bfc52dba3704bf5a927fee3220":"cb1c691c87244c0caf733aacd427f83412cd48820b358c1b15dd9fadee54e5af"
+
+SHA3_256 long #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"32659902674c94473a283be00835eb86339d394a189a87da41dad500db27da6b6a4753b2bb219c961a227d88c6df466ba2fc1e9a2d4c982db4398778c76714d5e9940da48bc3808f3c9989131a07683b8c29d6af336e9aee1dfa57d83c48a86f17146edec07869bb06550689ebf4788159ed0a921048b4a6e3e3ec272413bec15d8e1f6a40897fa0e11d9df223ef9fc270106249ae220fdc6ebdef6d6611805421ccc850f53ee9c836baf657a94005883b5a85def344d218264f07b2ea8714afcc941096c6ded0bb6bf5b8bf652fd15a21931c58c9f526e27363ddff98c0a25bc7af9f469ab35bffea948b333f042cc18a82cec0177f33c3bdbf185b580353de79e51e675b03b31e195f19ba1f063d44def0441dc52820426c2c61cf12974ec249fd3502f017ffa06220075ced7e2d6b86a52677ba3916e8e8726062aec5bc8ea1c18b1e4137680b2c9d002191b423bee8691bd7e0f93c3b9959bc1c14d5c5cbe8f7c9c336aa16e9de9faa12f3f048c66d04cb441eb2bbc5e8a91e052c0f9000856896f9b7ba30c1e2eead36fc7ac30a7d3ddfc65caaba0e3b292d26dfba46b5e2dc9bc9acadde1c9f52b2969299bd1281ddff65822b629cfba2928613200e73661b803afdcc4a817d9361389e975e67dfadd22a797bdaf991ddf42db18711c079ecec55925f9978e478612609bacd900172011c27e24bad639ffc24a23877278318872153aef6893ccb5b68b94b33154df7334375aadd3edbb35272cc7b672dec68faa62900873ded52f6049891b77f2d0311a84b19b73660e09d1f1998095c1da1edecfa9f741b5fd6db048dd68255085d43529279021d59ed853470d6863b7c8e07fcb0d1e6acfb1eb16f7f60bb1f46ce70493010e57930a3b4b8b87e065272f6f1dd31df057627f4214e58798b664e1e40960f2789d44ccacfb3dbd8b02a68a053976711f8034c1ed3a8":"5ac9275e02543410359a3f364b2ae3b85763321fd6d374d13fe54314e5561b01"
+
+SHA3_256 long #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"a65da8277a3b3738432bca9822d43b3d810cdad3b0ed2468d02bd269f1a416cd77392190c2dde8630eeb28a297bda786017abe9cf82f14751422ac9fff6322d5d9a33173db49792d3bc37fff501af667f7ca3dd335d028551e04039ef5a9d42a9443e1b80ea872fd945ad8999514ae4a29a35f60b0f7e971b67ae04d1ba1b53470c03847a3225c3ddf593a57aed3599661ae2d2bb1cddd2fa62c4a94b8704c5c35c33e08e2debe54e567ae21e27e7eb36593ae1c807a8ef8b5c1495b15412108aaf3fce4130520aa6e2d3bdf7b3ea609fdf9ea1c64258435aae2e58a7b3abda198f979c17dbe0aa74253e979bf3a5800f388ea11a7f7454c4e36270a3083a790c77cbe89693205b32880c0d8f79b1c000ee9b5e58f175ba7696616c17c45673cff25d1221f899836e95cc9e26a887a7115c4537e65ad4eacc319ba98a9a8860c089cbc76e7ea4c984d900b80622afbbbd1c0cdc670e3a4c523f81c77fed38b6aa988876b097da8411cc48e9b25a826460a862aa3fadfe75952aa4347c2effebdac9138ebcc6c34991e9f5b19fc2b847a87be72ff49c99ecf19d837ee3e23686cd760d9dd7adc78091bca79e42fdb9bc0120faec1a6ca52913e2a0156ba9850e1f39d712859f7fdf7daedf0e206dff67e7121e5d1590a8a068947a8657d753e83c7f009b6b2e54acc24afc9fdc9601a1d6d9d1f17aab0ce96c4d83405d1e3baba1dffa86ecccee7f1c1b80b1bbf859106ce2b647ae1e4a6a9b584ae1dfc0a4deebb755638f1d95dcc79b1be263177e2a05c72bde545d09ba726f41d9547117e876af81bfc672e33c71442eb05675d9552df1b313d1f9934f9ddd08955fa21d6edf23000a277f6f149591299a0a96032861ecdc96bb76afa05a2bffb445d61dc891bc70c13695920b911cad0df3fa842a3e2318c57556974343f69794cb8fa18c1ad624835857e4781041198aa705c4d11f3ef82e941be2aee7a770e54521312fe6facbaf1138eee08fa90fae986a5d93719aeb30ac292a49c1d91bf4574d553a92a4a6c305ab09db6bbeffd84c7aa707f1c1628a0220d6ba4ee5e960566686228a6e766d8a30dddf30ed5aa637c949950c3d0e894a7560670b6879a7d70f3c7e5ab29aed236cc3527bdea076fec8add12d784fbcf9a":"68f62c418a6b97026cc70f6abf8419b671ee373709fa13074e37bd39f0a50fcb"
+
+SHA3_256 long #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"460f8c7aac921fa9a55800b1d04cf981717c78217cd43f98f02c5c0e66865c2eea90bcce0971a0d22bc1c74d24d9bfea054e558b38b8502fccb85f190d394f2f58f581a02d3b9cc986f07f5a67d57ab4b707bd964ecc10f94f8cc538b81eeb743746c537407b7b575ced0e1ec4c691a72eb0978be798e8be22b278b390be99c730896fdc69b6a44456be5ee261366e8b1351cbb22aa53e45ec325ed2bca0bfeeebc867d7d07681581b6d56ed66ac78280df04053407a7b57561261dd644cc7b20f0a95709e42795b5402dd89fcb11746c597e0b650a008bc085c681bb24b17db4458e1effba3f414a883ddfc4bccb3ace24d9223839d4b3ca9185ad5cc24193134b9339b0e205a4cc0fa3d8f7a85b4230d1b3ee101fbae9ee14c2153da5f337c853573bd004114cb436ee58ab1648373ee07cc39f14198ac5a02a4dd0585cf83dfd4899df88e8859dae8bc351af286642c1c25737bf8712cb941cbbb741d540feb9f5d831f901fbe2d6facd7dab626bd705f2fd7c9a7a0e7a9127e3451af2ae8509dd7b79dce41c1e30b9dba1c38cb4861dad3ac00d68fa5d07ba591c1c3b9d6b7d6e08099d0572ca4c475240601decba894fa3c4b0ea52ed687281beee268a1c8535e283b1fc7c51aa31d5ec098c50fec958acdd0d54a49643bef170093a1102a1b3bf5ad42fb55ebaf7db07385eadcd6e66da8b7b6e6c022a1e3d01f5fccec86365d3014c159a3bff17d614751b3fa0e8e89152936e159b7c0ea8d71cd4ffd83adae209b254b793f6f06bb63838a303b95c85b4edfa4ddcca0ed952165930bca87140f67f5389d1233fe04f0a3d647050410c44d389513084ad53155af00de02cc7943a3b988d8e1454f85153aff0816e24b964ec91dc514c588a93634ff3dd485c40575faa2f254abdf86fbcf6d381337601a7b1ba5b99719f045eb7bf6f2e8b9dd9d053ef0b3126f984fc9ea87a2a70b3798fab593b83a4ff44d9c0c4ec3e570ac537c10d9e3c4996027a813b70d7867b858f31f508aa56e7b087370707974b2186f02f5c549112f2158c0d365402e52cba18fe245f77f7e6fbf952ec2dc3c880b38be771caea23bc22838b1f70472d558bdf585d9c77088b7ba2dceaeb3e6f96df7d91d47da1ec42be03936d621ecf747f24f9073c122923b4161d99bc8190e24f57b6fac952ed344c7eae86a5f43c08089c28c7daf3aa7e39c59d6f1e17ece1977caf6b4a77a6ff52774521b861f38ebc978005e5763cc97123e4d17c7bc4134c8f139c7d7a9a02646fef9525d2a6871fc99747e81430b3fec38c677427c6f5e2f16c14eee646ebf6eb16775ad0957f8684c7045f7826bc3736eca":"7d495ddf961cbff060f80b509f2b9e20bed95319eef61c7adb5edeec18e64713"
+
+SHA3_256 long #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"c8a2a26587d0126abe9ba8031f37d8a7d18219c41fe639bc7281f32d7c83c376b7d8f9770e080d98d95b320c0f402d57b7ef680da04e42dd5211aacf4426ecca5050ca596312cfae79cee0e8c92e14913cc3c66b24ece86c2bfa99078991faad7b513e94f0b601b7853ddb1eb3c9345f47445a651389d070e482ea5db48d962820257daf1cbe4bb8e5f04a3637d836c8c1bc4d83d6eda5f165f2c2592be268412712ae324ef054bb812f56b8bc25c1d59071c64dd3e00df896924c84575817027861faa5f016c5c74142272daa767e8c9dacee4c732ab08b5fa9ad65a0b74c73fb5a889169f645e50d70e41d689415f7d0b4ec071e9238b5a88110856fc6ae9b9944817e21597d1ccd03b60e60472d1e11d3e9063de24a7b59609b6a2a4ee68238690cf2800614746941c48af9566e07494f0dd236e091e75a8f769e3b179b30c10f5277eec7b3f5c97337189b8b82bc5e717ff27355b2009356caa908e976ae1d7f7a94d36202a8d5e03641aeac0e453a8168ee5a0858ceecfcbf11fb8c1f033201add297a0a89476d2ea8b9a82bda8c3c7ef4f55c3295a4ecb7c607ac73d37eadc13b7a2494ec1928f7a80c8d534efe38a3d9ccb4ccdab9f092a1def6478532c5ad3cd5c259b3812600fa89e6d1e228114795d246cedc9c9fff0d1c1297a5ddfc1169c2efb3800df8dd18a8511214785abcc1bc7eb31bdb2f5f70358dfe860ed5a03ab7e95cc21df5ee7aee68be568d6985e5c1e91408e4432663b1c4e6d613d6dc382b5b900a4fc1b7a9c27a1138c5e2356ab9026c34465006602753daf6ab7427da93c307c901d0bb1ddb21c53bc0493dd8d857161e8ffa51fdecb75568243205aa979c2e7ed2a77b5f8edc34cffb0321a8c653bc381f96ab85a86bf0bb2c9518208d636eac40aa7ad754260a75d4a46362f994c90173b975afb0ee17601311b1c51ba562c1ca7e3c2dd18b90bdebb1858fe876c71b3ad742c4bcba33e7763c750098de856fde8731cb6d698218be9f0a98298630e5b374957d126cf0b1c489c48bab6b50f6fb59ee28be6c3916bbd16514234f80e1ac15d0215852b87f9c6e429eb9f85007bf6ae3de1af0202861fd177c7c4f51af533f956a051815815c6e51e25af20d02893e95442991f1de5f86a4397ae20d9f675657bf9f397267831e94cef4e4d287f759850350ce0898f2e29de3c5c41f4246fe998a8d1359a2bed36ded1e4d6b08682025843700fee8cab56703e342212870acdd53655255b35e414fa53d9810f47a37195f22d72f6e555392023a08adc282c585b2ae62e129efccdc9fe9617eecac12b2ecdabd247a1161a17750740f90ebed3520ceb17676f1fa87259815ff415c2794c5953f689c8d5407dbbd10d1241a986e265cea901af34ec1ded0323ca3290a317208ba865637af4797e65b9cfcad3b931bbf6ac896623e2f4408529172911f1b6a9bcae8279ec7e33452d0cd7b026b46a99cbe8a69cd4d21cdc6d3a84002fab527c4fd18a121526d49890ced3fb89beb384b524015a2e03c049241eb9":"b8d4b29b086ef6d6f73802b9e7a4f2001e384c8258e7046e6779662fd958517e"
+
+SHA3_256 long #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"3a86a182b54704a3af811e3e660abcfbaef2fb8f39bab09115c1068976ff694bb6f5a3839ae44590d73e4996d45af5ceb26b03218ab3fef6f5f4ef48d22839fb4371c270f9535357b22142c4ffb54e854b64cab41932fe888d41ca702e908c63eae244715bfbf69f481250f16f848dc881c6996e6f9d76f0e491de2c129f2a2ab22e72b04644f610a2fabc45aa2d7b3e5d77b87a135d2fd502ca74a207bddaf9a43e945245961a53c7bfcfe73a1ae090e6606ffe8ddbf1e0f0d6d4fa94526578c6faf282dd592b10bf4bce00a7b1846625690623667e83b9b59b465d42c6944e224ad36698f5f2ee938404b7775c2e66207bc41025adaf07590312f398812d24c0178126fdd334964a54b8353482a83be17cf2ee52d23b72e5f57fe31eebf8a1a64742eb9459bcb0eca231a1658ab88b7056d8e47554f0a46058d6565c6cbf6edec45fdde6f051e38255b82493de27ffd3efbe1b179b9642d2166073db6d4832707420237a00bad7125795e645e5bc3e1431ecbabf0ff5f74416626322545c966241cce6d8f2c035a78f100e030741f13b02a9eaf618d468bc40274db98bc342be12ad4d892c2ba546e571c556ac7cbf4e4c3fd3431efd40457cf65a297845dd8cce09811418c3cef941ff32c43c375157f6f49c2e893625e4b216b1f985aa0fd25f29a9011d4f59c78b037ed71f384e5de8116e3fc148c0a3cad07cb119b9829aac55eed9a299edb9abc5d017be485f690add70ff2efbb889ac6ce0da9b3bdbeb9dd47823116733d58a8d510b7f2e2c8244a2cbf53816b59e413207fb75f9c5ce1af06e67d182d3250ea3283bcbb45cb07ea6a6aa486361eb6f69199c0eb8e6490beff82e4ab274b1204e7f2f0ba097fba0332aa4c4a861771f5b3d45ce43e667581a40fee4bebe7fa9d87b70a5bb876c928f7e6d16ae604b3a4e9c7f1d616e2deab96b6207705b9a8f87468503cdd20a3c02cc8da43d046da68b5ed163d926a5a714a4df1b8ef007bca408f68b9e20de86d6398ad81df5e74d5aaac40874b5d6787211ff88e128cf1676e84ca7f51aee5951efee1915dcc11502a8df74fac4c8451dda49b631a8fb87470f0ebe9b67449bbd1640ceee6101e8cd82aa1033fa84f75b28450e461b93f65da5c43759b0e83660d50961702bb1ad015dad42e600117475237cf6e7279d4a02d1f67cf59de0108355d03963e3d84ce7647173dd7d77a6b3f275d7de74236d7bbb2df437d536136dbe1dbe8f307facc7bc7d0cde1abf745cbeb81af1ab2c46138cf007e901f22668377958bcbbadb7e9905973b27ff0c5baaece25e974c1bd116cc81dd1c81a30bae86a6fb12c6a5494068e122153128313eb3e628d76e9babc823c9eb9d3b81bacfa7a6b372abe6b1246a350f23e2e95b09c9037a75aac255ef7d4f267cad3ce869531b4165db2e5a9792094efea4ae3d9ea4d0efdc712e63df21882a353743190e016b2166e4da8a2c78e48defc7155d5fdfc4e596624e6a19c91b43719a22c1204b1cefe05989d455773d3881fa8d3eefc255f81dfe90bd41dc6f1e9c265a753298a6e98c999acd9525a9db5f9f9456a0f51a93dd9693e1d9c3fa283f7c58a9c752afcaa635abea8dfc80e2c326b939260069457fdad68c341852dcb5fcbbd351318defd7ae3b9f827478eb77306a5ae14cf8895f2bc6f0f361ffc8aa37e286629dc7e59b73a8712525e851c64d363065631edc1609f3d49a09575876a":"b71ec00c0fcc4f8663312711540df1cd236eb52f237409415b749ff9436dc331"
+
+SHA3_256 long #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"c041e23b6d55998681802114abc73d2776967cab715572698d3d497ec66a790b0531d32f45b3c432f5b2d8039ea47de5c6060a6514f3ff8fb5f58e61fd1b5b80524c812a46dad56c035a6e95ecb465ea8176d99b836e36f65977b7dbb3932a706d3af415b6f2549b7120ecb0db1e7d9e6f8df23607eda006436bccd32ef96d431fa434d9de22ca2608ab593eb50b4d6a57f45c1ce698c3283a77d330b876ad6030324a5c0693be7790a4bd26c0a25eb403531f37689829c20546d6dc97327131688b3d88766db8f5d1b22050450c37e53951446dd7155a3e6d7edcbe1354411d8f58154475d74008937e8ba48b706066c296d1a87936dd023ac8eebe7605a58c6c40da774cf9df189db0050adcf7629e66cbd1cf9824397834cb13c4066c26e6c8ec950b44fc1c8db8ef976a7ec8c4f4ec9849ca7a07f906223053b80db24b946b034ee7a30880d0ace348acba0d0ed21ea443816706a216ce9eb682d1fe9dfc1d2e0bf3b1449247413520b8d8ebc99fc298c6dca949be0ffebe450b9b79a387a615d617b8d9da5b3e8d2776208c7cc2a11bdbc387f9d4597b380739b24ae59dcd5fb63bfeefe0746d9266cfda18afa583d6891e483e6d5c0db305f5609beba75bb5b447ccac2dfb94ede4a94db6eaaf3070d8d5353f107f7bd74528eb913e0b19bed6236a3b48567c46a9eec28fb6486f92d0d09625452d8f4dd1b89c566533cc2326b820c2b9efed43be8481cb9ad809e47af7b31795cb0fbdb18fbb12e8853f8bacec366a092daf8f2a55d2911fc7c70ddd33d33e86c2c4ceeb9390ec506b399f6fa8f35abf7789d0f547fd09cb7e6fb6016a3fc2a27a762989ae620d234c810777d5a1bb633744af2844495d2963c986ef8540ca715bed7692c77b9dec90e06acc5986b47dd4a8d3ca3300b2bedf9f26ae6d1c7e7acef05c0fc521c3309e1e70771eea6e96b67de5e3fb6833145bb73d46081b074539498307929da779e003c27f0a171035458b8c7c86c905b23dda74c040878d5a05be94821537724ebd5608ec0754c3e3e99a719bbb6d5320eed07323fca637429b18378936364c389de1e9c6fce8af270a713b4b829b43e7d761e17724c22e84611e1322dde45cbee86a0e16d01cfb8910d99391c39afd8e5f5567c59f219aa8c19ad158f287cb6807ba1fe46d38d091639a217766b3aa9ded73ac14570ba236225218305d68c0be6099c336ba8455c86b7c8c04542e729ceb84596c33ca6eb7ec1091b406cf64495ccfa2169f47b3b590477d4073537c14c05015d51ba527b3869ae4ebd603df906323658b04cb11e13bc29b34ac69f18dd49f8958f7e3f5b05ab8b8ddb34e581bde5eb49dd15698d2d2b68fe7e8baf88d8f395cfcafcdff38cf34b59386f6f77333483655ee316f12bfeb00610d8cba9e59e637ca2cab6ed24dd584143844e61fcca994ba44a4c029682997ab04285f479a6dc2c854c569073c62cd68af804aa70f4976d5b9f6b09d3738fcccb6d60e11ba97a4001062195d05a43798d5f24e9466f082ac367169f892dfd6cc0adeef82212c867a49cba65e0e636bab91e2176d3865634aa45b13c1e3e7cdb4e7872b2437f40f3de5493792c06611a9ca97d0baed71bfb4e9fdd58191198a8b371aea7f65b6e851ce22f4808377d09b6a5a9f04eddc3ff4ef9fd8bf043bb559e1df5319113cb8beea9e06b0c05c50885873acd19f6e8a109c894403a415f627cd1e8f7ca54c288c230795aaddde3a787c2a20ac6dee4913da0240d6d971f3fce31fc53087afe0c45fa3c8f744c53673bec6231abe2623029053f4be0b1557e00b291ebb212d876e88bcc81e5bd9eb820691dca5fbdcc1e7a6c58945a2cac8db2d86c2a7d98dc5908598bda78ce202ac3cd174d48ad9cac9039e27f30658eef6317cd87c199944343e7fce1b3ea7":"ad635385a289163fbaf04b5850285bfe3759774aee7fd0211d770f63985e1b44"
+
+SHA3_256 long #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"01ec0bfc6cc56e4964808e2f1e516416717dad133061e30cb6b66b1dc213103b86b3b017fa7935457631c79e801941e3e3a0e1a3016d435e69a390eaac64f3166d944c8eb8df29fe95fdf27adc34631e4a1f3ff1d5af430f3d6f5908e40c0f83df1447274dfe30bbe76b758bd9abb40ed18331c7552dcc6959a1303e11134ec904bd0aab62de33c39703b99920851afd9d531eeb28f1c4b2e6c17c55db8296320316fbe19e881b5fcb4d266c58ca7f31d9176e26f70315330b58a516ec60d10404a78393aa03ced7acd225cb2a83caf3ab5888406a69a534f1ed1346e9b5e68831f90b872d57367361191c803eb7e38b3b9cd601282d5efdbf082db07d89bd06b093f986d08d3a7b12aa74513b6eb241b26ebf31da5726d59e315d1b4ee53ec6a9fdb6583bacc136e90e9607cab01e5d3853ab9727ede706b6f10b4e04d0510f45c0abc515bcb5ed0bcce86a92861126f4d502fcb8f988d62ecf9d124853de2bab633f9506c6fde8a36cd4413cf773e50f7b2d283482f18e2f547c2fc275cd60056ed98fb8d0816fd777c1566f0c2ae3b1cd92e344910a75e006106d193e06f7786ae37dd0e529cacf74176fd4cc1f6500549af5902dbbd56a70c194f5b671372edec425f90add40b4eb3d55123f3ab62797ad25bf5eecf4f417f86b00e6f76a4f52e44fd949851aae649dd0d26d641d4c1f343c7a2c851ca7851bbbdfd57ed6024eabc518a909a1e4689ea7bc5f83e19872950368a06e93ab41944c3d8befc5705b814e5f33511a7f7ea8a4771c804b321a3a3f32c18fa127d3c9e6c011337dc100ceb156ed45d0a62f238dacac44a3429f89bb7f98d09043c42451106e30471cc6fab7a4e1ce0a8202772b0218b631f287ec3ef82b1aa6299a0b54d6aad06aa9346d28f117d20f3b7f0d462267bd3c685cca8f4584532dfee0e8b9bacefa3092d28fcce7953a28f82e4ba6b3a1430ecca58b770dab656bed1b224663e196dffc28c96a2c65ef9de1989a125ecf2fed47eb96bef8a636a91bd521c47aeb8bc011bf81cc688fd8b620446353cbf7692201b5552cb07fb02eb3954dfaa6f5c31bf91e20b84419dcbbdaba0c31a124d8f4218b2f88da3eba44dbe40eb290052538dccd0ff7670de5f33a83ff74895b66adcff58c9c21e93b31bb49ccb2e026995ee155b5517b72daa76526a2e42aa6fa94357cd42e2a8a1d3e7d4cefc33d5d07d6303d798d2551a21f862b5f492d0c7cf078a77007a02847b34675dfad4fb457e9f20dc5750fb127a3c31b9d6a3996d50ac3ffc6ef29cca1d8414d0438bf3271dc4f4e00cfe19a507b447dc310f74aeb2a3c0b3fae6d7d13f4935bc72c35df3efa6e879164421505ee32d93b030e32a7970b53430b1643855167278e5058c4a48a7840e2fcdb282e45b5b86c0b2756f19b595f3bcfc926df35e33ac26dd1e88cd394015a5f54deb4c9f4a0bef0eabcb27c4eb88dc2302f09e92f1bcc4b4754df1eeb536154543c7dbf181c9979fe6ed08311e5a3acf365ebb5745212b2630e83b3a5bd5fa4834c727248b165700c7435f8cb6ee455bad16ee0da68fe6acd2062dae9c8bc178b157b29ade98a9bbbd4c723a3dcb7852c7978b488e4f73a2c9163dbdffae175119f812b6f4b70c2b498704bc2b58603f167f277a74e64ec296a6dfdb0de3486c0f36ac1b55f80af9fc817ba4f84b898b2a3c5725e2faf466bb26a8a84f91e123d182033a7ae2029236aa4b673ceb50c1733d7edd60e3f119b7141c882d508e0331689c96fbfb9f7e888fe88561de427c721123036737c1460b0da00d3f958b948f68fcb321ab4e297290f781ff8afb06b755d82a7e6ce1963761d799eed786524bf19801b4877b2d856becdf7e87d71aa359f2d51f09de64bcbf27d0c3aceac70790e314fd06c2f5216f3d10574b7302d6bc2775b185145c1b741524567c456d42c5826f93afa20ae7196ca7224c3b69b1eada9eee752fb6d43f24170fcc02af7e1dea73f0f884f936f900165800acb9d57480a31e409d3f676ed92b6812cf182a088fc49d68082aa19c7be0711f436db1d7be44d97dc9405591a8d3e7f6f731c6f3e6c401749829b7624497f5eeac1fc782e7d6988340541f2617a317e":"2a6283b1c02c6aaf74c4155091ff54a904bb700077f96a9c4bd84e8e51b54d01"
+
+SHA3_256 long #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"9271fd111dcf260c04cf4b748f269ac80f7485c41f7724352a7ed40b2e2125b0bf30f3984ee9d21aab6eb07ec976b557c2426e131ad32bd0485aa57172f0e4f1798760f8352067ac023fbeca7b9c8bf5851c724e90ffff44195b44ae73c9c317c85e8e585bddac6d0f2abf812d02e44b62eadb9d0765683aa56af8e9b91588c7b49dc3e146866a02dc18f9ca680f88006094ef29096c2d5af5700b4aca3dfcab462c48bb8085691671efb5ceb22b3ebd8702f71a1d7c184b1053c3fa30a7e76b85f3650d9140714fd4993bb496becf2ae01d3a98ccfdefb6fefd692173bd11af7adb61ffff214a550ffcd3a5993004ee72cb02ca9c577b42c85444e619e6411e2bca86bb548ebbd12a02c5c945eaa3b246f595d817f3849875429e72ac894160a2a91a6617f18e6b2b9258472152741d62843cebc537d25f0daebdedb410d71ee761662bd1b189ca1c93d648b5d141d8d05e3f2b2d8c2c40997fea7eb7e2cc0000d8b2300936759704ef85f38ad0d08a986de6bfd75b5be3209f6d4d3f67e7adf7f8469d47e81979ec8dae7127b5eadcc09779cf4b0a28efaaf58e83d307f2ced4a8699b142f3f19db5598e914e9577652c63f851203580d40699548fc2ab30a9dcf6452f673ad1ed92f8d84dad5dfff55e18107b3acb6e4e8e3c9c34038f40a5c577fe9771c2c31ef03d36a00e04a20d2d0877db66f091dac4b741d2a997b75182702881f9284fa23b9b3c20e715f80d07b9910a4b3185f9489dc7d3fb510f4da273559753d7d207f3975b48df2e7c857caffe703dfac53a786490c09f57d2fa93f60810186df4c0b6b616a04caab9f70a5002c5e5d8da0ed2805f20fbf89cd8d57ca2b4bd37125ce38bf09fb6170ae21f4e6043a9483ef6e585756d97cfb778e57bc7ddc8dfc54d086d6bcfa1f019c749ff79921ec56e833ff8660f0959cd4b5277e9f3b1d4880193fefa98a6c2512718e7c139acdcd324303db3adb70348d09b058baf0e91d52b24952f832b0a3b81fa9bc9a2e9fb276a64e9e0922778b4992d892f6845b4372a28e47d27b53443586d9015463cacb5b65c617f84e1168b15988737a7eda8187f1f4165fecbdd032ae04916cc4b6e18a87558d2ce6a5946c65a9446f66cda139a76506c60d560f56a013b508d6ccbbaa14e24ad0729dd823bf214efcc59e6932cdc860306687c84a63efb551237223641554940a7a60fa7e6ddad64a21b4a2176b046dc480b6c5b5ff7ed96e3211df609195b4028756c22479ba278105771493870372abe24dcc407daa69878b12b845908cf2e220e7fabeeaab88c8f64f864c2bacba0c14b2a693e45aacc6b7db76bc1a2195cfce7b68f3c99440477ea4c1ea5ee78c109f4f1b553c76eb513dd6e16c383ce7f3187ad66c1d5c982724de8e16299c2fde0a8af22e8de56e50a56ac0fef1c52e76864c0ad1eeedd8907065b37892b3eca0ddcdf5c8e0917dec78fedd194ea4b380a059ccc9452e48a9eba2f8b7a4150b7ba17feac83c61604c3cfcfe6655c2be37ef0ae6fc29072f9b1cfb277b64a8d499dd079ad9aa3d5e9a7ccbec8c100596c6fac51e13a260d78d8cd9066edc558e2219cfcda1310dc1fbbdd36f348756855349f33eb6b82186a8c1a55f361305833edd3e4ac8d9b9cf99897c4e06c19ed10765fd0c8c7433851445c5f87b119ef913b2bcdbf7aa2ad19c672e53a9c6c3c309d549513edd7c1cf8a0a399e6df0939cc1fb146d6ad460e2ce05144c69eafa3822141d473fbe5927c58a50c1e842f8b8fad85540ce9f6d06f7b4dea045248b999d24c5fd4d75631caf73518cc08f73684e2a1cd4266235d90c08a0d0ce8784c776fd1b80978b83f0705ba8498744884d5496b791f2db3ffb5377175856b25a643803aa8b9e7f1055e089c1929cf0cbba7674c204c4590fb076968e918e0390d268eeef78c2aebcbf58a429f28212a2425c6ad8970b6a09cadddd8336d519bca4820556d2c4b8cd9f41216de3c728a0774edf47d3489cd29cf1b2a192bc53325d0bed7d23e51be7684297f9d0ecb14acbf648bc440c5fde997acc464fb45e965e6f0dced6d4568ebcd55e5a64633b05a2cb4d8263b721a252b1710dc84d8a5d4b43fcc875e2e7281f621b0bf8bb3465be364456bcd990b26b3e474486f864fb85f320f68bc14c37d271249b18552bef50dfc385a9f41b831589c5a716357cf5a12520d582d00452a8ab21643dd180071d2041bbc5972099141c6292009540d02f3252f1f59f8dfcf4488803f3b0df41759055559a334e68c98ea491b0984f2f82a35db84ea0779b3801cf06b463a832e":"4e75bf3c580474575c96ec7faa03feb732379f95660b77149974133644f5d2a0"
+
+SHA3_256 long #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"075997f09ab1980a3179d4da78c2e914a1ff48f34e5d3c2ab157281ef1841052d0b45a228c3cd6b5028efd2d190d76205e1fdf4cec83c9868fe504f429af1e7c5423267c48a7b5bc005f30a1980147a3fae5c100b95c7cb23d43af9f21d87311d9cc826598993e077015f59ebc476383bb7a78787d915c97039ab188a2a618f7a8d7f64542ba787e9dd7d48c4c87d2aaea068c1b00c9711b2812901673c11418096d0a850fb36b0acece56d311689dfeceb0835009adc427f6d2d6b05ed26f5a43b6478bc72c1f914a2202dbd393cb69b1a1e78162e55ca4b3030ac0298131a7a0d934c032cc9dfc5afa600c59b064d2d9013f15d1184278a8ccb5ad9d7563e666fe5a8c173cec34467ef9cf6d6671208ff714741fee7c8d1d565edf82570dffde4f3f584024142056d8548ad55df83d1babed06141114c95ac88dbea0ce35d950f16d8a732a1ea7d22dfaa75a3e0410c546523277261116a64bcbb2be83e55e040f6c8c79f911b301a8718cc4b19a81d5f0cb6312d87c5b4b079e23a61d247541cfc2c41a37f52b2c6e43a3db5dc47892d0e1feabcc5c808f2391791e45fb065159f99c1d8dd2f69baaf75267eb89dd460f1b6c0badb96cbbc8291cefa370fa7ad6997a4ca2b1fe968216032f02f29837d40215fa219c09161df074e1de8e37056e28c86d1f992a651e271dfc4b0592ad481c613fd00c3eea4b6deabb9f5aa63a4830ed49ab93624fa7b208966eccb1f293f4b9a46411f37d7928e4478dde2f608d3851a8efa68e9d45402bc5124fde4ddc0f83ef82b31019d0aacb4b5121bbc064c95c5292da97981f58f051df9502054bf728e9d4fb7e04787a0890922b30a3f66a760e3d3763855e82be017fa603630a33115a02f02386982001def905784f6ba307a598c6dbaf2946fe9e978acbaf3e4ba50ab49ae8e9582520fc2eb6790deafc77e04a8ee75da92d16f0d249403112c74bc09102b573e110ccb4d8461d249bfe2e85fc9770d606be6fbfd5ec4c30ac306d46412f736e5b696ccc9fbe4adea730955c55ea5c63678271d34b7bd6f6340e72626d290820eeb96a0d2d25ea81361a122ffe8e954cf4ff84f4dafcc5c9d3e7c2ddbdf95ed2c0862d3f2783e4566f450ec49e8b01d9d7bf11e92a7903f2b045c57ed8a65ccbfc5b1d2a38e020a57b38f2e4deea8a52354a7e7be4f977b8f5afe30f6738e955c8bda295064586b6827b245766b217fe39263572b0850965c7ae845611b8efb64c36244a39b9fed0ab970ee5ddeb8f2608dd9c963524a14050c9101d7f2d5537b24d0b0f7a45703c1e131656ec9edc12cdf71dae1cde2790b888ef2a589f03201f8bbfad71f0c4430477a6713ad2e50aaefa1f840cbb839e277389454517e0b9bd76a8ecc5c2e22b854c25ff708f9256d3700adeaec49eb2c4134638ee9bd649b4982f931ec3b23cc819fbc835ddcb3d65e04585aa005e13b7ef8fcafa36cc1a2c79ba6c26fc1dc0f6668f9432c578088cd33a41a778ac0b298fcac212edab724c9fb33d827409fd36bc4b2b0e4e81006fd050d94d3271e0427c61e9ddca599a3c9480cfdd33603cb1a196557281ce6a375fef17463893db293dba0704d4bfda25e08beadd4208c58ea0d8d9066448910b087fc13792fc44075a3fe42e13c5792f093a552aa8ebe0f63e7a807102d5bc145468a0cb469263035c5647049054c18199f7da6d6defd51105e2125c605e327aca137ca85e3f7f46ca69f92d5252f84418293f4e9afeeb067c79576e88cc3c64f3e61d76e1e9e2f72cdfc35261a9679f0c374d7436ff6cfe2ba71650810522fa554a4aded87ad23f0b206b1bc63f56bbff8bcc8849d99e209bd519a953f32c667aa8cd874ad99846ed94b92f88fe0dbf788c8431dc76ca9553692622077da2cdea666c1b3fee7c335da37737afccd3d400a23d18f5bd3784dbcd0663a38acb5a2beef03fc0a1c52ee0b56bda4493f2221e35bee59f962f16bc6781133204f032c7a6209dd3dabd6100325ec14e3ab0d05aadd03fdfe9f8737da15edab9d2598046f8c6dd8381aaf244821994d5a956073c733bcebf9edbc2a6e2676242dc4e6a2e4ba8a7d57ed509340d61fae2c82bee4dedc73b469e202cc0916250d40a1718090690a1d3b986cf593b019b7b7f79ae14843b2e7ccf0fd85218184f7844fbb35e934476841b056b3a75bf20abb6866e19a0614e6a1af0eee4de510535724363b6598cccf08a99066021653177559c57e5aaff4417670a98fe4bd41a137c384f98c0324c20ef8bc851a9b975e9440191ff08deb78c9fa6fc29c76b371a4a1fa08c30fc9d1b3323d897738495086bfd43ef24c650cfa80c42ecbadc0453c4437d1a11b467e93ca95fbae98d38dcb2da953e657fb7ea6c8493d08cf028c5d3eb0fcbcb205493f4658440719e076e02deb07332d093e4d256175ca56f4c785d5e7e26c6090a20429f70b3757daac54153bc16f5828dc6c1c9f5186e2117754be5f1b46b3631980d9e4a9a5c":"2e07737d271b9a0162eb2f4be1be54887118c462317eb6bd9f9baf1e24111848"
+
+SHA3_256 long #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"119a356f8c0790bbd5e9f3b4c5c4a70e97f462364c88cad04d5435645342b35484e94e12df61908fd95546f74859849b817ee92fbd242435c210b7b9bfbffb3f77f965faa1a9073e8feb5a380f673add8fde32208402fa680c8b3e41d187a15131f1028f9d86feaf3fd4b6e0e094d2ba0839c67267c9535173ec51645343ad74fcfaae389aa17cca3137e2588488531c36ba2b8e2f2238d8415c798a0b9a258f1e3cef605fa18977ad3d6707c3ecc5ea5f86ebdaa4b4b0e5bc023d1bc335138ae0de506cb52f2d9efa0ecc546468310cccc88ec08d28c3602e07257f41bb7e4d8a0956c564f3712761d199a931a39e69c5a69aa7b3257931dd92b91e4ed56fbf64e48bd334945cfa2aaf576df04614eb914899f7df54db4012cc8261b12bedcab69876feedbbf7009dcf8d076af89b797ad71217d75cf07514dc07ae34640055c74c9faf560f491f015ac3e167623cfbc67b8e7163e7c1b92debd06e9d28b049e0298f4c38395a40a0778162af2cfe5abe5b946c4d9a54f2a321660ab521068c4957cd3f5be0324cc04f50f209fdea7caaa0ac705c1fb30abfa550e844f509074afde1ee87adda29aa09b7f93e7d064ad2715ee5571ee6e7c9a01672124cc2a22b4354c3844759c1a6ce3fdf17555cac7df73334073ef3730939410fe6cf37463352ad241958b7fafbc66e0d592df48bf55ab2c33428e494c6995826892572d9ab52747b1085fcbef318cfe9cfacd4cd80c164fba584c1344ae7e321c4f77b44db6b322f2f7831f4d4ede7dc407b065c6754cf4424f9903adb4c6b675ded58700bc36da83fd95e84e76c404f7342921ef23d7d07772f5b8ec2f077601cae13448385b04e074f895574be61a831a87efd68a1f6aa67cf291847fa8f74cbe3b4a78ad780895183bc51c30ad2514255d4e013abc097bc8103c0b1933b0b303341836ae167c1e31dfe5f1b791cb06ef29cae398065343eecf06e4ae2048d1547c4bf69ccec5e86c45867c633c62f7d27dc51234b6debb5b9f80a5810716240c64443d0c098c80220d0520a5f5834369b9eb019325e23e88f237c24440bf27959caf7e7e4f1671fda710630255a2962f7e9b3625dc243a0177aacf6a758a68aa85dc3f56181a4a59a406c7fae5575c9e2c64248f520b5a5f904821661e2e43a5a058f445fd0e55b07476c4122d18033053b45112201e0bfdcc9e7cb9931155018ca431a0564930aca8defbca954b2680753a4060bec2cb668d2c15e77cba29589b5c7c07bc7177a8b1adb3a6968732f9213476fd96901514626fa17243af1d156cd037eea81d773f1f71a018d942b524b851794b300c7591ecd783ec8066ccb261bdf9b7a183dbda42b92593b614297dcb0fabcc23ae69797d0251b8ab57a4da2a544615216b01f4dbe2d8c9b5520c7ed9cd9312e9ec6d05a36e7f693d1821d727518169b03976394b9d1e1d7fa2daa25529d391eb5d0cf0f07a8160be2ee043d9345037c655c4f2023689f14d8d2072dd92c1dba056a5b5d4c4fc4196e25caab05b1701ec666ac9a04d90f7d7575a7ac3970252c18fd3bec0cc448e5ff8f3765d546a4a8ad1d41a9640c79375b80534b7b50989976f238654fefea981c9413130beae943a3e9d8f64ce9256d1259d1b2a6b3c02ca5af1a701db8f25a4e9c255dad8785172f323728c3585a45206ae988c283e30a2f9ea9b47f07a7521b0f36e9c504c14bd96027e8d24161e70f196576d8a74a5e9c26acda7cc452a90e550e625a49e50829db70de808c827c67d00c23ee073d4e72aeed891dd73b86acd6756e753e3975a80cdab1d521052caef6a5380f8b03023ba0326a6928aa127ffb33b51dcb05bbdd592d0ad9e8321e6ef2f95c401be6a37e634425689fe7750e2a0fe05ad89001502b309095ca517b2e2ed0388b9f2c59c45feb61222539d6e1ccd397344d23708aebacec10ada96a7711f173f7ff1e4b94fceec6a0a0ea5d814a4581b412063012ff6ac5527b8314d00326b68c2304a276a217fde9fa4034750a2e47e10f816870d12fc4641a27a1c16c35a953f32685f2b92cae0519848045765591c42ddc402dc7c6914d74dd38d2b5e7f35358cb1d91a9f681fde7fd6c7af5840663525ee1d04bf6d3156fed018c44043d95383d92dada3d1cd84af51d9bee814ec8675073e1c48632c5f59e257682542e1f7dc20b56b5c92a9e2cb2be30cb1512fb55fa1de99a3f5864ed3acc19d79e6ffb0da3b08ba0615157747d75c1f308fa0202a4086f34e9eafa3e071dfbacaca731d228aa0304cf390c0a9e6ad7ce22ade758965cfbfc4c9390d24e41a667447fc7b29821464ad98bc5d65dc7f9c42bd4b23e174015592ff92c905660a2722f9fc7973d3cdad848ef88bf02b1b03dea16699b71dc46b35bc4d96069a0753335ae38685d244918e30c5fb0d45283a1281c1659ea591573999d9c2acd2ca9141d55230d41011b70748b518e1cd2fa58ad8dc05fcbdf0bffaf2c7fd6cb2ac67bb13b8f6d31fad64ac113664223599dca411270955c95aec06518894dabc352d2b70984727437040d944da7b42e0ef560ac532de3e4a4891e8509c275b51ed780f8660b0354e12c21b3e11bcc88198980b5f7ff31ad342182d5a933373164dced3cfb2a081720d7eee676cb7378a3e19326a7ee67fd6c00521f9de37c66bcea814b6feb6a061b8cdcf7b4bd8f45d48602c5":"c26d0b064e409df64819cd7c1a3b8076f19815b9823adac4e3ce0b4d3a29de18"
+
+SHA3_256 long #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"72c57c359e10684d0517e46653a02d18d29eff803eb009e4d5eb9e95add9ad1a4ac1f38a70296f3a369a16985ca3c957de2084cdc9bdd8994eb59b8815e0debad4ec1f001feac089820db8becdaf896aaf95721e8674e5d476b43bd2b873a7d135cd685f545b438210f9319e4dcd55986c85303c1ddf18dc746fe63a409df0a998ed376eb683e16c09e6e9018504152b3e7628ef350659fb716e058a5263a18823d2f2f6ee6a8091945a48ae1c5cb1694cf2c1fe76ef9177953afe8899cfa2b7fe0603bfa3180937dadfb66fbbdd119bbf8063338aa4a699075a3bfdbae8db7e5211d0917e9665a702fc9b0a0a901d08bea97654162d82a9f05622b060b634244779c33427eb7a29353a5f48b07cbefa72f3622ac5900bef77b71d6b314296f304c8426f451f32049b1f6af156a9dab702e8907d3cd72bb2c50493f4d593e731b285b70c803b74825b3524cda3205a8897106615260ac93c01c5ec14f5b11127783989d1824527e99e04f6a340e827b559f24db9292fcdd354838f9339a5fa1d7f6b2087f04835828b13463dd40927866f16ae33ed501ec0e6c4e63948768c5aeea3e4f6754985954bea7d61088c44430204ef491b74a64bde1358cecb2cad28ee6a3de5b752ff6a051104d88478653339457ac45ba44cbb65f54d1969d047cda746931d5e6a8b48e211416aefd5729f3d60b56b54e7f85aa2f42de3cb69419240c24e67139a11790a709edef2ac52cf35dd0a08af45926ebe9761f498ff83bfe263d6897ee97943a4b982fe3404ef0b4a45e06113c60340e0664f14799bf59cb4b3934b465fabefd87155905ee5309ba41e9e402973311831ea600b16437f71df39ee77130490c4d0227e5d1757fdc66af3ae6b9953053ed9aafca0160209858a7d4dd38fe10e0cb153672d08633ed6c54977aa0a6e67f9ff2f8c9d22dd7b21de08192960fd0e0da68d77c8d810db11dcaa61c725cd4092cbff76c8e1debd8d0361bb3f2e607911d45716f53067bdc0d89dd4889177765166a424e9fc0cb711201099dda213355e6639ac7eb86eca2ae0ab38b7f674f37ef8a6fcca1a6f52f55d9e1dcd631d2c3c82bba129172feb991d5af51afecd9d61a88b6832e4107480e392aed61a8644f551665ebff6b20953b635737a4f895e429fddcfe801f606fbda74b3bf6f5767d0fac14907fcfd0aa1d4c11b9e91b01d68052399b51a29f1ae6acd965109977c14a555cbcbd21ad8cb9f8853506d4bc21c01e62d61d7b21be1b923be54914e6b0a7ca84dd11f1159193e1184568a6134a6bbadf5b4df986edcf2019390ae841cfaa44435e28ce877d3dae4177992fa5d4e5c005876dbe3d1e63bec7dcc0942762b48b1ecc6c1a918409a8a72812a1e245c0c67be6e729c2b49bc6ee4d24a8f63e78e75db45655c26a9a78aff36fcd67117f26b8f654dca664b9f0e30681874cb749e1a692720078856286c2560b0292cc837933423147569350955c9571bf8941ba128fd339cb4268f46b94bc6ee203eb7026813706ea51c4f24c91866fc23a724bf2501327e6ae89c29f8db315dc28d2c7c719514036367e018f4835f63fdecd71f9bdced7132b6c4f8b13c69a517026fcd3622d67cb632320d5e7308f78f4b7cea11f6291b137851dc6cd6366f2785c71c3f237f81a7658b2a8d512b61e0ad5a4710b7b124151689fcb2116063fbff7e9115fed7b93de834970b838e49f8f8ba5f1f874c354078b5810a55ae289a56da563f1da6cd80a3757d6073fa55e016e45ac6cec1f69d871c92fd0ae9670c74249045e6b464787f9504128736309fed205f8df4d90e332908581298d9c75a3fa36ab0c3c9272e62de53ab290c803d67b696fd615c260a47bffad16746f18ba1a10a061bacbea9369693b3c042eec36bed289d7d12e52bca8aa1c2dff88ca7816498d25626d0f1e106ebb0b4a12138e00f3df5b1c2f49d98b1756e69b641b7c6353d99dbff050f4d76842c6cf1c2a4b062fc8e6336fa689b7c9d5c6b4ab8c15a5c20e514ff070a602d85ae52fa7810c22f8eeffd34a095b93342144f7a98d024216b3d68ed7bea047517bfcd83ec83febd1ba0e5858e2bdc1d8b1f7b0f89e90ccc432a3f930cb8209462e64556c5054c56ca2a85f16b32eb83a10459d13516faa4d23302b7607b9bd38dab2239ac9e9440c314433fdfb3ceadab4b4f87415ed6f240e017221f3b5f7ac196cdf54957bec42fe6893994b46de3d27dc7fb58ca88feb5b9e79cf20053d12530ac524337b22a3629bea52f40b06d3e2128f32060f9105847daed81d35f20e2002817434659baff64494c5b5c7f9216bfda38412a0f70511159dc73bb6bae1f8eaa0ef08d99bcb31f94f6be12c29c83df45926430b366c99fca3270c15fc4056398fdf3135b7779e3066a006961d1ac0ad1c83179ce39e87a96b722ec23aabc065badf3e188347a360772ca6a447abac7e6a44f0d4632d52926332e44a0a86bff5ce699fd063bdda3ffd4c41b53ded49fecec67f40599b934e16e3fd1bc063ad7026f8d71bfd4cbaf56599586774723194b692036f1b6bb242e2ffb9c600b5215b412764599476ce475c9e5b396fbcebd6be323dcf4d0048077400aac7500db41dc95fc7f7edbe7c9c2ec5ea89943fe13b42217eef530bbd023671509e12dfce4e1c1c82955d965e6a68aa66f6967dba48feda572db1f099d9a6dc4bc8edade852b5e824a06890dc48a6a6510ecaf8cf7620d757290e3166d431abecc624fa9ac2234d2eb783308ead45544910c633a94964b2ef5fbc409cb8835ac4147d384e12e0a5e13951f7de0ee13eafcb0ca0c04946d7804040c0a3cd088352424b097adb7aad1ca4495952f3e6c0158c02d2bcec33bfda69301434a84d9027ce02c0b9725dad118":"d894b86261436362e64241e61f6b3e6589daf64dc641f60570c4c0bf3b1f2ca3"
+
+SHA3_256 long #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"bdb13d9509e694e748c75c966b0fae62ffa91aadb022498c0c5fe11e8a8ba91dcb54eeb21f57258e4bd8d1368ab7a79ed19ff0fa578130d1554105530aaf51ec03b89b1999deb37bbbe5952aeecf904b910ba8e566ea38f04e52dcaf54b68d40ed450e727e6288d61f5571199f40b190c8540815e444aa1280fa2ddb6f8aa54112640e64d7cdeac800902aaba6f05296fde2d933d979ce5e71a2c27e6311e116f97b6297ab062279e5fe8b890ac9bb85b81de2e64e70ecfdabb06141393589e82bf4d3b402f5771056075b5bd3b23484826dedd749114c16b68ed3ccf8dce4de2e352963e58233b5db1361c8099204bbe13ac0add54436d218a2dfc6a8f03b218ca82c4b5a959c92fd8a6679b55374535fec2511f7f1f1595b564fd85258d6d8ccb3a3156c16fccc43d43216dfdccc7484ebe1abb900c6d20611eaa9fdfcfd2c77c0586820ed998e36598d468d155445d79fbf222259fd65a23a77e2b1c4f845143611ed8002bcfe5c813fb1c9e653efe071861f3ae5de3cb63bbf2a76980e4a2b7d974c933dac4440b50f009a37139927c7fd490a8ab07cca7b8a2a5560896345fdb22c6187b389675bc7db09f0da6c350aee499931bd5067629f895504afbae91d2935f3c617f55bdd2de91cf9f19091a31fc6f0c34bde1458c8f07f6cc9749f48c61050e421afa3a10ad3dd3aa02cc3f858691526a34e59c5cb07d9811ebcefe34f6580c719e0c7112540549c2e69547363da12440dc9be1171756e29f8b862578ddb8c5947af4f9348d98805e56ecb7b07c0ef03d077cca482e3434d9d907f0c481b7b80f245c4913946815e0b64b0770bc3b24d367f0ae7c6f862d6566dce6a48cd552664c9ae72c12e4790e9728cd1388c650985090040055dd2aa6b77d8da54982332e364939ea83ae382c7c1e5f056c30f1f063f371806b99bb324d524c23624ec8cb83efd7db6115c1bed78463c2d10b976014736d892b5c6d7c9b03b8bb41ab81c2b7e7377b35bba45a2c0341d84196af8be4985e671f95900a12fa39e97228fca834d7ef466c205e72fc139fb24892a8c846eadac6b2c5f15f57be661a6e37a7e0ad2a55c98ec46e8dca2dc3ed606011a9ddd359047f6ddfe0dbb8b3eab0680200636701711818532f18ca64e6038f88b4fbfa5fccf01dda331181b9c6c32aa98c0a0678d992ac8acb6a61d948ac916c5e33c8657c9f266eca9ba1de3b310ffce80391326f88f193e7319cb761e5e64b1a17b5f09fe7481c1bcc8197a464887aa8e28fb4bf5577fd06f0c385de2a2e837d0a5b87a362d350ab46a98cbed814a153196a7625a2a034af3a8eab2a03aac40b9e1191239c58aafd7ca213d726351f5b2aba0d5edb2ab9447146bdb1ed1b8b2a5580b39cee588986e0d3c389c98a334598e6d0a77948197b3794342250d1277da321557bf3538adc05e712432c548b86e68966bbf7b8d397ffff84d7c96c475a196c0d4d25ca1d717e3496afd95496b3960a45e8f0dd663f2cd1466ed15d69641ac9318d003cbfcb9c44b70c5adad33029f1e4dadf264fe550c1ff43e324ec0049d168b80d1bf05ef2a009f51b87cfa104d8c9fe2d33ff0f0e39f5f389436dd3091d195ac6f84db013dee5f6b5cbea7ac9176bcf65870230b7b1e0ea3e495d40eaf4d9f1a84226437249f19d9417c221e93650cb128fe7deefc236b47c9748de620110f93b9a28ad9089b336410be53ae7ce1f7dbecf1e8e18d37ddebecdaf0000ca54fdfb60b342e106817d4718a22a47470e53b4b514b2b56e1cc59f4cfe5a39a92c5c622654a7f65902bf10bea7747a29c3e9aee278d1580a9a0578a5c5418f25fdb10a5b9b3142e9bd98387e53ae02fec6ac07c7a98e73317c2ae568725a83d94f884e80e5935940f88518c8353b742e8d1759e5353e996b49826ff5a4098a3ba83ec936c232abf769f24c3cdaa140419db81fcb9a662d2078b862edd8d334b58e60e4edbf93ad65788c4d4ca273f9d06f1ab3db4799c0e9804988a17f5c05ef688b2bf64c3af013baaf96683b37f343879bc0a4cb4dd73f06922bc105e86031cd1a2910e69cf6aa96d8b21fe341ef135dd7d0a8a406e299623ed6bd0b2ce635329a56ae2d4e336293941af459462fd8783b3e675039757129bc14060d7e0a522f882f3e6ea32904376e4b560b99480b5d5294516e69f26ed3865e3c7b704f312a602d32494069e808c3cde558dfba14839a6d073d1d0bdae61a3fb0d388272aa9bedb2a4bba58867e411cf2ef6e189c719f12f96ad7045dd8041303b44a14c72400b3a6d45587781e42b33f3de8c60badcd3098760c8e503fc082c57c2aba9f2fb2311861c679354f552b0aa2c454daaea14064cd420c6a73dc0946c99e6b0b335ffdffa261a036a804dee5dc854781eab7ccfefefc00f51ab31137fb39b8a3c57654dce4db9f04bebe5961399010a9e87d20c789befe989ae224f9af7115e15c71e020c778b817d9fe250d589942bb2e6e064edbff67cd8ae5df0c44d9255c7eff2a7bc8ed9df8a050cc3aa7f5402e3306c8058431defc513a89f069d6497d936a8e4e479eb31fa842a989a648bb8b8cd3f08c00eac6ad945cc0467cfd04bd3030a608e2009a053830677ad1e7f74ba2521a32e0aeb179aac91c6efcc1e9a3ec0dec4c16b7b541f6c6606ec96785f6fa0daf9a91e221c92b0be8da67a96aba0d4edb786428874e5a613f05eb4c0a161a731b3393298a149ba1d0395c280a784a7ffe2e48d7a282e99d5db0b619e6118a0ef79e62f96cf463074cec38c23b56fa1dcede334979a81ad7370fc8359c71bf5dcf2b9fb64cd117c8c9638c1c8feeb2a4b7f8b1f28ef664ab75638033afdf20cc0c7b97f4ac432042d04fd47b7a97faa1540e537745265d86735c7ca8928254f63a0efa390dc31321ebf190838dfb48902daf862c5e907bf4cb7b2bf8e733c248d2361507d3c976d297094eb93c8102fdaf2cc8961dcd3672e8200c99004c0f505fb196c5a0dec1c14bf77d70f8b1d0465336a9591545239d53eb9d2d903392994ce1fe06f76b6a9a853c9b6f55163716b42d96c9d790a9b0894e6c1af992d280245799504":"baeda8f50d302bb2a30a5bd5376af9aab5fe9f3c306613de91e5841eaf1fea17"
+
+SHA3_256 long #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_256:"f419d39625deb2ac11d7d361e2d2de958d3d94d0088da7cbb7e0cf3227e01aa8feeb840c3272c7fa7a9f7495023b438463cea73bd208a67c975fe81dc2fa0e0b19ce458f54071ad08da9909af2776f5dbd14e079666837b81645101c604a9ddc2c083ea9f3645235323c4ef6184e0c28825565112a7401881bd86eb8699a70221ee298e17752183251a2d633de87bfeb9cda5e8b88f6adf38f622b7845b02ee5d9a47bbf499914ced22151d8abec32b0f2ebf470e7b4e20258296ee55c54802d44960ecccf01ed119d02e76ee6430d7e6ccf4e46ae7849bc5f76608516500e0347007a8f72524c039a8dbf7cf955f75ef2d0969847088a298c9028e3dc6b7f6eca29e6919a53d8adb209028a4bea99566c34f1eb192c4c51c8c1f084146c7c77b55a7b58b0cd3a16cbc0d72144ca9b71c24489c98cae373df94fddf2281cac25f0db616e1a881946cef867c84cbca4b4dd4886b90855f4f4088319b47e43b88064f4bf5b424c1e46a4fad907cb895c29a3881044f5e82b7edea5cc5280a94790f7edbda58ee1f11d330e566629f96dd7fd4b4df0bb3083e461fd1d549415025e920d85d6680e39d3657b066eced47cc6d3db6848c2f5a52d7bd23543245090f11e9d3c75379c9e71218b10a623e234ff0e7e87d173fe3961136e3ca797239b5181e50d0b6354cafe4e849d968eeb3a89947dd3153415e689111759065553c887a52d1e1f54fb6282d6afd4c778b6396c4f20739b6e0054ab5c16b4eac6abc19a70bd9739715c1106a054dec04a0cd7b126ae8feb8a882cd2deb376da52f22e92ccdca1e2243e7d9094bbe2096ab5bc5f0071518eee7516037e35c75f61efb678a0d464a0d5684e2b9a2b092b4279917ec7afdf0b048fb94824e6ce005b6b0253d4eb07feeaa32ddc9aee7bad3820fe1762b161ea339ebea8b80cb445a82eba2b4f6ab281ccb7c2ad7c4a5f17b671aa30b9bf00b4e269cc2c23f0a0b6b0008508fb998fb3e36cb4a52888ddf223353ed4b420e3f07bb98cda4bdabbdcdba90bf3bfbfc31b978aabcc87ef1fc5e73461083b1e34266556a6bc19112d3e92f0f5f38325794151d8512b7fc94a186a36bcd636ff18de0808c1da75df1d643b9feb112f14d7ae771f4bc9f95c89741303f7458d0cb9a1cc97853a488ab3d7407c9454acd205e9732744afdef2025f4c62b95d288d3ff619ca9ce6785b191e075099c4e0a72c7aabb8e2e314d1dd637d1daa27efcad266576aabe6ef9a74c1fae2a169b4dd74ea899acd6f854143080cfa73aacb0a9878ee3f5d40938fef497ffc554c10bb04c07394ae5a178c5cd562c2bcefa297bcb4461157fe4e82af3d00645d74dd880584d3702dadb4f94f52e73c2cfc5eb764a2c7a8442807badf25e4e360e9018d9ebf10f4f16f43cf450703326cdbe5b3b9cbdacccac4a680a58a934107b46612f8f892e9a3a8ac57657d1f6a249421d3e2b6e54491dc121c29f27546f9dcf25e3ab7c116ea61d7d9d83ba1aefb2df85e07eb52d9427735d694e8f2bade698fbb8d8405456fa1ac9cc5c9f3c499b0549e52f38753859ef6f50ef172646064246f19e8c63cda7013ea55b07b74a7241cd9e955ee7a01583dc3be975d0d25d499c3056a6cc4d2d6f409af77a388cd923858f499ed155fadf286cd611b7dd5c1d6ff7a935fa5ffdc3742fda6d2c6b2018f639c48eeee46a5fe8763d7147c1933c26b9fe907a70a89c4dd64c66ff8ff790b4108e958cb5f49470ea682b0d29933474f9df6cd929be683220e5ee4e45b03933c6204937552a0b663c1e95846fcc84cf29b42172d59f95c5923f698536fa5109acf2107b4c6b233cdda9572a2eafbba9dc2534e41edcc38c9ca16f30ce36968a479c91c4f6488a7951a0c68ac0dd377983ab3db96fe67fdbb2c475dd95e5784a288833a10d329f804a8d8a02d0a586c2b2aea24f435d0957771103e8088764cdc24d8c9bdbb9d1060ad8084ec8c92819eba7e93233a11e645c0fafeca0acea899734f311fc6edd5f1508d7ab3398a9f3814f98feab432da6d418c057f8c678123a070dafe9a203101ba86ec48b947ac425de37f134c3958361e4ebc67b54abdc0d1c32c22df3e0bd612f34174b5d19104c0c2cd64a93047ea7cc889492e7e46b92fd190523e504ab9815de1ffd53137c66320e0a6741e91cf8683d5ef9e0b0256e1216c585e5dd8f22f4b34b1c06e85d06e8420a0540c1d2d6106091faefadbde0f3b29fae96d9cc94345a2521f9062690a77f51cf201d34e38d98ba20652b89be3a8300184897e86e5d393a999a0b8db5f80c7e0f5059b793185c5404d1b80d383efe834d9b766703f7e6f7fd7a46e6c9427feb606205df574911dc02c5d1dcf1798b85d90013cd076cd9e9c80a76c65d1f40264cd5b010b2a85fdec4a2176d7c82c0a42516fe8eeb54988c83dae9a0e40703cb2f1bd6f037beacc8a506e7332bd3245adc3085312227895cbb6c3e0ae0622126a1b4f90258e46f263e54dfc2a2032d0648ed46384e5e42e6c92ed268e4e92ed52f2184ab88c24d73fb2c5f90516b4152f5bdb018b2715b9747a3554f73e4936341f2086069c09e3e65ede520cc9417bd8d22616711092a0ac15a1522ffece53d6496f2d55e77f7e1f92a0f08761606a259abc887cc7e349d90c3c087eb7a9ae00190e25ee950d10b3f614b9be059a4ae05ca541f575901ec6060b5e2e9163ad7c36045819cd3c016b314196f8de7684cfbfea27244121853aac183d86b383ba114a59ac1eb792b90dec306f7f147c7ebb6c922450541fe8fca66a8bcd46913c86fa150b447c99a061cee72d99ce34a16b0aa51fc2d512aed59b09324c71169ba4f0415cd444d91e318070b68f342755a9422cffc3ed803f8d33fe184b5d993e33d4e5871636d99c43a9d3f4a970dc033bbc2dae99c4f303ec1750271131a28ffb4d0773527b218060f216ce2ea7db11ea1fb3138c81f262baef0745e816b9f5c304b10ad03a39345003432b6804ade97e13c316e64d06c4be622c5c163467d855a1ea33d79caa1edb8361f59dacd9f1bf42679fed4fb591c119c553e4b233a077cbbbd6b1c9faa8c91b791316cae7937551a696ebb08a318bbcdd129ab9a6b6f22a2adca4e8b439e172926d1b84603667eb89e326970a0ce4f27981807046808d67422bf9225d38ec31b4ebf302cb415eb6166fe72dbf8a9463a388de009e67122a08acf89e7f0fb3ffe775e86db01e225a57207599301462b8620ffb9033d4471a8647e885a125fb8534f340ed97347b8054":"7dfa7b3eb61c13390a56bdb01a354a51066825378ce22367a1d118d4bc47957d"
+
+SHA3_384 long #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"5fe35923b4e0af7dd24971812a58425519850a506dfa9b0d254795be785786c319a2567cbaa5e35bcf8fe83d943e23fa5169b73adc1fcf8b607084b15e6a013df147e46256e4e803ab75c110f77848136be7d806e8b2f868c16c3a90c14463407038cb7d9285079ef162c6a45cedf9c9f066375c969b5fcbcda37f02aacff4f31cded3767570885426bebd9eca877e44674e9ae2f0c24cdd0e7e1aaf1ff2fe7f80a1c4f5078eb34cd4f06fa94a2d1eab5806ca43fd0f06c60b63d5402b95c70c21ea65a151c5cfaf8262a46be3c722264b":"3054d249f916a6039b2a9c3ebec1418791a0608a170e6d36486035e5f92635eaba98072a85373cb54e2ae3f982ce132b"
+
+SHA3_384 long #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"035adcb639e5f28bb5c88658f45c1ce0be16e7dafe083b98d0ab45e8dcdbfa38e3234dfd973ba555b0cf8eea3c82ae1a3633fc565b7f2cc839876d3989f35731be371f60de140e3c916231ec780e5165bf5f25d3f67dc73a1c33655dfdf439dfbf1cbba8b779158a810ad7244f06ec078120cd18760af436a238941ce1e687880b5c879dc971a285a74ee85c6a746749a30159ee842e9b03f31d613dddd22975cd7fed06bd049d772cb6cc5a705faa734e87321dc8f2a4ea366a368a98bf06ee2b0b54ac3a3aeea637caebe70ad09ccda93cc06de95df73394a87ac9bbb5083a4d8a2458e91c7d5bf113aecae0ce279fdda76ba690787d26345e94c3edbc16a35c83c4d071b132dd81187bcd9961323011509c8f644a1c0a3f14ee40d7dd186f807f9edc7c02f6761061bbb6dd91a6c96ec0b9f10edbbd29dc52":"02535d86cc7518484a2a238c921b739b1704a50370a2924abf39958c5976e658dc5e87440063112459bddb40308b1c70"
+
+SHA3_384 long #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"7f25b2c0eb1a6911cc3328fcdcd40f28f010375f7b1b51a05402896fb999b17093b59b34fb9cc653feba3dbb9d96bd47180416946d9bd3101b691d532be6ddb3712721121054c1fb3c5c42ee44e7faf7cf8d75856545187a3220047f07373e9aa2e10c022f2aa2320f81fd3cd7b110609c131edd6e016707228d069a55731a4ead4d24ab6206b01ffd91384e60db45a907fed7428db707de721aeb4c1b84baf61ad230b6b0d034eb90f4b9cbe64de2fb98b6695dcc4f4129aa2e7a3f635166bb72d7faca227076bd5013495c72ef2e7dd8a39cd532b15d0d53307c1834c265c53cc64890becfbebec454afa90ba973584e2d3752c7c6a3b4f48aba8297bf013b0006e3b08ed354157420b559b963f7b383bd047e94745a4615a3f9239230804547ff93d19a657fece8e02114840504b7fdb9c9fea0a4ccea3ee304a330fd2b0d97191f9be86e8968a9fabc847577e08b468b4f7df43f3fc9f8b2a2ab760f4ab87bbc51b883d4b8b33ed84e4f93a1d359e6995ea1962bfc0bca789ae36e4c25717850efcd708155f52fe09f1de76b2746634dbe1290524bd73d9db5f21f9d035e183dc2":"927962c873a69caa05cadc1cb485eb1cbb07748e47d942192df4af9233f42b95a638918306ae83a8237d21c2824f666d"
+
+SHA3_384 long #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f242":"d30ec9a7baeabe40f6648a624dddf8721c89542e258f0fa9afcc9e68433faef781824048b0b771a94e8f0c17a403f9fb"
+
+SHA3_384 long #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"8c569727f1d4548f1c66a5c830346259612d10c5fef90518ae2fcdbffac9cd9c0bd5265ab56ddcfeb5e838bf37526a189c1a731b790b4208e37d1d1eeacd43b1630ad07debf1e03a281cf7715276a18df2f25535ea7d9fd9b6317f8bf1cb0c111b5f5c38994aa86bfd69ac8388884de1ed1d7eba583764b3afb1b8ae18ab6ee3bb3a9432c95f7cb7bd361da0e270b73b1503b653cc20d9bd5766932e6655b250cc053e148218a449efed136e661627c4f10dc5a84d22462035b8d7b4e4b11f7fd5272385cd5d67471bf556951e63e4a409a17260e324f203d2104be798a8ff985e080b2eb1160fdacab6aebe123d3802e5298624960f268fb4d4b9708c2098c5ef10beb6362be2298298e391498e69060e0bca9b6fc92aec656ee7f6c802342c11a703c76484295dce03bcb5cb3cc0da0bb1036e753b46416d449d22523719f54b35a306440a2b9d335f03d3a03085a36481fc44b14dc2b652c0a59c34a68f492622671ddda332123b147e92d153008ca2e57cc629e8e5759e48c60b7636e05029d614b4373884e36d8af69b648c79ba4c444a9ce7f2f8a3d846c7171ed15231dcba75725bb26a395129329564c23758ea052f6df355436b89217169365e2f15c734510050f72c3c705afc29d6df838c0492f3e153f70ef338418ca9c5c4bd2373ad6f051ef1121351831affc4caa57e23525ea111c2a1636d0ee07fd4ed4584678e982ace8664e77d0e55be356be558cead3755359c43e4b1f034916ac00e5f2b3d941767a069df7a61750e32aa8a3f8e0b48a5c56f3e9e8a4f518a8f2562dd48242b73f1266a24d2e64299c26fde5dead45737cb22d8b8839300104b04872645a925e77500afdd0c038404eda227da6a702db64e":"91e24f999cac1b9ab9ae456ecf47b52c1144ffd1df2d95feb05fce930e37ff767a005cf07bb7af45c8a73585e8544965"
+
+SHA3_384 long #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"eeaa4e8e343caa827d348cba7d83f4c6cf69f00b968a6174654501655c41a5f19448c04cbe59298306f81e6a3ec988d6385d800d734c137bfa8442a78ae04d65f3fd324cc049706a1a5c1037ea8ce6c83ebb1545ee74d19d7f3769784710846ed26eaa76853307a181086c08cbf39702a92bb49b4f2b2442ba057cc2ddf9d174fb4633b25440778e03a33ac4272722ee415467f7dd9892d27597856c92c2bcdf342bd2e87497479b68d58055474f0ff3cddf3541e1e4a5b576948b5eaf94cd1746c691002e62ff2f774848a27394e77817732761a336e55486a597807b968d84f9be77e2cac628b1f9a19993f21e31e7e5b943406bb7d9156c72b0ba40f1838e14bb8c7790ed498bb78b7c100e1475a7005993c4818e0961f2a2def444cc389e6167d9a5c7ffea2476acf7010d9e3c2030fa1fd62ce5fda1dedd2916d150321aa6676555b92393e401ac154e38e60cba3c44ed5fb6e13e3bf9cd9a082da4fb6cac663970ac82cd331f34dbe0d71170ddeee1084565ac53990b1838b2a0f21bfa3b0a5bdce9441f7997ec539d324aedf10c767572826ec421dc660cfc745f182e1bfbd583b890121e327b846e90b70d5e5fae3dcc544e1a3d33601ccfef157c6f13e2af4b608e2d8ab88a763b3b80578caf2e693d2575dc54d9ad72115b3cce24ec67ef1e2b68f826f1c032ed79ce53e4c4a101ac3b0b92cd97f616acfefb97b76e319fe35f43fb58a4c6bf6a93c98acc65ad0b00e037c41233e30e86217b5e8f61e9c682454abf899b43259cd19883ad5cfa91235921fb8a751b64890be4ab148d366de225a2cb229ce06d6a7a64c6f06f319afcf1f2be9d2747209c065d07aebac19bed4776a78970459ebbd854dcfb67fa2f73efd296b30f0e48a6580ef8c5af32588af2ecdc28df19c07931914c380bfc57709ae80a34f719e6914a2008c13530aca1702cf166b004dc8bce429e0d25e01adb3c5da288a510014424bbbf0a1463a01b075f6eaaadb0f8d9f7905be47b4d809c1b58e618e199a2a72e06":"2865a64e54bf077b8343beca94a9bcc137797cc916019722f5889726fb0a74efd3ee0f6526ad7e076fe4f23526714130"
+
+SHA3_384 long #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"42262515ac21c5c23edf72494250e8c57116d67c0c458fc22867021a4ac4ec9f33e04ca2fd44189567812e276e738db11dc3c5d1a5afac54b00e535af38e38b40241bd916958d95af82e0eda5e889ba2fa1bf2aced4e6c3e74423c11750fa2b35751612a17e472da98ebfaa93b177a60b02645540ca938471b0ba589f7cf9062d9191eb530704addf0c2dadb2da891b3e8eca713294976364e717608a2556b8b31a0dd79db84c92ba8ba96b95bc44a634a76fe2f6cb490d4b47d97d79d299cf407ee87bf41a9578b67db168beef20c377dcb34f1fe74ece9f636f03e11d38966020c02cf89665cc6d52e43990dbb40f82af32fa10711f43dbba56a8426db9ca8ca0138f1dc4440a49bba032ae1a64c6ef8f7d987ae110e97acd0ebf303ca3c8408d50f6d62ca6bed61883f87923b996190de18eb1cfea4c070c15cd1d128d0c06491718a42804669ce9ee0f947028f9999b0d614795f1d81b080a667b77bc225853c4591a5ee37e08b06ccc6288496ddbc75fa4becbde1a01413affdde4d797b14de73cab29da71940c8ed365e4817f7a1366cd89d9f58e5438461db6e255d8ab880e27d9214ffdd94ea299311d678adeffb1403b58dea1ae6dba3488e8cd6191a287cf26cdba5f42f766a2368b723c84ecada145c0fff05a41e5c8e66094cf2e1e12871697b0326ba7397308c727e1068ada652b9aeff70265776f31f2427dbb6b0ce41b17b7f3bddea9800a58ff34ce2ab6006f5f15221148dd8c0e165cf9d419f57ab6b6383fa3fe255dbda97e94667ccf078376160e015c96a3cd355ad0029b5a9f7c0bc762c8963b50b5311c8c49d193ef0a8849177d11214b11e7b27cb17faad6dd70cc0996276a3d73985f78f2c9932b670e54eacf170be65e95fa6c8b2774b54d9dec90973210486b47be06fbd55b511b609fd491deb50a15d8a93bda3336cf6edb7f844646ec161eb7cea2bf853ad4ba27a0814fc8cb2ada28354739136f6993c21b711dc65c2b0070f7d8d849d04aa5ebfd5d6375acdd1dfd253b22589d386eda36e3a830defbb2fbd015b0a3ba0770f60ce56755d87553d00f6410733e90529c68385026e30c98c0dde5e31336bf9e0e5595e5f9ec980e394a7eade3c225d18105fbb01906e2346877d5ea28f4b7af7d7e0b49d247c9cf916cd7352ad64d8e10b6a":"694b79148a8b6a3278b9088467c5f62e295275254c62ece9ba3586dd09f4791ceae4445999199f421eb5ad6d04fff52e"
+
+SHA3_384 long #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"aab61e333ac01069b347e201015bef397cbf857704a4992c50b8b8ff835f41280040d21980040064625a4bd9423f50eecc7c4165d27093289d0ff678812b8a46b4f350e161b9dfd2f7f85804c7959b29ce65bb58cff0b0fba6744ce8d82d71ce6ed480d30466147b1d26f1ccb9e537b02a81dc9a23ac586c12eea299afed5c86d5ed4a37929309277aeefe7740b88c4b87d88a72f52cf4458986e0d12ff4b4389245975432c8259eb657674e839402c48d73ae276df9ea4cb543efd980c9e2aa4de44d730d8ed0a77a691499ab0401e2e5593102b59aa44a3b2db5f9c9f54ca5add356dc4a6c720c6e2deda0df8df16c3792f94bf2978806c64c1b7833fe5cf05a1998d712eb739339aadbaa48b93a2b2a27f04a4f79004afca909a0e56e7955fdbefdac8d913c0583e9c4010d0f44e7671ffd46f2c673dc854b68b707cc0a9a3ecb6ca2e2e93329f6f092eb5817786796820789030949850a3a1e06c3a17988c447cc023a78c1c938c92bb14e5a3c755e59f859abc7e90d337f15d53f742de7383a0714bcc84eabf17c799b195ff9d767abb7ff118abd3ca721336ca3cd8e7f41ac042091604398ca0f62f0e1ae18565a802cc35fd92cda0f2862121834041788a6ab6ee0c806586a8cd0facdd0ffbadfe03fecba3d9eae129d8910c632f779b42fe446d28901b37bfaaaff064c18cb9dd4d8c44c3d7b81598790aed44ecf6b6e5097ef8f2a9b71a262d848b4aaca513d63df913d612c1b8bee5e346a11f4b65e10acb23e333b5989cb411dfd737c1366963c9cb531174451daddeab202cf222b770bd7072c4b35d83dcfc50c2e98dac174d72ddb36a5c45354f418d1a9c6767e8d9da6139e32cb37c1698a0763856ef605988bd7f73e6238638b05f28e427cfe5b48668a1158e34c5df7b2179bab97ac516800d2fc4be7a9108bfa3b3aacfa54e8f561940b2547c21b6286635c721d8b612dd2f4ce321c4d62da3fd4346ab9273c8ddd571601be3f03904e143142c73d3cd14a64f45dc6cd61611ce604e6812060f623feb9540f6b1c6a52519f835e67ea3ab04bf632b0d01508d999338619e75b1a7baf7d8603f06ed8d943309dabb474524cd05d1ba1ff87b8bd1448b44b2335df2c92e8ff627301c32d116bf873c9e1ff651cb07f6002be571180cbd7dd7cf72f80d18427f49fde1194e4d8fc8151392b455677c6b680c2ce1d044456989ca8f1bd91d96780190cac57e400129cf284bd32a73b576b219c0629c93c9b4428500d2cfd6d25d08c937abe386aa08b54cb9d7537829c478e53e67df73b0da9cbf76a153acbcaaa9e7c6510099e1017":"93d4fc2b9e42c2a48e6103f17d9d2fb38330aba7de7a43011cc4bb93d161d6a3b2746baad5d88e6f37cba4cba42fa053"
+
+SHA3_384 long #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"389dee6ad8582da38c63df546651dd4320c8c4e76c86ed8485a2a0980a1484760c785a31660febbb4c073f4e27fc100ba0be7ee2fb5505b1a742abb013087e0cc3eb3dd2a2f8560f9a451036627a0ac19790e41b0fd93cbe6a41dc98e9d331b4847f0016361a54e79ca6bbd2bed4b1ad2dc75d5c4e1b7bf2f5269a1a357d87b677ba09c5ca7dce8a7ab1a6ebe411ef1788ea506b6022ab9771794cfc9f0f6759c527c1a7052aad415def3a487b39ab46d3812711eef6b2f305c35c07ce90b8e6964b90839028d7546de6dfb32c55cd8334154916a0a07a4eda8a31036b0864a511b0df23127f360bd120fef29f6b3c16d32d1e421d27e9f2175933b81d8052de5fdd144d3438b1adb225fdce7b86e247d9510e5d0e93e926e5b5caee8dfe6ad9a75a99ca9e5a2f84377b460f69aba65e6e09812e1aed61316c285e6c638d94dd12b0d462f7ed9ad689ac3f7d10e470a2b9dedf7eea3c385cd33957fb4632b834c8662fdce8fad9eccf4052df1938285ce3579015258858ef43711d63def7be24f00410021887d40e32bde6ff2bb0b7d413fdfcbb74d9a832e356186cd4e38ef6b312e19a309f7384daad62a3ef52035272568c387f38106cdc72b1ddd0fe11f23819096dd7479e95ee9730940c28f51e28eca653edac78e7554d4e8079512d5fa8a1f043b6893d8a9604b79a2b3a757f5c47b4d5673ec8e9776d591b78e3cb872a30fee4746c38abfc7b5f7cf48e6cbf37ed1c8794f5e8bb695c387774bdd4b0e7509b17baf87740458490040e2ec024e068482e1dd9c1a554a2555c16e52e2306882fa53036e2919ca7b2f822225bf77f409e95a9f239ee60c516920665c328b06022577d2d62e6276d2d21d770237f3efb8883e14939e0b44fe5e0eb4579060d61dcf34ae6dd860e5d6a47d622020643236cbf6ce5aac179c8290f6e8b3a074412c6413e673cba7a00cf32c740dfd2b63fb412f4ce72dad6b649e73641ed717efc460b02ba68ca93dcc5a950d0a12cc0d8c7441e0d7b73f4a3af30ec6e7a8de2a5c5173de748fe807bb5761cdc325c89750d1d94a9abd4fb16c2b2371bc8a39997ac2e98f4c39d6a65055fd16b79aa389eee65feaaec441298ea35c04fc1fbca5a6118bbebc3f178201f2d18865e5ef5dcd2e30319250d61b08f802e124cdc9e744e9d4dd32f40d33669a89834c9bfeab521604cfd3e7511e6195c2a6c51903d6fd985f7b5eed3a22f4d97fa7da2163cb343a4815e1ec54ac2f1915c66b95dced36c976098eaf20e9131c3e569d1ab165ea1774944af4433cd7de76b076a8c79266e9c30840ae53fe67ff502013fc69e3da1a14cb8d83cf58e262600584d6468f2475d118236f35cb59ef3f94cd2affcd8ace933c181f3b78d5415c25f4a2fc0be5e9fa99856658d87f685715273ad59b72b18a66892b2a253707d5a264a33ac131d2da0d15383fce3ef75121c0b0add6384f64cb4f4c1de":"60742329b560bbc7929cd578f87e0979db19c938d413f36360aed6361550501941f32ee8e362478c96202683a28e4f25"
+
+SHA3_384 long #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"23cd7e8b7828a0ceed470598e88bde61d1487d471abd71a87c4af3ef83dd81ae4caec8ee8e2cc7c3d7363223188f14f7648cb973f510cba370babb47695d62e12ab1e90cb048e60ff7c3c7b278457451ef28302e61efc00b5e7cd0f98484926b443fa88ee96444ddd5548ef00e954694fa83aa2167429a08cef7faacd938587322c1ce1c3e682a53fa534d82e468d1eb0e05eff40ef19fc1499300087262fb214d9d235db93ce099ed26cd1302a45e7cb216c64e5fe5185f56b8acb756ebc49e4c3d6ffa61c8aed83637d6496e33356f6e1ef8d760044c097ecec45e8db9fb12a7077a9a3ef5dc385eec30cc32fb9eedca854e381b3785e8483d11a820b6e8a5e7650ce659a9b1e0ecafa24556e6e11e4fb38d19986709243c6e5b3a16c8d27d93beec86b9cd76f968e7f55ce0db452984118021de7a22e4e2c76abf77d903c53379e321664a74aa5bfbf1b8dac11336f105eef9f55a1550c3b105dd4bd0c1a35000b95f6906f01c4c555e024b82946f1ff89e49e5ed2d926695f63c9b95553f71ba36eac9eb3576c35c04e13c050dfa955359b8b61db1cf53d903856e1007c21e0f21678ee08ae14878abfeb432c9ffdb7ce7ee71d0e83213e7f560cd291e54df674481c1cc368564111a00bbf10fa77add10941ef01be02d259374bfc8e41c3d2a65de699982899e8f1a90592a2619f9dc9c52c364930429fda76a4cd59f43bfc04d268e2eb6167f5b735697c5577ee0e352cf6a1495c490d6f7e97c3898f0ee92c40238731a538edbedf97caaeafeb859fbb41ae86c48e9174d9a58d9174c5006921a7050f56953784f2211c227c008a65fa8dcc85fb9bc2a6f25e7a0637f6f857e153dad917f569a63785df355ed58314654b79cb53f927625313276c6b0d378519ba87234be20aaefa46826beac3164785fb34cb701f16339663f4186080245d356b887274e380ebc4d3a44a82619a6bc72d8c0ad286459716e18ebecae8656cceb75d4b2562630921cdc335c839a60dc352fe1dfdb70c097eec55a40cae7110405e7421cfe737739b955dd22ea3cf89e4fbf9594439f0071914c78ca86abe0434a17b7af70a64a78cbad28418386d7cb6990c515887881c8fcb72bd1085c2a50620c1cb1d1471318faecfe037700652b2aab5aabd183ac63da0e5d9f788156f4f6ce5a6b4cde39e2f01b46aeee320a853b173a9c4649e70cd157f57affa3cef7ae66572506f4249b5242e88b0fa52fa243dc4f3011519b89899cdbabc549f92131dbfd272a103b0ecb67cbe203e03a4beb037fb1572331a3ace4f77af1fb3f39283533b8debbe8020194d9fbf26b9546db93b46543480f22df38312eab4208093a7de0214a7c933e9cd0f91d03cfa65bba94d596fa479fcecc9f71111da4bc5710baeeab98dba28b452413925e93d754310fca8aa7a8486f1b219f696cabc3ec51f4449bed607eb1a49610a02c3f8ff8e70a7b8970f471cc74c6a37fc3df8690a633ca3c74948f786031d690955c350e8590d0dd7db284ae7d97659b48c76b0ab78068d552fe3da821fa4eaac071335fb2a6b1cdf76ae8dde19bcd0523ebdb242be206adb227f10891fb6035d606f0b3175606a006a5052146dac4047dd33f":"b6b1090cdb31627388f87c4fbe6253464215b812169a48fc8897d64e7b004742da4891264f0ce2bd2512f48a03c0afc7"
+
+SHA3_384 long #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"7ad50f6f55fea7b59e17c2727e72fc22910fe36cf463ac02a05925c9f697eb3a9a02dd088584d002560d853ce9d7d8692bef398c2df160d077123db39e642e6a19567581507ae9c3f68ceb5999af9c3677f94eb29432387409d96d969f680f049cdabf25dd6959be259cde13b581b24f1d37082551b09ab8ffb59db8202bf4cece94a43b55d988bc8c4646b066d6817cc4b1502f8df3ef6201afb5634a344692548e0a0adf50de84d3910979d3357187146e0f167081a03bb6ce9ddd450b6e16d9d0dbdba458c3e0a18610b62526ea36b7762b2321e4130bc71a3e6e3838d2230360fdf6cc789f969e2b43af8331545352d18e9ec9a4b29adb9b7e604b43dc807a485aa37e39da6f738a8aab16df17a490881ecf8f47e4af9b5a46f9a8b5f3f7e790d82ae221dc33c8abcef405b79bf216a1c5fd9c571014af5e7f8374167e4ef23e61d221ba0daa4494f5d0794249048f276972175ca08fbeaf0f44daece74e425cdce5638cd69b904fe9889a0687a4a11ff47429dcfbe97056e08500c195bf80f130a9cf1d9dd054e490638f8dbe98f4934d4cfa6189ea6f5ad88d0e1cf069530647678ef8cb0f3759d4ab815f57a9318a5c42b172b25960c3e1a62d86601364a20866c7a2c921e1b89ca69702b89f000d099d7798deffee9ae21685864d875bcd5bf0a3a4fecefb09cf9efa004b4208233ca7735975a5bfe6c2263da41f8bdf8f284b4a87d1dd2d5257d9d1e1775af2d4dda6ce40df117baf6b1e7d683ee898f157c0e3d3ac181e9d1ba0452ba3ae6528d4e3afd2840ccbfdc4466f5b13662ffad197970ef64577f1033a7e6839070a2809a63f99cd5d57d9b5e5380404cc4cb37c188dc2162ddf57f7f1a31fa02d89db6537a51c20cec64a264503eb7ae49622418bee767698ffd5df0bddd940e8894acedd0ae3e625c059ffacf699de74b6510937e1b37d4e7f76a3d1531d8100b27b2de19677882bef0d2863399596455348ba658f009316063f2c8b2e73cb3cae786b8b705f6ca8f86e8ab2f5670c1f160e3d5d1fe520b93c3a60819563866522496e23c123fc6486840be05298a6c9a7aa7b67baea8c00ca6e28fab1761a43b9f420f1b04c9f263f58943777afce0dad275bcb889840b058e36d40a933ef9e1983683d6661bcb7cbf10efd8d34ebb1d18ac4d0b076a2948da21599a6236d3eeafd2d4e0beabde0d3575f7bbbb0647ebadda0bf5b0d1b7312b2094ed0ccfdebd56b596dc66f0967ff9371f92aaaa33c1028d6e0b0e314148e1b32a64eb8056c81d4d3e2bf790814f6ac2abf01aa0fb37d714e7bd882f340aae677eb496fef8a984083f51f8f22b161aa7414693810aaa7c2f0d8fa7221bf0e1abf63e877210dbfb851ee0e3abf04e79636428add0eeb3622a43f3f39075961bff458545a05bda0422514b30147d73177588f8b20713cd39a52f7cf610cd64cdefd10b4a00161e3e9e7b0376c22f0e655c144958aa2662630e249d17297fd767dc2d431cf7fc330b27f0ac103b817af385ba8cfa20731d6ee3c7d6df2129788a72bebf371e6a92da7d56a7a4f721634290d0562f009648cdc48dbcd6be46c2961209f210d9edc85cfd2188ad7b6b41c2fbfa175fc10c9ef01efaa1664754402b58936e42c0f24de325c5b1823edb8105359c6314f8526a865173473662de7baaa4ef96355a148e1d95c7d4cbc80ebb79cc4babe70ce445e10a9bf0af8741dfa485730c710bc1235cbbbc44f29d515ba12e6c543e755ebba0b8e9403a2b2ad6a988c":"cd1a0d7f2bbac5cdac53fadf236c4675b5b23ff4847aef227cd71e653bae85e0da3bda458eae87bbcb5b4640d9451d45"
+
+SHA3_384 long #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"221710ca1c521ea4c3fe7aaf826691b9bcf37e7d0f587277da0c59f7fcfdba75df83df24b69237c90235f8ce5b3708926d231e0441702570bef5e1996fa3d407867263a2219c3580cd0adcfc480bb7088c4c16c40805a04f3170f2dc397f89091ecee26de7d7df702b656d60d24b64c11f55afe4ef7facbb3b65d5ebe4fba123b07ea5ac8faaff42242ef423805dd86531262e8c7b46115ce5bcd3ecf87de3fc436af488a27f5b9ec04db96cdbaadb9dc7a7dee636c297db365d3208fb6f183ddf7a1729a7bdbd2a08aa04646a9a3511ebc00617a75b05e037303a667738088d8c9655b626cbeb91032d1d32b596ad68a459ed4a567a2512ee1e352ff3407b9553a6f758a813ad79b9bf4b0044040c4afb5adca5cc85bd1a650d698af8ef39fd3b924536b4fccd8b3346d8f3a04d1a61f6ab1b5090e6969fa4e61fa00dad096c4d428779d2ee116e78ab0a3550da9f52a034f2742a03784ab1929f98bae2b58a909e05488a5143ca90d72aeedc1263c8fedea93923462bc396f8319b87f603000c8f07cc658e294984b17f45cd5c2d691a8f87c6021676b15bff1dd1fd51bc76c9fbd42cea0b8c915b205363a922c7ddfb30d5444fda22bd0691aa61a35ba893d0ccb591a231334a1d0eec70fbcbf7cda9aadcda93fcf78ea1952274017d8e0028e8f2231368e81dd362939348bf86e12de3e1b154e3bdcd33f2cb31a01d3765d939d309c71971b1840490f41a653cc08ec52ff01df73c21c592eec107a56c68eca59f6c46aa97b038db2bbcf827e013d4370dc073a03c335e5cd24bbe7bf3b46816a073168522bff7d1ac136b6c3c810720c249e04684aa0638c1f84e0994ef55731c47c110da88cacd5a20fa9d16b3306a97b2eb51dd2fc50e01f03eb519c2bba45c0fcfb587b3b8b87f0c2d20375057fcd4241d290f6aa4c6db5a16e948d4a390a8f4c6dbf0e8ca7861fe8c5e670182bec1c6fc36e202aa49975e5f0cebce1421481e30e9dece07f6481fa0bf6d6ebb98a5c112e11ea0e07d7d26a086c857173e83b49449190d771a7e97f0ac133e0972ca3ce7908aeb4c4bd5d761bea818b3cfa2df7b62694e22cd4a8d048b1f1a7534766001acef8cf89be69c2b1e52b8f0bdedc66c9c963911f5f32965c55aa905c6f255ea9e152aec56f99b840d90e0d6eeac92ef5f67754b7bc2959ac38c94c31086422acdc46e2f6256fcf7f328386e4b276a8c13a5abd848fff62bec7d82b7fb794f47a0c4ffc8a945e80939e367bfbca677cc201882c143f277a1a7f41ce86d15a6cb81dc87c2120e8744458916d12a70e036ef88a30d53e23d835ebb0a5e4fa06c3ed7d6ab2284f8002f80e2ecad7bcece53e6bdb5c4621973597898f3218a63cc26097815f2e94c7c5252b5925a990869a96e7e61ef57dd3fac5d547f3a04a6ec0d818b6d3a2853223624ccafe06a66d8c2f0954f941977c90274b757b0a7b1f47aa6d65a0029521b625cedec48d82f4426d2c826be922f3ae62788238b5acb0df6e023854ed4948e5e64e1f199caadd45b7ee08e72a94cbadddd918ad3043d5f089738962b1160a4b3a27065db2726b1eb5aa531ba46187071ff9835918f50113833de34a0c8fd84e88061f117d9e3025ed0deb49d51d98529f366cccde2494b0e1cdd07b3e1b45885647e3c54c72cf03a4655c224b3d8218d22c3f68de5733713bbfdb86e44cd4513b88def9ad949a30926d00155525d6a26f4765bdb8015face7606efd9d9907519e357b1f1f7814252d718193a17af8b7bd249a4be9b76bfc7b6bf53fb8944101f4da42b62091df69ec1f5b3dbea18aa152202793f1edfac87e4f18ddc3a333dad5e3c04f4f765e6744c2e773eb4def07a4d6a8164f198e99566644584d5a3254c7ee6e5b0a9a13b5ce08d0c6d5b4a8434bc496537fde99f":"d028f9a585a081207101ff8c32a54829879883fa0f4c4180542842168df757cac06a951aa68b277ca0fa99850b928e75"
+
+SHA3_384 long #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"111ab27c5b389f1e76246e429e34e71a8a54190f4e5956b680927e0099a081b19f881f130107f2ebc326afacda0da9ebda1c9613ce38965a676371f35a90208503b590dd4e21a2e0d71076c3507de97e24375c7d5937b899bb31ae483769441085c88d420a2fb7e4fc0b4cefc72ab1bbafcdf3b7b7fec25dc223be65f9d4f2396cea9eaafcd83ae1783fb79806bc088ac505e127b034bf8dc66228b4687834e802424c7dedc532be94d34126d6dcf7d3ac07b0370c81b4110d15749b4bfe11058df91e23a59ea76398ef7201ff32847eadfce74e928fabd1df652b846b0d927956369d04ec0aa2b8ccbdd1914965ba73100c0fd30b03abb4867ad4d6914ebd2aa5224f888ab129a47762e63f7c1e9e9a1d5eaf304088bda4497bf7f983689c01c2e5be18463c4712e30939715f043adb1c1b4fccf6c4e8896f911d550a0437e6f4a6721ae95301e756d85390bbc0951f546a780ff85f344941e3cd52edca94c2848df2f83b9d610c19f7bb0558f9b74c0e74b0610d02a9cd079a8f58f661bd7bbac3c61804c36e69748ff937fe58a94c9260822afc5550fd09ddebcfeb72bafbde7076e40c6c30e6aec8968d75847205285773d28eff30c18ed56a1f95a4912838bb8ac21b41b06c11c9197184261a6118810dc18ba95102e0a993b0bca04cec10cd8b1cf8eaf5e1e3bb0a4af5e6aa47a905d760bbfabca64582eeea280ef32eadce01596c0e072f6dc5f27f8e6b299e240c5915e59b789706880436a0948cd658e572e13f55ef3cf710577a185e9f50d1bd1c49d3338dbb6ae25cfaeddd21cb593a681c3969b4f2c9c4c4a25a661444f841a7654b6b04fcbbb97f9fd78fb9f7f8f66a7221ef5e372a08be5f1e2c9162e1bf82cf16ebe4413f34f38e26535d417d41014bc192f6f56404cf192a581d92d46036f1fc5a3571407c422ea2d014912f42b30fdff88313bde17e384791c1bc184c4a32c460007604b8f3e613afe6cf57220b2644c90d797ec753243d7f84c8f6aa46f938a64c37d4118f204097dbe33d088ef8b8ae9d0feeddd746d4cb6e9eb6a2b3b01ed4219cf7af9d43f231fcb6291dc6ed034e39bd574c9104d41d8727a05e18be3f92878db7b9a5b7f125502e63893a6eec53ec6bff3b0ac7041cd849fb03fd8b638687f25a5830e3051adf34327372e13c62bb012fd3c8f82d7168ed11bcea7f515b28b329b3c531f6b8b2b1e003f7b0bb26b0672f3c55fd17c43ffc28af6802d3b773b96cf3ec088ba8d08bb36350413144d285479d39408abc665c8904fe7caf436eea6b3f2dd08d9241acf4b805fe66672943bf1efa274e01e4f77ce43555aea6232f6dc011f2c51d0efaea2d9f4e2235be8adee9221c2a3cc1b3487794f598889a71bc9d1fd4f8f23e5fdfe7a5982c569840ee233986e815067a37e4a3c43593da969effe0dff1b9d9c219119f464d73bf4f35f7c5cd4e33ba338f54ea2b4d6deb875c0eda7b7719e80ae1d115bf4d343c9dfc8b5058253fe5c699eef290a7bed52d3df1971151ba72217f4f906bf44016148a07619134e08f1a9ddb425c0c2fa06f8bd19f0748457fee3bb598b20940559b299481df45bfc119e34262f8446755348cd578c7246218595d28b3fc56db02191f5a36aa1e8383aab24cdbca170ffc668a26acb7adb8434a2cd26bb1a1ba2478b5800b5b88d5dbb55420343c4dcf9beccbebc341aaf00aa9f1db4739b384c39f332e85584b5dd3230fe8f5b5ad4e3cae984d43cce5b1755ef56bcffc54e2e776e18e2e0a2fc272da2cc9a79d0035e6943874b6bf24a48b527da88c634b7c99e506c58dd9fcadc0c3f2edd15b0e2ba286f587a3843071546bd4bd05d462f9e0d4ecfe2a2e79c5c6c6ab7cfb599fd9776c15af9382d1bfd89241d0c2b85f02c52bd95f8e6f6fb38bcc9d9dadfe7be76d2ee1130d21ce3620b00b0a4c780b3e4fd216104006a71e17bb127970b269fc8cb4a1dc99c9f17f33ab7b922a7a2e5686b1eb3ac859e6af737d5038cbdd33c0dde69d31bfe20042196dd991e42890f172b19f05afd2f70ea6f89f0147e79fdd67ad1c3b08d4c4":"265fecfad0705b6deb29e1bc690f4eaee2a03c699e6352db82d94f71658b24f5fde1e885968b639d8361928cbcad8506"
+
+SHA3_384 long #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"9de3e6cef3da54cc609e2734c4dc69b8987e6b34dcd05deb50e11c13e72d4b957978a50eb8fd911965c8f7d0c46153904daa08fda40af646cbcb4eab97c1a53c602d48e3fde0d0a4efa4f624ddd7a86841595ce060a9a4a47f4a02fd546cfe27bbc87755aacc37f667f8ca37f8888fc9dc530fe4f8f38e8cd426e01307747edff012d96da707ee96338d1b11feba313a865fca115431dd8632268ff499224ceb69d31732dcd91e0cbd2b92bbd5b6b543a74735705daab81a0114b8a8f0be91d38cd3d8ad328cefe16c99d63c67c4446ca7d1f708f9a848d1a9b60238f6907420c3d9c5e48f67889ca7a1909c9a2b063eeec6b8e21171b43292d416ab91df1e5975af86e1ddb112c5d80968e458352240e4ed22048e4e25c625389b09abf5b706091bc2ac02b3b4e5669a051b8828c1fbf110db785687c313c8a93a5a2b1866afe9e6214be8b59783b91c1049124d0af57ef58b465364b5a3e4ee9ba7f99153dd7cd84dc875fee22739573076ddec26b8f165db746b2d24fee2d065f7fda8a7172ab8eb2a93d8be594e130eabd34d3cccb428720c882937aa281741531fa48ae65b50a67a298953a2601752f0dbb775b72d06fa1591a11731208bd6c247cf23d1776623bf1e5ac889d72ca34bdd74f903c6c718986eddeb1b31f3cd4c5d6f9b60e6c30d015c9346971b1aa9c6c2caef37e632769c0725dceec219cdf949cd191b112f0a49ca7cf45294a90d6870027fdcf411bc2944c112343dc37fd2f331c68b5e71c29e505dfb44aaa07739d063d3795a2a92470df8b47409ba8ade43e2ca373653df08d67d82f5c6c98e42ca3710967f459eff4a14eb378ec69826222a4ca7029b068f4425b2ec4eeafb8a47c461bccb2c8b58e35bde0434ae4eb0764f74642812e13c829db3b1accc66192d54ec71a6a6ff5bc016b663633c5686299a6bf512801816792daccc463775f8662dd940787aa20fc98c9adc833658b0215359e226ad53250f1dc5c686f3d32ed89751aea9711e7ce707b3f8fc65fb3448c266b4ce6039722db42825d3c726c36ddc7c45a15318aa00cd283e3691e81c842fb8f271637204bc3bfa74947c17c00b43818cc9e83ba2fd2722379a82c770bfe17a24767ca7e4a2fa663833da4d2c9c13880b87f72c6bc75dc9698eff3f36e021d2d347748018c93991fb17a9710f0795bb4b444a960d44b7445e7bd2f878cf37e8864b12a4aa1740a644a8b12a72341140d369a71f915e7dbc9ecac19b3d746be5c5ea20bca17656cb9c4eba215c0bce3f2b5cd76ffefcf658afe195d08eb704f1188c646f06cdc5288a718bfdd57416e1dc87a22f5c066b411b2a153e72804c330899a866e003d3e79679ed67e5572f4d6d51cf07b363249e6a0b0b8ef1b789d41c79b2483702c92d48cea807959c62ac6621289e0cfd699822ee3d67134404fbdd954abe14b1ef2529d88484ec2bf7265061739d6ebb8257cd3a7572e10f05d1d1533a707ef88cf4c0004987f2ec36e2b27879abe285b602f25779576200d47e821c49057dbfe9c595acbeb7b0c8670914ce02716f434fc21aad11bd9e00b82978593e2619ee4fbe3145acbd2da5d1c2fecbd6971ddd93becca4074c9ef5fbfb3970e27a5b6e04071b34db40726dbd36f9d7bcc4f43ccb1f90a422ad69c9e31b4fcbfdaa4a2550c9dbe013e98506738d8c5a7da0fd463e0cee1529880762b9b142d0575deefc7d2cfab01c60705a3bee40bce1d43fe436ae6f5fe58481aac4e798e9b73c50dbd257ff0ebd4c3b4f5d819c65b008c2fff92c9aea1e4ade874ee3db7de6ee77ab96737261c055eccf207028bdb2e38f7dd0aff81e9b8226e39dcd92f3ad1c6b5212a7dc10eb248dc1cee06c2daf0ead48035f0f6426d362a5face46b5d26e35ba8e1cc4850761250cadfbf11b6e312446da636a2285e599b5ad0e7e2a1d8bdcc951f9b227dbb4bd9a06e93ef0b8f3fd619de48ec18161d3fbfeb4c2ba581c6869a5672e5e31c35c5220d2db1555fc3f7f930905aae2ef185e35e89acd49c8e281d08ec192cf390a1c45dd51f00df5f28a05fb5644703671c999d48fcbba3851f91b95f22b7ebccfe0bb3227eba8861f693be109f6f3dfe521739d281d7114bdb9cea54a9106f4b486cbfae56ded56cd047de4a62a32917d4f0b6eee2936032fa831e5502d2f8bc0f7bd5d14dda50e0443132cb647f6f5403ba96d6858d3adadb08c":"e1207486293acd4065b8bcaa23562d32a0e532a2080f7825b8600fb85635cc9a11cddad32d2a6b8804f57c1ca7a71447"
+
+SHA3_384 long #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"daf3dafeb903e95c40cbb9ae4028ca494ab948721f89282168ef7405a7b3e3c76e72ad93cf449dd5139b6840ae6f3d1573989da2057b6d098ee84a42b3431c63c7e2ee1f3eb7fd8d652f0e2b51590523154bb4cd39c2f1746708eb5d661bbe054d0b44abf0a42e0e9f4d547810304afb999b34fba2a6dbed5b17005daa82f03668b5583ecc535be027bee22ed23a33266550c6342a7153f9d2dc304b66c2da7d80a7d2e0ba0baa89674a5f5581c1e92be3321181b86983223420242e8221a562fdaa5999a2154393c5b874f6040b94927a08bee935d891efe9ab830ee5e8796d478695726cb94f86abd2c81843605ae4919c74758704a5e85945f6f4795e7d27c6032f72013ff6e8805e04c3260a66a892b4dc2c9736e896ecb625e625cdda17e2e8cfa247ef5f43ac25cfff9550de66e4199d164db581800bc5b7efd17bb7c604ff1c082711b31e97efd2d57879eba7ef93603b91cb992f1c3c551465b13dba920ebfae89ec1902a984b44cb7ceb4f11beacda44cbe582989e1a65fcab7947df6de5f9c56c9ba764aab1e6d3a9762cfd0e58b5864d7e5f8b87d53d7e6d5e3979637a5d974f0be02e22eb83fe91c1cc6764d435fc35e692313d70384a253528edce1396dcda94c2ed9d329caada40b6075ea9cc24f9b0b3300b95f6fe7780bec2fa3c260483c8c8397631a166c78562435843f88f2d5f4afe9e90e9f9b8e3338f646e9baccf0a78884a5322c10e1279a1fe3d3b993564b1f3530b91ca7dbf5fb9b935584430fc5c608631a137f25a34b99ce015e1a64390c4c5608eff4a877bc854faec694df0dc38c6379d3a38cf4be0c0f717d6e48e6fd9623a21f693ce1031c459e86a7a9a809766ef8756260427be16cca21794a797a7b5f30b4ede15c59c83ccbce64b4be20304c3fffa6e7b40b7eaeb54f22b11b0b63d159b76add1044f1fbdda5b34a768e20c5f57c566b73f54d9dd91151c7f339b642c62fc779244eff4b7d147cb1f8ddb0a1c2f15a32a6c1b400df6eeed22a8bdc7a1f24ecfdc0ff5af45321a7326d9447a750689a8476f81da06e6fe21be78a3d410b9fc1b10ede6abe06d71c15fd3c4ca044e8fdab0b21ef462f1a13ea53bc415f32a62ddc337398713f3bc3a2cf5c2955497a6dee8cc492b8c9796a8796ab519b3d441bc85a464ad4a55784210c7c458b0525d294226a6ebfe594cf39d7dfd3bed47e70bba9e0e9b0e13248d9db25080d20f112e6f49aeb222b712b493edf31909e5e15fe48c8decd9ad4f51365dddaa243e6162c2bdc71ab421a64fff433d1d944ebf2d9608690f379467517d12f2311160dc6aeeeb86820d39764a321631d616d2def9319a366ea258fae2d48a04b23406d0ab366b7384a85ee117decf77bf0c22df5769aa6ca7947b78a9df2babaa06a0ecb85ba6049f1012955d57e78554debf2eac80c17236a87c7f0aef604d9503bf9ef6a133b03ddef5017f2ff6e12418f84b8d2967fd8838cc6c7a97d060efa5c3560ab99d1cfd5f5693f1d965f1a9456ec45dc6164538dffbcf9d6ae49c26874ca048f73a913a2be7eb49e6bd5d50eea317b2e9551fb4f87b16d7db2545e602cc1c560ca4c380cf09660bda757ab76f05b400f59cb3893cdae0be6b0af48ab2c218a64c540a7db34ba2ac2726e049613737ec9d55c721f79babb59d1e3ea111bf23ae58d0fc7d731f1faf4f3a04834f9801ca2328b11bc32de651d3d77ab59a13dbf294940ffc89043b89c5378df194a8a02e398e07d32a021f17b1bf3f24d67090079225cb975f8b84c02b97b310daf9a18d32ee41f496c8b47bb93e029b3155ee51c40ea5ca712599f6e4e33a6d8cfb646bc1d1e5dc93e245025cfc5b7545344565cca725026862d97283a27a74154e974e48c17a079bdf5f200f42a04f8c7c43b7fe97dfcbafb3c1d77a4df9a11e3388a94a4555122920516962d9778661ce57ccec492ca2b198f1aa5b4e4e91027ad70148d62d68c655ca52da0957b68f8b0029184392140892d74f894bdfa06c54f0eac6ec6997fdd03850e75ab75c4042bb31050fa69c2f31e15b969f237bb68264ca46f0700c3a201a081d562ce43e7607892515e0b7afe6be32f5e0c07f7b63b1343baaf751f5d5edccde841eead49573a61aeec6d2d531bc8a49892d181579549d374465f5db623233cd5d03dcad417dfc3902df8a69a36ab5e420cff22f43cd89ac852264354575c14c59724622ea850011fa714ac7ac573a68202f8a23539a6e1dc5d319ae0026f9edf1f093cff12766282e42a069bcf0ac480fd24c9c1939defd8eeea29012c43224cef5521f05d3830e26ca07da65c57006685eb5e4152a40ee58eb8ba60dec2e8338f71d9a8927db166":"56da709aa4104a9348bb7cc4531084395cae7cffdb79616dd8df2b74b03a7a717ea4215bd79036aee38c1de07affc6ad"
+
+SHA3_384 long #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"e756099dc8c4c789ce92fe40d53a1129f77d8a35affb5d153e0171ab4ea25cbed6096ff13d0df2f6c206b0ff1bdfb7755c6d59ed1bff7658d237fe798418b19da45f298632171ba82768da9813b01cc105d50159abd95193baae0516904c0aaf19024142ef09ca07c55f82f205d2ca73b85b8b60a7ae7730bf0f9169ba67ef5bfc97be0fbb0c887b6394b2f7397049f53eaafeec56a96e95a902a75a4a91e80c17c9a9d4e048db6ccbae718ef6b01fad5f6862e401efc02c402e51d187f17e27303d0979a4e44e42c356c89f86bad605e23ebf2ff0abf45b4c3c96b6bbb03815109ee6e5500966651434bd132fb7f66391d31eb76b03938c94d37ff12cf59f3e7f9249022bdead3d86ef5bd03acf053132d08663ba1f2426e19c126b22e9390a44c139b77f8caa33e030a7bfef298dd68edc001b24282f91fb3f590ae7b491e229d5beec923ae5adec9eabc895ee15ba6da093c7f2463d34aa635cb7c27d2c2cf473e089ae11e71470e26ed47545264597c347506da0d579b6b0225bfa6c94516e45a877193937d135a3f8c9d85747dfd3ee249cda5f7fc7e6d0b3dcd8ab50ba5ff31d9c1bd95d4a038a5291044c00f0eac9339484aac38703681724a45fe8ce8f2547e1fe19e2e9a13f8312424bd9e0a5fb7b20b2aa2a1fd5235619a6b3e4f4c5822f2e08224d15d9699336d97c5b17ca2d0429ab873bf824a679a525cdcd96cbb2dc6c831c263571b08be313080dfe2106d795b8687f7ab89c88af6bd52b1b675e5681b52ff6b332be7203361777fb742ffb4e21757c0d59ab891ebef484eb622ea657e78143f6e438507d8bd02277894f783a2ed8bc1ace7b86dc6751626e83c9d3d5603d98664fc92d395a5c95db290f574327b6c707e0b586d0ad164c0c94d8e5e26a897a6b3a17121febe3588d1c179f50533a233e570192e2da68cb2d5b02e5684b8d736d6fca0617858cf4f72a0e5848fb895a25fb06b1fa35716639a2f0da4e4c730ad4b48b1209717ff07f1b9d8b1567cef426936deb000559a5982f49cc7cb560c808d2023dddf8e5d48fb66b3f9edf2f77a8e9dd48dc934810b2cab6c4d9ce7e337191d68f7b60e6298ec4217ccbabd46d13c3ffd177276530ef3ddfc84fdef5d578b8af10cbf1a976e40d664a8412e65dceea7b8db708d88cb84f6be3c52fed36831137c9b6f55743f859e3b2b15d8dd04326f8858580caac73c7031a24078ddcfc6213c122b2171934703fbb3ad5f04dd93e1ebfcad563198a6e4e7752affd514974ee00f971127eff1a236e07bf385cf8fc97456c50ca5a630cf501386f661dd40f6e8f217a6ffdc11e37d101668c850826081f553928f768699fc0be8ef0c603fa3b758415571be34522ef0e11155171851c536bd8a479ff4cf5bdcd56c2d640fffeba088af262cb578dcd1707fb479ce179eb98746767927e9eff4b0d05d5f2e45f6797206759e21c1f75059165f0ef02c7eec257984988c8438e22fce049807205831821df88905b81eebef77bd2d3afaf65d3c760a849f08c73386b7cbc5471991672d381783ede5a402c816777b1b2d857b20de70a3dbe20b577a200b5d5a9c2298f7f76b0526b537436774e67efd1eccc477154faccfca85cc5e895bd6be229c2566ce5b836cb1490c3205b28f7d590cd7a3acffd5e70cb710c87635b7ee376ecafe4f71950c6449fbdc5b3442f856e6033b2829d5be332fb33c59117767550ac822dd45a0a238ba60bae814301ab2e905a1f93612b1e850222eb4879bc605f0cb790a303cbac93af9523ebabd40d7862d7ca2ad136e66b8fc140af0ab66c4c1337558d9dfa2701c1436c19060f75f2e092fb7076e4068ca8f80eef51cd60bfc9e8c4b9af015d80e5fdd034db1ca9471174fa8cd79e449158af9b2fd669065f37b3254fc14716b622ab9864b362711dfd630ea77dca6a22a4ce319822f324d56480bf795b34194b80350dd01549971dad4880e9eed23ee6963d1652bcd183c85938db5d063030e8078374a18939e1ee280c9879b41c898635e492842c6debe11cc1c12349a32135c07d18fe979a193876959e80571212a989abef56fb2e24c8b705b9f4adf5b5d9b20c4010c8d405a5a0cdda255d1aa3f89b7b73f1b07bf52431eb0bf8b98eb47de51633ffa34f6edbad9b9491509e021b723a687dd3be279e935afe56f5d7e6c862843af2b1741b82a5e613ebb705f8b916d21421ed5e82dde43cdb37e9361363303f9d1178a9d6439198a05c1bb74d7a9029c00685c3ce8a2c78eac21e1402f5572ea485825765c67898830c031cc908e729b3542355d34c74f673201bda7c27e038977657e791b262ce0422f79c340823b937324f7c59ccc39ebe7868ee49a1d247bd0b7dbf22af57226bc77f9f55254dc092c892a027b1215813f38eba310a35425f6d7e49e067607cff22248df5056c280d3f732906a4960cb9b914a4fc0a1210c5c4e2ec937f84c4095c6dcedc5088d8f0bf7b7fbe4d2ba2f9f18216714b709b37372f0f":"2ad3d03e159d5ea831351e90ac1a86a1bc9c607da81908cc7d14f8f222088c1576363a6f00e37c0ebd34b11a0aeded55"
+
+SHA3_384 long #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"d2e63418b5ed46aae4f5b414cffa98d391f80b6d2553f6fad77625e3f8ba9dead68a306aecc64ee055641eab875dcd103dc72781b53e641f1c89447d477b5ea7a316b4636ff78cb628ee7baa45ecc34f2522df0046675be7b7dae9c4d0c9b2e920d2ea89a748a73345d9f39a736d1f9731505b713f94845b90b13d3efc6f41b93506f867fc834860956dad0278a98cf1499bc45c0a8e8782905668753333b41ecaf90682d76e1643fef4d26abc68b063554942490e1d0b659d1091f1dedfb321c7f43d649ed3bae769b4895aa77133f83da3fcc1b308b80aa029e0386339e5c9143fc494bb78db51bff6fb5ba18ebeb5e9f11b4b6119377b82e77ed42c0af31e9a22c49a9425228be6024ff41285f9a4427bc670801630c02993934d9f1984283fe565ff93a4369cc820aeae621f8bcc2e8826b778c84adf7f744629263041f0eccfce4a1ebcc18c4c984010f9241d35966263a8b2f72ee26bd4c0f22815d27d8a2928039f34686359b12ca23f5c56e8634fa4cb946b84d0d4f9292f0d91ded7ff3b9ab27dd5d52ad9b59bec9d8fdfec7b9811a987ebf3b2a42ca8693c6c0d07354d4de02067b0e9b3eab47779845f49c885d3c9f441238fc2b565271f6e091412a76914f0b2a0a6cf99a0ca3c047f08315d12b34133bd6f16dc89f11d5f7706809115d7557d4e6b1509866d4fd7e7309d6af5f0d88a695b88e93c4f9e0602e6665279b0b792623f6d848fe918c53ec9f6f2a5071f0dce590023a5ca0a2c50bbab33be277eb7832bbf50e3c501962cdc233e4a808086957466d4ede9ca99098d397c0cc412b55935f3b6a98971115b6f0c960be461bb65b1a2423b354415d664f7758a10db538d68f1fe0abed0ff708d994110ba2c76e71a9cb5b835e1685f49cd656192425bc7c9a1702deb8528163bb289828a487dc3b63d778c7109594b43a396b8d2ad93ae62eb543b98fa54f3833fb489dd1d98a08d6bcfde7125b2425b614eb85985c5eb3ab8f15b4d964baf6c280b4c39139126a80f04d6be9b39ee98f0d689ae33b72659ee90b693c1d4f3fe55d6f429922ffe0e125f9edfd5b7f4023676525a1d3206c8777973f1e3b96742ae5da8320239d0c75a285b5c39f3ffa11c753ce3adfd338e39f4bbf064c0b23f1ce791decb7843dcd1a738be31b7b57e8a1d6ed34ae256b31e49b616adb27cfe85bed6b455b400545e235b8b24c9bea069b410b15ba717400dbf8bee24566f85d328a13c09b4af37e8e6ec4e7af2c30f9f834c064a151d3ced9f63fd327631deec6e17ff4d42f78e5936148c9afa6cd416d248597ef411afa83165cd3fd86a11bad862848a248060985cfacfeea960f6b4e92c325f0c9aa125bdbae5b445c32423adaa532923f3b58da0c89eddc7487d630f21195524611b4c8b89cdf785e321113716f59007f8952049a382cf1bcb720a8d4f97c8060d2405e3fb0e7260740f6bbccff12998360939a1b5022c6e92dc91abdd33207847c5380c382f8c9e1bf71985fdcf5b9e5618c0ee26a65d8844c3dfb1f376c543b705cd4f67b8ac0682e002dac6188de0ffcb9d791ef6c8318a2fdee7bbe7202f04ecacf4b0313c6251d2100255532927da29b88ac47bd6310c2975955a0e9703d782be433c23a37830d62a47d008963b8f3af96840bcef4f71b88c02fb739389d7d0e98333164910c5f238ef60c03ce4c506495dbb417c5462e50c77c49f7d87addd16febd9096f4bb3023432c0183ea24968eaf5d93e30986b7db3cdd19bbc600b12efa001bf2ebb898d18b5d56d31456f1b2a74d398e338636e2996f69b70e795517c0273ec5bc64312b0f1a44942b001f9b8db4bbe39d096a09d6a218d726c0d0bb9858827730690319168c552ef8cd2933a9b9a24c0eb85c393a9dad85d87c2a00c9bb6d700f6c1684eada100940621660428575304d3b13580e89b028ea556cd09d7a891821187352d12dfd8dce6aee0ca23fbcf72339974f9a8da92725f59d125aba5ed82d12216d14ada523698bb91e0f100008585af10726d221ec5101c5ae49a67216fd0528bbfb818f31d86d807ed220c7cdb4472867fa80a0de3624ec8bb263503b57979126cdd24321e4b94b1433969cadffa844565ebeac659b041b93dd1c7db004706395d4c74a59551720c8799a041000244ebe99b4cfe94a495aad11f782dccc39a6ef56892b43f32e0982ee56895e80644d86f48b90d2099cafc1981ce826769a621e9c3f6e4585a70d2ad8efb20047104996b76b7789a1a524b8b8b437f8cc3aa009ee129cc9d52934a88090075c1dcf4ad62a7b0d74da0bc078bae7f5b994c26898932a3c36a95d87e42e5f11dbca49592e94e4d9fc7b768beae6dcacd097d9c0b3d5aed6f4caeb0dc62a8457e515277d863fcd64894e908ef683bce3a79d28b242fac7f36b007acf37bb2862e3c711bfc6715f348419fed085dbae23a56e57452d4b9c1a0312b2d31d2a73b83ba8ae25d673c2d353a56b597d34dbf332d10d815c1056d324ca3d2362c08ce35780a7ba9e8d1dc960ba7d32c8d76bdbb68ff26fb8911ca636eec0c7ecc29c6b9d17a3830606989c121fdc624c0c85639970af162715171ca147e6c5a57bcad677354b8af7285dd6d09e31f1f31a5114443cec7f92e66ebccd9d542773323fae4ca147d657":"355ddfc00153e895e8f8f3a4b7a5d45d4307783744f95dcaa92d64b166a0b8cbb09aa505035c486e3925d92959fd00bd"
+
+SHA3_384 long #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"ae6d4141b918177a21ebbc69f6c36ee6044eef3db26586272a9c46f9ba17921c7a9fe1bd30f4bfc57065150c089fa9c99bc3e84e8bbbe4f21ccd994ed77074ac2d5f16bc5ded5589989883ac62e0f3bf3b5aba157f00b3a88bcbc653218469420ed766a609a9dfaddfab90b1cd2f55b02d3becfc56dcfb33bdbd557260f879c6642c5ce3fcd068198ec7c4831134d682ba8f0669d7f9c57afbccce125b77ac2078897ddbfe0bf5b5ec13a68af6967e1e287e91c6cbfc18658c20ba9adba70b38921453f7d702906943b8be2f44fe556cbf2f147afa90fddcbae0a174a8309df6f9f5659d4e5c401dd9dd94d8c2136454c9cb17ed2c5b7bc7cb3509078abb6b43f7553b362dc10eb9f8abb1ef397eb2bf8c79228729059a0e08467cbb49f07b05d25c5e2b3adb0025e64a9cda71e647935162beb0b837629ab93c81f8ac76d726d33155e23e4f2149ebe1dd0332f42cba60ad72d0a399dc51263ea1267cf6878c42fda8c500c8760d5198fdd04450681a0183c74fb0d20f1c967562ad8117912167e7e03b4aec095a5e9883ab6ea1039d7c0c4495a88b04e453084ff68382ffcb891884abe263e1165c09f7fb798f062a186f710a526bc18fa320ed674aded974f2b71c7f91d6062b9113e2272ec478a81fd5d617781b5006cfe5c6699dd42503e8ed301e1fed817f46dcca9952e56101d765fc22e042b9321e7e6165460ced60b4e249f0544f59fcc28f3ab8b09dca1c89486a95538902fada1446c10b2d38739ebdee5df8a596894f52b7ec0f91bae17ca5a8d69998354549cefee7b5e00f24eda7a8cdd296410d334dcb9d366c3938faa53f4f7a1659fdb5d5103d0ccc795bebc7fea8abcb6072b7aafd33eed44f094970b666beab77096450042dd79a7e00de4678564bebfe9f238ed516ff71053cb22d95852c0096519f68631de0f126fb0f4b9e3f7a9f207cbf23dcaf31ed62b97d0565138ebdbebdad45b377ed7a7a34c6fff9cc008fd0f1d29199644ced6e68f21fac78aa8af735d80e7fa2c7dc81934b891063a46215e6a600959e171c323259a4f51b480d4aa166ec4c0636c04301e5126b6e2fc1f843819756c65b1fb5fdf9bbc56632f1bee9a006a40b01cec964ddc293536a537ff0ac7e6642e0a100b31b8da6c02fdc5cf5ce850e19f2ad1aa67bc00f7c1ac1b4d56fde4d7c6e48193a07411f9106772bad38901398cf063ead0735674f0ab29fdb11df91dacdbc0a7c0500b942806933fa255039f061803e63c948243601cf47e8dca8bcc6c4a6db5f5df2fa39655a7cc2dfec0b8970c421ae0922cd98c6c0b4e5166256a71dae92cd563e6cdf7df40fefac8d0eccc479ef780eeaeadc222ceebb0834e5e59e7b39ad390d979c8fdcf367d55bcc1f2448b1a821c9046cddbbfe50fa47f3e810b6d7e64e8602d965bd3014a17dcceb59d96e268ae7a2afbf16eb8e34c207173a067562ddd235fcc53dcfdc5a1c96992cd32eda916b4c0d90e5bd5cfdceaadce6141a082e18b86f7804d7a9465fb38f62dff9ac7e7e8aee17cf7ca19f93629eda88cec08981149846bb5062af6faa37c6a4d8849847e5ba1d7d31476038bac6df0999723535d0e1f60a42efdb7303f81fcbd24a28efe4d96a97e43589e637babd3f84067b5b74b15298b6381394473934fbf0e6769d10b4c6c49b5361c463e33cd39665a31b886f200eb3249efafd64cedd3940ca7aefb1f9ac608932fbc5a9246dd875f59e95852913429dc6ccade0b518b5406cae0b39caf83abf42b2e5753cb4501fb80c235a35506a8bd133df15b1556ccfa360ecb5025032dddb124cad4d51084c368db8560c6d33d408561c6b8a3c67d3b9b8188b695b4ecb434381bb1feb08e2b547dee17511a561b35eeb4a0774ad35f4df1925c7c29871c26c0c057a2b56cb7e651c6339e4c91a1a72d51af2a646de9dfd77e9e42c18b8a2b576f526b9fcedd90dfa442090a6e784bb614311793bb5fb39b8418842d586294746f1ea3c02320d6801ecf2ba44b13b60172d2d9693a158bc66947aacd7c5a14a0463905d6e80649db8c4770cac5e858a7f400da4568cfaae08498311265b50e539b2dec34ac124d4a832772ee5d8ab6122e57b4c8c5d2a3627ca6b1acb327f416c469d169edc9637579fb9c8f705f40c87823d363efc307c4a7efa6ecd3075862587940070b902eb4f740681ebcfaab436811c09745054a9f9cdf7b6343f7cdbecdd8d27ca40b01b18172601c81d1380b848e06e3443dee5bd1f2c990846da684ab04e33b359e7ed38f2e1f196d679999441510c88bc15571cdc5fc0522cd856c668a1cd34ecf189396bfff95ee4222652d2368c77a44328a06c59d21adbbecde96d4c9d53e11418a3ec47c0272e57507b65599509e1ae7fd138e278663ad4f43927174a1a2099c2fcdc82eff99c5f3f966180d0475c9e8536a6c25a403161f440ffcc7d9191c8aecea3782ddc16841a2b2e74e438fd5d62571fc01fafa8aff5865b31ddbf1de805a0a9f123d9840c0ac234fd7ae5ad323dbc0ca56fbc87041e92a41013acaa43eefb55b579f7ce4036e4dae23a5452643eeed339f46db6a997ec432fc660211f9266118bd63fdd68c7188aedcb8fd53c8f74de4453cc1ee6891c9e569fe46bc51969453de2b797cce4e7ace4d69e1f0255d6938e37e1a5021caa1f4f453f6e7daa8c57914669e5b3b6d8a690028717febb9d5cde46b33447771f2de16279148e6d58b050aa5db0676473e1b9f854a477e650a0fe284ab4fbc3032fd39b9b44428b54b842b59ade2e1740c527600db0b70177c6b486ae0b6727":"35176b0bd105670592c7d16861e82818e5c86d37bbaecede6f37dbbda4d9d841fc16d51b3778382fef376e05db0cf6ab"
+
+SHA3_384 long #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"b6ebf0e81aa4563dc7d8421f685cc3b59d1ea2f493659408d759b3f56cc52f7e1b1c41460aba6135906db91d4834d99d6446ac464456abfd481650a0e2faceedef3eff9f472a9ed99295b6c85ea85a856fe497385666a783466a671e220f0cbeda5a113cf87c73f37658216ad340ae3366ff4a12f11df062795ee1b5558c50bb86765f6546394a49e3bee249ce843e6fefa0ad1c3c02ee628af9a4aea3fa04aa989dd16159e88aa582d0e2ad78fd7003b5cea89e609d0a4a2144995133df8f54bbd44f7a58119bcdfb9507e0f932adb55e9123df8576aae4e545a8e52ec659819525c1f66b3de589f5153a2978ab5e4f93f10628d11638f67f06bab4bb34caf8ce970f1ebcf2d0a3195964cf1df1e997fbf739c16f041a49968fb50403b34a830f32213a70bbc4e10e686b1b128bb8563faaa4f285c8baa5d3e6831e2eca41e800ffdf92b21d290d7c4b39557c013153061330033ceb7ed2de150a4a630217f04805326da8a267ed0d08b4c586dcbe58f938c33bbbf4d0975e2434cfcae134638f4d00157ad1e64a67a9c6b255a3c62bc02346e32b6b17bdfc19e7f78cf100097fdd33d051320eeb3235566614deb19502dca243b3d8ba0d5ffe0d08d1bae4aabebfb1e7554e489a17b54b27e916e65e6769bda37cc4234c2fda8d4bc0c3460df4fb64a2adacfa1dbd308f3efcd1cf4e99d4814badb7b94516b64f0882948ffbca97324882d58e3dceae09f3769ad32d3d25d5826f37e4bfba993b873eb5283ce79d0523fb4f6ac2ef38a18d7ff65ac2fe62a092eace0c81c38b390f1daf7798f514c47941a4f874cad43f563e6fccd68195ccc145039954da9531e94708e6d7990557937b5b9e1b078dcb94dc8c923171c54058a95ef300a7bd0b5ee34bdcc07d77a5b9d2fdc67e4e682d9081d5129b74fbe49e3d68834dd10dafb41afdc11c497298326e11d766456f4e9253d3b5dc323ea0dd2aa8af03018d053313a8fcb3a5ff1748761f399b97a914e17d0de3bb55965c5b97a7e0e9de44f625f7d3f74d37240b4112b053e5ea1e68c7250c0502820b0062adeb7fc8113a68d0ed0719b2aaeb5a666c4b8f0ce7d7338a7456817763a6743893fef2684177447e1ecbcaa9a45cedffa97854d735db5b739175c1e3a06ea0257268a39117047375b1a772fccd7eac54f4bf0b0f7c32cacaa4f12b0de16c6d7372aff80b3ae8dcfdcf237971cf597fac73a91a7c66e566d7d75029bfcda6c168ba5d5b9d542b6660a0c848d14ff54f514ebdeae699fb19e1501c22bf0c26864e73f933110ad6fbe44b1d45e3f85b0289ae83e315bd7cc93237dc7ed647f4a26bc40ce82d06ef82d3f9abd9716f92829dbb846dd17b716010b519a4cc2616ff08d61de2baf081e273d1f86c415fa2b5d59c47f1e17be1c5c4f25afe695096836cd1b4887f6f91050dfc8e671d6e9485787a55d50e64d4e0961527f3756e7b18e1dc5a44462c29d2e8a1f530cb446fd9d07c348320de5299cd4608ebb727cea5ad1f957dd5cf50314ee9b331138a3b9823cb6e61df9364d8b3af864ef824961119c3f09cf5ff0f0a85fc52d1bfe800acba8e8bd9122811858e752885000cdb466df0f0076e646d45d6015a779505c7fcddee115283486288a7c377f69788a62bf1cd1f2708a772cb8920518d5f8a9770d3138a34f8995dc946bffa0a8540fea8ed8304648b702682e683c17ae31e79f0e6247de63ac30c31b391392991dbeba5a8392727be669253354f31a6ea6a74645c4973d2116f77a63562bcbc8502750a6b1811d66a32bd26bdaf2a793b1690b47eacf35f4445a511155a0c29275ca5bf7e4849db577cafe4c7c9335ba0c9d5c9947285f59dec9e5b9ca0b0da409282ad29f0579c4deb71739bc5d4b4df2b4c89e6c6b1fce20d6a6a0f5d3035974b14bab439c48314270abd81cc95ecc1e5fcddbbce00dcdc4f1228b9b815a4f63064cf664a17f673d982a9c106ff6b0e9feead5db2f9fe535b9d7ce1dae58e23e879d5884cd85f34a9e21ea29a99998e0028e2129b25c80fd8134dceea2b5be71c5cb2626690251d3e31066db0ebdf08b1b46223b10aa3d76f7c85c9116c720a7413503cc1c6b0f74177486b727ea3465a9a17d81b32f874c8e10b1a77323d5497a8955e8402688959bccce106d94e0ea2e0e87802252daf8a49c7094304238d2e226b0fd8ccb59d2f097a1a948549293190bc4d8d69ac4e5dbda1de9e6b8c7ce08ab999e5adfff96a653a5d4508fb5fb0b17d9de588db19eb4481e0afeee0ea56e76742d22cae66b3d9f4f140eccb77c74c12b1310a24dad9e64f589f15889f38415c53c8d22aacb26c901faeb8233b1d6863d19a75ee57d2abf38e9568ea632da18213ee25db930e26f62fb7f56a715b0d58444853a0597c9c55caba706ffedd0ec0cc6daf2ae3700f0e69822a07e22843d954622ba4a87fc05e5435b47f37f190fec46cf87d637f30c11438df64562d13ce471086610c8420f4732fbc83d7112f244514863ddce490f57a009de89512841f667ceb3f4d33c20071d011e1a7e4f41b958ce3d317463793e103eafb667e9fb4f9cbe2a63233b06b943f3a036c13e6c9fcfd97a5d94e2e849269510592196b754828f3fe852df21b25a5bf4ff1450d17c48f281deda47caed559576ee28cf04b9ab9a7af0cc88efa6b29292ffd2372ed336920a21aef29fbf2fb869f1b7f361c39a6852190ad8eefb0f4ff0a57551c3493b4079b27d73e52307865fe089946d26b1816bdd883f9e13a2dc948c88213d22a976372dd06c29ad8f87cf4708327537937e0e9aef3d8ba53fd1050185260b1413bbe8e0421bdbd32a254ea1ae5e189ab2a6d0ed8a53261418c5a8c0f6f0ab71fc89f5764d338a2869f7446cf657d5a481a45951f400fbe4c013263747e19ce0e658f35c4c139311c17647157ae02b09a2eeee44b6d78b9be851d3d112a96dd":"7d9c9b9bf8f498815a36dd421a3fd4a67d8333a7801f4abb9e4b46270dc52cb17feb3b953fc34fb0f18b36f22c66f723"
+
+SHA3_384 long #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"8a73cb778c74f6adfe1c404bf6fd8505690589e74148a13aafffb0abc3d155aa3a52631197ca9206753774221b95aad3515c57fe724bd5e9c364a7590338aff74364a1f8f85cb8fd4f67a838c0ebd3d1e6ebbf888ecec89b0e6212ead820c2594eb26e76d8b2d15c34b5c4d70e886ac8d1b9aacbbc59e2183801d9a76913f6980342b0d15f5546e9ce27b0452df3d580b9cefe1025758b27ea49e5d8df98b37b091e5152b4cc7d6dc2c854ca44b47ec14733a59ff0a92b92cc431cc5613861cb094e3741009fe0afbb9d98b07b54cb5323ef85c0467e2a1f85f667b518796850aad84ce66a57d6795fb0653dfb5a26fdf40a88bb4f7bf097be6baff22be631d295c676881b7bc6915608a1bbec4ef688628d95d73228e5c11ea8dac2c304221971209f713a931ac049ad367076b9a2bd177f935e180d72674eb7d16e085da4ece7ecaee7f02739cee0a80aa5bf219461b8e86c9628b3fd4ff5a07d3d217820159f348b3365c08b83c20007a1f211333ff0d107c88ba1f042bc69c57937ddfc5a40ff1e9dc0e578a798bd14ae350ee71e64414c3b685fb1084b1c90687115a28473564f6c2a1f680109e81812b0a218c5bf402339e876aa6949c0c854f8a7785bdf4006eacaf5c35abe87fd168d542efda7d67408336d412d5e5e5483f31be8a62dc52b5dc9eff17a5ea5aa02f1ac918ec40c27f170cce01b33fd1c3e8bfa582f04eda60e4e955a299247071e0633aa40c0e9243cc81ceefd70a508cce8ca32bc0dc15f458270672f0277fcb1f470dfdb4075533162e3d399bd5e00773116dd16ef483e4a8c077e53553c7105e3ec9926efb99d1867acf6b7c031ec858f63c105538a2c6495e2095e349f4e60fa2d41ea72bce838fefcc1212425b43f293b4650e1900fdcc58a6e1946a67b0b61bd3def74871eda505d9b9e8f4340ed2825d4c14061d1fa43861749345be04e4124f7fd9b2025468456ecf5aa9278d7b3aad31e19055806385e6ab9a5c66670c2e8d5dc8f91e7c4c3701def1c1a4544f350ab3013858e48cb9bd13042eef3bb0b934153f9e24a9c353194548de38d7e0fa2c4bfd7e8590825c4b375b3db707545ada22c811938150123baeca7f63acb302587930c36a38d6d6177519f95c6e797bc602dce40987850cef77e0f5a32747e635a735b785320ccfb878cae25db592a4ae31f895e510d49b9b4d470175fc020e3a6286cb551096a194aee8992991325de92c9597c4d1c156c57b47036a7f93f2dd47be6f585906e43283fd8e4e75cb101d7f5e7a173eddb6f4ae7b7bef46502ca4a317240d7fd010189464223ac7ef6391969dbd5abc8c44bf335eeb72d4e92417215b79f2f974adcd5cc7058d2bf1b11c1eedc20ddf4f887bc65bd293afa161ab3ee5e1975a7725b74990a8b4068490e354c928bf1ba9eab0c41cb1d03b2b7de74830eb79175a007cf75b7c2dec0a7bade4ba61dd062de3f4a8fc19a6fbd9d141f9d70806b49fd664c281f0794115e9c24b3c0df6034e1cce01846a96865ef441b042b7ceb6bb1025479eb614aa1953c704b87d78a77cfda35a40351d6f0d6f6d080e8b3fa22e3635031c3d9e8ba752328dca40f3775d0efb1fba09a9fa779b3a6d94f2e7eb8bb0fa6184e7556a226d8b62ebe8f4d740a95bce4c48cacd2010205d607f460736290c0f6353f7ca1cfe380097e5db6bda853be281730e5b9956c5541b90d899c006e04931f3f430198cdf0358c835898d0b11f8f438d32a35e78fee00c82e07abc2fdcb7b57c9108aa1d6c798f091d4cab3847e1edab7cda83ae687ca95a4c57bf5daf299ffe50002d5b5e9f30f5eb23606f9fe6bf93a9a42d96fbdc379db779317fe4b284cd662f48102d6d1651ac6317df8d66614ca34a84b920ca5f530829391ee51a0df2bdde24c341ace9254755fa0e7a287bde5013af9e3d0cc98527afffc11929e1743b54e9fc02235377a4412e86cff5b4529a49d7cdbc6b1c3bfb53acf0e8a6a95bcadbbe43d89cfa51ab6fdecff295b4af683223cf03af017b6e5d6834ba5b0caf51b9cb212bdd86ba4426306f4dd024fda118bc2b7ca01f4f67145a13f70eb379b737391d63b0a0bb57b04cf0466eac452f41c9698d051fbecfc2ab17078845c1e69d30c0e8dbf05acc535bda4736f38ef9f67312a0a8a8d08cad82c853916b8dc533d79022261da18b5885b3b7f1a2e0e77ee2ad1c4f638e871d08ad41f1cde73c4057177a5bd0987c07f105fe676043e1233dc269c3f7ffa85c654e3a6f12d6330ed8dd5640b04688a7c8578460d6c0cf2badd9efcc0d2cd8b1c033a7d4e26392e381691f9f66b395823132b0a4ac5e99df597b15314d1bfd6341e5eee8e79441087a433e3e99e78cde551decfa892628876a2f45bc5ed600bb12eb7973c67329c5ecf319e5f2eb56045ca0a02c151e626b077ee733e965ca0158cdae3d2a083061ff011a5e18c6d93c6d433200f95030d259ef615f95ce427d3e14f70db95a3f26daf6a870b580ffcdb08f0b3fddc47b06870a1c080b1b4f76e947bbad1b713f5aa65a2ae26e22af014e0b93b16881294dba5780f6f354db3684ee61e3f95516468ab30a7dedb2d11e6f40321d438f23f01a5ff6f0f47fcd0335915378fb0fae32af8baf09da3b4c6d3ab4514c16f65236cea9e4c0b6a60d2624b9f834c8a5ed663c69814edcc20a36d8f1560788be9d69ffbdb32ce2d082e77bedb8de0922bd295ad6e8139c51f2c1717fab1441f0ebcfd424ccfd2006168d5fb6fb40658b05c531594c22c2efec552ce4b63bea9426b2766595fa174fb062fa9b292085eaad80e87a1541f5a5e03b31aae1462bb035580c0878ed70b338ac7424aa4710469ca3a8c1ab39dd7ab6bca95893fbab4e000abf96dc9cd23a97b4f5d9e77dafa8bc7598b777d12376561ebc77332413756f0fb79629d1e6edb3c2a44346890a17f440e1e3dfd36fa1a9a9918e2b870a2e6ab11b90c65254d3751da9e93035c89b2c4aaacd4c05680495a75125e2ed3980d936130c1de7c3f4c50f2d530e47923c4cdd1cfe2731b7a6035e23c5c01d4773a4e7c993955adb598cde580a46880f033d3f5ffdd61d048fdc1730f42de1dd0fb30c":"3aa0630a5e6dacff792164a3a0da804495daf356a6c4628965924f03c16f9a0280f18362ae52a88df4a81eacb859938e"
+
+SHA3_384 long #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"a9daec3394c46f2d6362b15276e72c043565b6914a3657b50e9c586040a49cbafd503464ecf42d01bae1acf6c6413e6d1d4269a0a8778754a47bd4a353d7c5fff1259b74ea76392d4af2323a75be2791182350525fec584f690f6ecbf99099826ea34beaf5113ab9fddc6ba7eb268f750f4f932ed75e73ad43a24f5f9999c04a5a106c4e748cd8abb9e97ec490412023eb0f5bbc79947f761c7a9ee79db8e35f9fb52529d1b0bc0d685f9419cdd680a292abd085ab5825b2dbe084ec6cb6aaca23da9f0273458ee6f187d42f08af57faee6b1910d6700d6a681c29f56e5abc92d0c70261c213f53f3ca9678daa924e34e6965fe563a5dea6ab76b48a0b6ec2bf8cc375ce26e19a1f310d74bc1c480c566176c98db8bf406c8c364d33abb8635a411720d20778258eb8fa2442c5993a6b4951808f3f86ddc6f3a31e79b602486ad60c2cf4cda13d95b9ba9fa90c4c80788570ab735fc25abbc8064ce3941218f733e8c1bde0228a3a1c930c785b2b8587fd1b73c27f3a6253f3a702faadb07c0a40f306b4a9c3b687c9ce933819fcf29f999a000309b79b975cce66446aa61ca9e57724618e4e6684a8b25e70ad886ec9413479be6401ad8eebc3a04b31bb9fdf0aba434cf8894438a28992a88197a20cdd32067cf8e0414189cdd9976bb6aeb1970589fe503ef8ab9d995a69fcf1367055dcd1c32d1cffb61c3639ae8160f02974a021fefc332ae5822cdc39865dd1fd917aff1e6b7c8ef78d44e71ad9810e4e89d331d4663181ef3a8840a387a41bbc7954bb121ac9970cc5400c63dde1af28bee6e209f4ffa5d0acf5af2c678ebeb4f6b22b29a2cbc1fbab72cf0ff4477cc0fc205b2410673f90bfbd515e8fe35fedeedb77ea6b4ab5ce262159a8857c1c1d29cbc5ad212ff7385d274dc0656ba9704b18c8dddd0e1a8d2096d1b6fa4938472f2d472c8f2074ce6d7acbda52ee4144f3b1468b61de993e801a60bfba747847f48e0a2ac1025f5dd6fff535bf33d271d0ee187b5d84daeb2ef32e4d2dc583246238352f219d5fea82fef15812030200c81667353bc6849b116962e7bb0602e66072f1c116b81d7f58bee7cbb52679f8c5735a42616d3f5713c62516ccfd9c96d583666a081d4023408900170e64e061ae4b1a293941b5261b509e60c873fa3babb4bbb15f9271df22a563c38785df446be7ce7229098b101251f6501731c4ddc94d191e84e058bae65b3a5786501da8e38f9fa69b8f6c1dde0f546b21fca1841796a73addcf9cbc75f3aa5c758e4395008bb54cf699fe5668d3e13b4f9f39397dd68e8cd326e6edb5b5dd59bb07f813a92237eca2f0e9c298e4c44707e03503e357f59dcfafdd568fe9fbd6c083e52bc69d4d0f075cd669578c2617b2893deb315f05f337302afeebd62b5beccab2e44044213c8da46d548b112f34b960f8f84f37e518747274edb2c59671a7a30647fd5fd8fb9c92558a1dbc0625822e0f322527bf94ef3d642ccafe649f59d8895ae6369dd49cec3713f6d5d47277ba29a19c76b8ed0f58a2c21dc9bc6e6a2fe427e3119650f57bbaf8fca4c0a4ffceef4e9a6efaad3b8dd5b7926ec6654271bfb6dd37ebf60f0787401970f342813009400855ad5bdda2a5141034ac0c4966c10dbaf1c54e525845f3348395d467a91e7fcf74f8805c60bce0816593ebe8d5933664874ce127359d1a3523cde21801d614d51304a3208fbf23cc47a58b8587dd39c141a736f46737bc0399c3f5fc00db06047af94c91f759e5d9230a738a45461cbb66ffd622b7bae1882da0947b6ed25d43f0fe04175f302f9040ea2b5dd576e939407b471aeacf91ab268c48fd12662279be3b511a91ec08d9e86c3c68ff16a82215441343cb1dd554ceae98eab53d5c902dd9be025336799c61b82d118dce5f602e81c104214db46b6b2f0caa1fff136f8300d0376eb689c1f4f786c2454518dad35bdac7b30637d946362ca518554ffe08d71121aa134030e951d0e2f124da784cfae5f34af16584a7ec814468e7192506870828cef5a6d188ed91d95712ae22e0856af0aeb54655d57992edd65c78ccc3373db5a406c48c18f4540e40b89ac0d824f225a7fbe2341a04e7092c5c75db8810392ef2eba14ae38d9eeb73bda93a7c0104fcfd6b420abcb509013091173a9d3a83fd814f45f12fe1f9d7bacbe078144128dc77ac6dbd04b57f3baba066d24adca38819d8b96b4518ec3adb874963e80fe62ddf676b373a2cd12164346a89d71f2239812e049e6d59007d9f9bebe14091c758fb43455ea642881a25f32c488b2a877783fa2e74efccbb06ceafcedb63ef52c394e9021c901d2b8db485b3f8b0265aa9e5e440d4129aa83e306afb3a9a5210d77100aa583fe842e4da93077f8c3a2439709341a51feb4c8d8c7579e42de287fc5c3146fafcc956865fc531c7678f6b8eecb039d15ee6315cac7750c364c6419b1b24dce90fe8eedb0bc238b68b4cba1021e2313f17b4de11561989be8627c61a7780770fc06e924ba63324363f9a9627d7d22fd7927cdb1653032bbcdd2c9ce338ee1c535783ca3ef7bffe2ecaa1893bd5283e811667b1d16bdc3ea7affe4d5c2615d59d1b4e1f1cc70fcd8575881ab4e48b6325ed9de7ac654dcb6645c461ef089ea9d555f8184ddeca99258878d2facca3a8ab5d45050d0bfdd8e1e7a75e03a830a1e44da83e3904996af54b983775551914fbaf88935e23957000ddcfceffcc74c3b04b871749012449dd0511d38e4695affe2b8d1a0676bc98ab6e63384d3d11192297bd2de39c123dc5000a2eab69be829a187d226dcc1b5acae38b2554c3b0ab22787108719e0c4f9582acce36843d94b8c07f31fbed59bd4584711c7c25f97f9938cc2e59d0b98635d41e3d9560b9ee4169bcd118a01fc904993aa52d2d939f6d1df52905f7c2ea8e3e890332c5db961b5c5b892cae1587ef6a1148cfa1271388701481dbdece83860715a6737b4b9630e185e19fe0e2feef3f1c8eca4a5ce1d07853bc454c865a0679e9b0c249b0f6663f6262d9fc2f37ea5f83fe87f0db132f7fd864a9089176f7da2ea986f8b3bca7c0199343caa338c9136f216c5b4cb18ccbcb0071db99df3f730b172650fbf2daaad3fd4314e70b75a3087de25255c1cea55519048d439ec88ca9840c19319fe746b72642a0a2b8d557759c529fa14ddf559e36cae639ba786d30779f1bfcccb5dcee98a9377d45d076df062208d65ca623cddf2bae233b395dc77947":"1501bc2bc0f94c7caed9eec2b30d3febd3d7a6fada1031805e176f53a46e6e5f51376ae05c640f4f76a414bfaf064d7c"
+
+SHA3_384 long #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_384:"1f5619064d40421f8d25e387b2dc8d5fee1f1fd44532dfea41c5ca79e81c2974eb6d6571208a1c6632bf74b198feb05cc339019e9c109ea52dac16929eebe5c664bd465cb5ce49f63f6525bd198ccfa3fa71cceca90c43ecb402561265c9b225f20d65cef453f1571add9eb21fcd14bdf98d28c4546df7473e8e31fe2400b81bfd276acfc5633a0f2def8698910aa5312a55bf30857de13f33195060c3d61e2fedd1fc6710444fa8df658678568baa87f493363724822a5bfc6b5b3f29940dea2ad4c39fbd3f56aa9706455958984c48be0d38e119c5f924ff4cf9a44081acd21cf8697eb49c789bbf996c437e79b2fbf28c6b374c8e7721a584d296efe724712c04930ddea3dc05bee7a23eb0750628f7d87740a525cbda56da8f1d1e0c9c4fc0c2eb53219cab6ffcb89053d6d56d5735b905050dd11fd77b18d841b5393df242f8195866ce0c62e1d3dd89d9e2111114f7bd8c6adb98a17a04540b9db62fe4186fc52496822865d50232e99fe11addfc5946dfa68b60bfbd67ac82bccb99adacef96c097002600400b3779111db04455a94906a7299fb9aa0888affbc0a3d36440343353902fbb8ab7934317ddf9cd87ad6d0757fd7c18abb18e9842dc77e0aa294885b07a6b1f1bceef4f9a682000fa2e5bec9c4f2062272869477a693a5ce5737abe980501b35b18f2a380074b6516f3babd6066b3228636bfc489ad17cd7ce671e7f27a1affb35d4549b302a38544c633808a8b5cdd2fa3391559f134bdd94ad608a621dd8c89648f4919a14fe7ea6d6e3f0206431d8c377e44d17cb9b3636750279b4273e146f679a99c2c771372b11201b01f916904ba3759d898cf388205884ebb25038753dbab7323ea4592425ac7cf7c1e6e4afff30b5a588b9ed39eeb2584ed12b60416dbccaf9524dfebc43037b04e4a0147e5aba351389e4d0c1fe2d0d21950b4e2f9bd8463dc226da65efb08ac0eec73e81faaa6456019046b6eb2313e272824a8634b7d99df2c184c7a82e2cba44cebb513b8bd3fb744ed79f123efd300e22edfbc4b5c58868a07647f8e6e16f8b292372a9d904627662dbd11fcb3968ac6fc0e6b86cca9b9836476d5e75394f26690f5cc20c66298c9efbf36072491ae1bb3bddac473926060540ae4553a4d7baf0c77620b079bf0b35908c90aebcb552b7e7570cdf91e636a01a913a0cb4a79d72e465224fdfa186d931f30ceaf4c653c83bc95680752aae693dacc8fad92d62420e906344e86f83fc68cd51b191dc897ea1db15f45381e1f322677eb892d78df07e8e402a24878701ad81eb9d1456484dc1d2c785ad7a55c04147a7c0624494f0ecc5658a246814ab68a756f7ecc234a81466f7cef3728e4342c3e0acd7e2fbe5a1cc3fcf58af913c32a4106c8bbeb33001fe032ab619000e8f62b5d85431472166093b7441cca146841ea475919a6858130e864375cc3f849fbaa3cd77cdfb468212d513702da95ce56d8f7d6ee3b892e02f0d83a30ab147ec221716b3078cc78e5fb92754613de1cf172e1ea4292872d1c5e575de62f9cafd3f9c2e867c7026f376442a7f05b367b9a22cc3b1e93c7a6069ba9488536d706b79bf8f729b39e759cd02874069ce713da507f71892690c2491096a215aa0ea8f56ddb3f7f26e7b19ea70d8592bd370b3862c3358c332ca86c24e6139f7289c015d932697008264cc452b9819ba66f8c3dc1602f2ea2e182f73e604529769074a046c71c053fa46e9637f4112a3fd6bd6fd51e06775bf87573c8ceddbe9e6bec1d1c600145b4a63d9dbf86dd4670b6c75906c5626f46b8ab6729f68663d2615114c2c6bf384f77e46052368cf72155d180bd1ced1f4c6b4c5bc9a0e622fabbcb0da2c1ffe6f95e896859cdc7453afd046e60ec4c8e53577fd71096a502fec281912318695898a2553b3a143539a3f488aa59fd2ac444c66d64669f6c0cc6bb9c27ad95a495158c6f635fd07fda448284bc0e172dca08fe3e893382e3463af14358a8fe59a55964ff682ecc4c3105f1202de902fda7854819cfdf08b1ba43ab9fab7c1c2f914b722fd011cf4544cf87868350854363a5eb26bdd2f97e70c730d8a892b7cf60d2fd25256fa0121d888edb49ad6aa7074f318fdb741df46eafc915d75097e01ad84f09eeb0085ac41a4c4a046777d09a6b6079b12e3bb9bee4be7ec11f830bc844ae04b43bcfc53f6b0af83ee6756724e0c10ec8661d75684d573ded6844f870fe633efe7abdfd98650f107e922b13ae989c76a78589d172d1dc77e391a24e1dedb5de54d499a7d7efa5b84dd3637d3e7a39d9d6f44874e65a94572c0465b6d4fbee0c3eb12d6e02f012183211e34ddf6edf5ede1a2208cbcfc8024f2755d79f0f55f245793ff723529f5ab5b4742a965cd72d465ede322a17c0a3d4643a5a851131b5f09598ed41fc94a35e24debc6d2c6a6f962a469c0a1cc4604422dbe68feacb80c86b00f665d6391eb6c9e9ac6bc6dd4c57e520ee73c51c6126c80124c3806b7954643fba96c8d5f0440c5da298137beb10f635cf6efa0fcf02c074bb2bbc58c81ce81ce3dcbab24490530145fdf98b7549c74de801a3e6d26171fc54cf86dc96a86060163f94164023079e3ea16154118abf30e137a9ea91c9436197b5c73d0b8132d3fdc83e4a0c8491fc348d341fe85c46a56115f26035c59e6a2be765c44e2ec83d407ea096d13b57e3d0c758342246c47510a56793e5daeae1b96d4ab988378966876aa341b7d1c31bba59b7dbe6d1a16898eef0caca928f8ce84d5c64e025dc1679922d95e5cd3c6b994a385c5c8346469ef8764c0c74f5336191850c7f7e2b14be0027d884b7299d16a3c2feade719d7cdccdf62d20885a0cc41acfb8ccddd29ffbc7a53bb18f477d86b3f0b018283e3ca71155444d7a59ad063b97730975a1de4cc0c4eb37704c288aa96c97fdeed3140effe6a8c68bee8150193c9936609b8143ac711935cc145cd69af815082bd8ad54f84eccf43395344222439dcc154c1380e92e3844f93ca50af727a9bf65db631988e2138f17ca305cf530e3431a202f74e540eaed9e217b884c7fe89c3337dfdd20352ecf9f1a0ff0f0892c23d5c41fa04f7d8388116f6aef096534270a9a7e105cdc716e3ff11dbea2b0baf6de847e837628a4bd0972cdafcc7c2ed8525fb843ad3c8dc380dc04068a5c22249afdc6af07d6b0e4dce84e3af4293b38a11428f79fd9d667f8573d7925cff445a19c7283630c5aa8021c57212ef0ebb08d444a9c8338ddd40cef3486f390a3c278fd2c91163de46f1f9b62e2bb67b2e87d6c97b315de1690450083a07242a333877c3f689fe000b29bf21c0048021338d7f99adbb63e231517379556306a851163a6356a7e97121afd9cccfa53349f3a4377be66e2dd5":"583678431befa78e113f621fe22396ed963c825826e9314faaff5b9a53643552dbe0f3922b28558c4ecb26bdbb2dfa30"
+
+SHA3_512 long #0
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"664ef2e3a7059daf1c58caf52008c5227e85cdcb83b4c59457f02c508d4f4f69f826bd82c0cffc5cb6a97af6e561c6f96970005285e58f21ef6511d26e709889a7e513c434c90a3cf7448f0caeec7114c747b2a0758a3b4503a7cf0c69873ed31d94dbef2b7b2f168830ef7da3322c3d3e10cafb7c2c33c83bbf4c46a31da90cff3bfd4ccc6ed4b310758491eeba603a76":"e5825ff1a3c070d5a52fbbe711854a440554295ffb7a7969a17908d10163bfbe8f1d52a676e8a0137b56a11cdf0ffbb456bc899fc727d14bd8882232549d914e"
+
+SHA3_512 long #2
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"991c4e7402c7da689dd5525af76fcc58fe9cc1451308c0c4600363586ccc83c9ec10a8c9ddaec3d7cfbd206484d09634b9780108440bf27a5fa4a428446b3214fa17084b6eb197c5c59a4e8df1cfc521826c3b1cbf6f4212f6bfb9bc106dfb5568395643de58bffa2774c31e67f5c1e7017f57caadbb1a56cc5b8a5cf9584552e17e7af9542ba13e9c54695e0dc8f24eddb93d5a3678e10c8a80ff4f27b677d40bef5cb5f9b3a659cc4127970cd2c11ebf22d514812dfefdd73600dfc10efba38e93e5bff47736126043e50f8b9b941e4ec3083fb762dbf15c86":"cd0f2a48e9aa8cc700d3f64efb013f3600ebdbb524930c682d21025eab990eb6d7c52e611f884031fafd9360e5225ab7e4ec24cbe97f3af6dbe4a86a4f068ba7"
+
+SHA3_512 long #4
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"22e1df25c30d6e7806cae35cd4317e5f94db028741a76838bfb7d5576fbccab001749a95897122c8d51bb49cfef854563e2b27d9013b28833f161d520856ca4b61c2641c4e184800300aede3518617c7be3a4e6655588f181e9641f8df7a6a42ead423003a8c4ae6be9d767af5623078bb116074638505c10540299219b0155f45b1c18a74548e4328de37a911140531deb6434c534af2449c1abe67e18030681a61240225f87ede15d519b7ce2500bccf33e1364e2fbe6a8a2fe6c15d73242610ed36b0740080812e8902ee531c88e0359020797cbdd1fb78848ae6b5105961d05cdddb8af5fef21b02db94c9810464b8d3ea5f047b94bf0d23931f12df37e102b603cd8e5f5ffa83488df257ddde110106262e0ef16d7ef213e7b49c69276d4d048f":"a6375ff04af0a18fb4c8175f671181b4cf79653a3d70847c6d99694b3f5d41601f1dbef809675c63cac4ec83153b1c78131a7b61024ce36244f320ab8740cb7e"
+
+SHA3_512 long #6
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda7":"f08819ec3a9a9806a1f55be4f0e56bce084e66fa271784974bf80e1bed7b2be559ebf5b6396ce52f7db7ef45543965f83064095a70328489178718b491a4100d"
+
+SHA3_512 long #8
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"cfa6c0413dfc1a619417ac3f80fd38247b56941da8c2adf3ff70cc5dabed1875b0395d69d1200b73b1c7820b38868c5b38f52bf3514a96be12e27e34601d95d21c6f51c700b4edf1cac4b2079d487418a4cc5f34f815f469c4b44ef1a7dbaaa9597026c59260c9c22736c49d76ecf7430500b74866cbcfdb5e0fc4fa46cf5ee2b06363ca4ecba6d0104440348d191ec4a4bcbc9763152ffe271a69b805a0b9656970913dfd9e8c02cd16af33a878f083c926f48ab79b1db969fec493aef6c31accc1378867808440a5d5990490b07568bc66e9872904a0f46ae25ef4077b85ea217bdd12541a9472e2a9840e0d6ab55cc4a523f782f8c19774efbd41dad506bbafc90c438c14c780cab9fab9e74eb9452a0b29438a21878bcd4c6be4edac4e77bfd14a83d6152253a62e826de503880d37bf82d10924fab6bd23f04308a9660499bb223afcc5afd1bd2fa592d0322a9a30eab90bc7ac22018e99d2c8f573554c85b019d0c4cd75e359e5e9907082a8d660b353588b5f085486d89bd97bb32335cbd8b9adf7d57c72c078d9d08d9c09a70e43da1f1fe5b398ef08d2e06111d9a9b25a893a5d84cd643b0ffab8ef2755f781c1d6ca49":"3a4c2c9284c90515cb34a0895d0374e87467ffbbc7c1dda3239893a12aeae3b9951169fe85605ef7aa2c483662f3a65c72ff12becde50c23ec6a2bc8864c27c1"
+
+SHA3_512 long #10
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"43025615521d66fe8ec3a3f8ccc5abfab870a462c6b3d1396b8462b98c7f910c37d0ea579154eaf70ffbcc0be971a032ccfd9d96d0a9b829a9a3762e21e3fefcc60e72fedf9a7fffa53433a4b05e0f3ab05d5eb25d52c5eab1a71a2f54ac79ff5882951326394d9db83580ce09d6219bca588ec157f71d06e957f8c20d242c9f55f5fc9d4d777b59b0c75a8edc1ffedc84b5d5c8a5e0eb05bb7db8f234913d6325304fa43c9d32bbf6b269ee1182cd85453eddd12f55556d8edf02c4b13cd4d330f83531dbf2994cf0be56f59147b71f74b94be3dd9e83c8c9477c426c6d1a78de18564a12c0d99307b2c9ab42b6e3317befca0797029e9dd67bd1734e6c36d998565bfac94d1918a35869190d177943c1a8004445cace751c43a75f3d80517fc47cec46e8e382642d76df46dab1a3ddaeab95a2cf3f3ad70369a70f22f293f0cc50b03857c83cfe0bd5d23b92cd8788aac232291da60b4bf3b3788ae60a23b6169b50d7fe446e6ea73debfe1bb34dcb1db37fe2174a685954ebc2d86f102a590c24732bc5a1403d6876d2995fab1e2f6f4723d4a6727a8a8ed72f02a74ccf5f14b5c23d9525dbf2b5472e1345fd223b0846c707b06569650940650f75063b529814e514541a6715f879a875b4f08077517812841e6c5c732eed0c07c08595b9ff0a83b8ecc60b2f98d4e7c696cd616bb0a5ad52d9cf7b3a63a8cdf37212":"e7ba73407aa456aece211077d92087d5cd283e3868d284e07ed124b27cbc664a6a475a8d7b4cf6a8a4927ee059a2626a4f983923360145b265ebfd4f5b3c44fd"
+
+SHA3_512 long #12
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e34acd510cb32ca5f97298a3829244bb23322229fd7a07821dd40a8d01582d5558873f7c0a3d00d278e1872605dfe15dd558fbc1d518c19bfbc88803cf64a9f72af06fab3d673420d6f5c6f8df65108927ddf63066c980e77b153b1af79fdcb7dfec2785ae1a0fb69a151fbf180e1867a229dc1eb8768a912523eb7b83f00dbe01e22db2643cdabd4cab5824b9c14320cda47435d40829bf815a5fce7a3e8333183c4adb67b6de5c751e3acec966d7dc31b7881ac165a29a182361bae573873faa6146a8c07160bc9cd68d6650e41dc254c8de788777404971e4b7e7cb76610a41b9e9c07654ab04493b199357255dfbc04140f52f244af414062afe342f59bb64acfbcc9146065d04b5a5fee410dfaefd887439bf5607c58af282a72986b77b9ca243731a31b8ef56acfb4e028dea04910742ed42f4c0e25a0f8789b063c2716f038a5e18fc0ae1c688e12cb684c725062474b9bde6be730cc4014dd4aec3c667379834938f445cddb120400addbf38e449d0443a1446a1297bb79a9a4f02a10ca6359e94d2ae87218f803105801866b1dd2037c066a393389b72190c2ec72be5b9294421ad8f8b1c8ac8a8af561ad6f7482a3958c41b73c18cfa7231345a8b7ad63bcd4508318f560bc24c11450fb13df1b7f30916f8664cb5174c114702ea536735e205cbdabc567834c632363d1e0c428e0ddb4480966280914fb5500970f9d2dd2a6bded33aa43be7bd1b12ed46eba2792ed636fc2b8a542f242438b544f381fc4e7e296430c8baa3dad2bf685062793efe03d4b34d4d99ba7366e54f8fc9da59f54694d4":"a1416054e488c1e013762d642b2c63361b33e4fc528149845606de20998bf2afec05da53067477a3c27ebb3c0d24ad3dd6ed390335977f129f1b6b1526c0e0c8"
+
+SHA3_512 long #14
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"0d542102f215c793f81cae2e79e5ae58b4439fa0d05577301eb6b2a19ff5f714c645f87e7e759a436f2256077d2bdec0926504109e90d8d3dc8a11f456c3af84abf1de0d10051c23955d9e3daa3bf0c3e176dd68f56f8eba0c47f6f7394f6d2345c09a57afad975cf135507905fd2c8828def04fdedae00e365527554f8178181b1bf605635551150b1332629859da38ef04066e5fb915f7e21c6cb4a0421a8cb568b8bf34e593776c5d0ea16a3841fabf52e66d83f4769c99048fbd357899a79c10a92c2b45a5aa9b7daadd8380aaf71e2f5af34f744b26e2755617150d3e90577c91f54f5dcfd520d9cebfec1b5d57970328a8cd1fdcbc46d78b6a48e751706e1338c2a915592184db44eeacefa241af37193604de70874c92f460d7f01a6e6a3c653a3f568ab54ee9d313cbe6c1ddf031f542fc9a50af7c0e5a9fc90ee0b3d261e2051b06acba066d42d652e70154e15a8477be39c55b5eb384cf262bed672ee975cc450f055735ce5ade48d9acce0a1a8d7a51a515b37bea3c99f72e87b0073ce737c357deb56274e3d4b5a60872f4dadaf6bdc488e05a1948a543fff7b9e3c2ffed9fc87efb15c7a55fa1355e69260031910b80680a83aa719a128685a84de38797e1492f52d62f6728156ef5db28f65bf342bffb587f037f206cab78a6ca0745dc8fc137e22e14f3d7183917ef832220c56a6b8bf3d58e3ae15a561adae4960365b31adfd2a4de0f13b37e0acdbeee47af8c6b5e030db16a82e36fb16d22f887d9543b6f4bc1f58484ed25179e61c19a58aea7bcafb0d6d6ae10de86860c9599e17b0c2f740bc119d3ce16868af502df69db07ef1f4564470be88be14e2bd503252f7566760cab98a85e3a9fb8011bdf8918733e7c54c38541735e09ed06218c4c785e5e784c19c7aaa677aa51":"0cd249160510bdbc1a117600ed8dec1b68b541c684337ad39e8dcdf84bc7a9856cd8e210098e1ac47fabb3af0a4313a4a70f388b11ef53771651d95131936ce4"
+
+SHA3_512 long #16
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"802c4c6faa7e25b79a985cc98b972847a2dfef587e5f7205101646e4add583f46147c0c987303ee996f263753e556a0cb4875aec4a62345a42ee7145e427ab26ce009b2a8ca74393680b6c5b839c531b2551a02c52f0970c9e8a92034244af066e5ec6dbe16d9e7eb8eb60c483f24b3e9e45aa60bf9003e2cbf19267eeb6f55dea692924af0ab5722d9b25f666e2ba3bc76a60d0b8cbe0a6722b57b91005e7f2e929ac4c1e04f2376f22a53a53f108db47c8aac36627971e3a41cb41d2b7ec8f14a7389d55e5bc942788c6d772a99ee6c7677183f02e8e13cc3ad5465a566bfa13eab35d7d347a52fdd67217ec91e224ee509b567f682e4ccf1e5c12d06acefc8dfa07d5bd7a963998139040e9313d5d658a12853b5cdf93ecf54aeb5d797c5d2be01a4d3e3e7711a147089b90121858d31dbc574b920aaecbc8861a290ddde594a3d60d270885a2bf7ac2700abbd9dee1128316d8921566139ef8e65bad595c704b215ca16128b49bb5a5077fb4eab737704e0809e56a836c8088991be2588969e1e584d4cfc80edcff9ba71686b1ab7c3f047707126fcd80751e7a93324235256b09cbe7dccd792b618c99f7b8988258878fa9f9a18e0cf485a2d0e8287f284cf4757a03109fbd30e25e264bd205037551d6e7081a2e0773b8fce44549772a878111d84ff2a6a2928afa943a5d62f778a4c1785c06b687a31714fed01f93037e1cc52ff40a4bf0fa61482bebe016260c8938a61ced90542ca9d265b131397ad8cc79c519e0f46e0f70303587e38958d70723b771552336b7771f631107d2593d9a15e4e7fd0be57abe9bf835ee235581266af482c8d7f5ec87e13e182ac766578c81d286e8f61de2536fbd1e8a4ce4b3eef6a578cd145872e3023fed217e6acbada5d71d291fdef03896cc693e6ccf1568ad127aed4228f29368aeb974612c4402693dd449ecf04c74f66d3f93ebdc4e9b7882b1aec92d139dfdd3a3acd7766895b64ad4cfc71a9d0f79e8c81031d40790403f449b122f7e":"238726f9c46f44f3457be33cd360e9a369b31280ab718b01c4b8e324e40712f8911aa4220bc5f0e9023f47f48028fa37108dcc8938a34943775617eb129bf7a5"
+
+SHA3_512 long #18
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"1f93eb3cefd64eca5d7ec36cb7f21d768cd6854262ebc930a730f7eaea4e2bed4b32a54530fc1e973a185c6578aa058eda30b114e8634222b35d784e0c01c01bf5984dc255b86a32f06a0f55958bb29599735f9f85d50b660ce6266b40c26f3d050b0c3bc5d3daa165bc02c3785dcd93b3e8b969a10acc04981328ccec57e05962d40a39e81515ee83565d3788e8fd910fd7e4fca5cb2c02412ca7f67a89ba7af63b6e432645c421307f49392df4eb9595880be0f7ded36aee78ca735020a5a5a88761e2e72d8e405680ee52cf483eaa2d42549b010b6a448740bac9d8e44be460020a9d93931c55dca17309d6ad9fd5bf4fe7b72a1c9996f3cc9e83789d513e06f292fc92401567aa2a00e7abebb62033f5edbcd9d7076a1c649f269a1262bc83a020874cfc227fa863bf73b4ca2a92717d8e3078065dc7e950e53ca50c2464bd54ddc72a8eeba4be94d6355a12a433622ff19d6e6f42b642d7974d01533f409d56f04392c017ded4046db5058acb0cec523f8a23db5f3d0f43dddf15af5c580bed8283ed584f35d2fcad7c1efb4824f8309f80ff115c6738dae07c4be823b2f062bb10a41f3ab2a0c4bd110b2dc2846f0f3a066adbe039a6e5c8ab0ac53b5832fdc2711ddd815c26a4c6fc36e8e232373838a4ccff93bd3fabbdf5bb0f4d52bb06c02ec25acb3c4de4f0c605f450383af3c0e28d461efaec76e6e0c48e00a671c5dcd0fa5dc158fbcb62f6e218b39e5e87fa49157829f8968c6bf68e0afd5e3e823fde2cb00bba19a24514341db36a8d3e0f60cc5d5bc0233675bf814beb82098410e0c219506a90b1c0a863ccf9a6ae5e27af1bbc5d597dbc2cc205187318ba14785f2361386e4640fc3bd7eb2d59a93069bf685fd6cb8a66b787833b3d2a387a9fe2b7506dd025972154f742f78c66fcfe171c0c6f1f347c3e96617af0bf6dfeacf1e6ad949814fe567c2d9bfd46cc0a0e40a08cd05c6145eb78099e34e040e8c814184258ccfabcc33ae1bcea8fc5a1c0c05ba7a08afb0ae4b4e16fb394997f1ad4b5d55e76c11a9116796e646f390a3c21b42488b2e91351d253b412e3600ccbb8252f519d5060e8985e7913ef0e8eabea15cd2fda13a85b5ac637fcd57dd7":"d75e227a5ad2d3ea262dc663adac6e339126163ac683b3e62aff92653a3de00986329e4c6b79c0af3ed614a3d10135279b92d6f4100613f41feeaffa170bd098"
+
+SHA3_512 long #20
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"09ab78274714140e9e25d81ca9a1cb475945094f39fb2296f651bd311e29813f28b23579b597250b1576c8a30d93a1c7d7ce636b6bd258c3fd900356c7ec055408b53d294ddb3352efdcb76fdd80c59a9bc6acf88b1e6f8d6cd86c5520dd3b90b29dd95d9748068a3441ebaba1d00069ad172d1d2247309e4a133e56b165ed9c2d50513e1c47655ced8cad7de2ea1adc13a72e03b7b5609b9f28c28303ede11f81b8edf3633e1a7021a5450d2638db9ad760f7d1d2cfca2f73ff40029ddbe0c2b7bcf5a4f496eb6dd874fb84f8210b4c0128cfb0fbff3500cf8000fb0798b22dd643b07b58b8a1fc1ae0170add0d719997e900c8bbad68b6ba934997ca8d1f07e637679d160a04c4f0d3e0c65f64d62aa38ad040993f2cfa3d2065fd6d21eff8f07f6235b6f6db6e61359fe1058f02a62cf388411e1e49745f0f9a5778bbe9aafa03e969c1e3f0a176ec9d8357f4bdb63b0c6ff2d0b287cb284831ca74c5d7c20fab4461be39090636e11fd2defccf02d7bdcf7c3a63aea7a0b37180e8a67feb345fba46355fef44a9fc70f9210fff3108eeee06e19a85b2d039a4a15cc6a9cb73079440aebf6a04d726d71ea99616ecd68716b94fbdd591bfc01054588d1f0ad38b1b76b2c041eec9459b6afcf7ddda4a708dbd0b3666ef7531ffc26563a8515dd39411c8ca3ea986420504a49c19a46b919b399d6b0072fb75b7130ab00b4817c74a38794527de16065d1429eb95f142d28a558ec66bc25872816ed0dc11960b5084144c99c5348278ebc4114e186ad51ca03b64ad6e889412a4fb3e4f82e3415489cdc92fe054d17ff63ae62c69b72e552710aa8ad36cb83c6ae4dc7126d9bfbca28a786d40e50b05c89e2fed517f556765ffe5c46015cbd8194e32abc41e8f711773e2bcac9039f1a71975f8986a5038a32d9fc3de2cd5cdfa63c963265ab95a30b28e85edfd612bdcd33fb7062229b228c55fef1458df05554b28021236435e356c042ecbd38e9aaef31591624ce8bc3eedaeb0cc42ef67722ed7f1515937676dcccd210ebbc52867a17fee7693933d2bcd136ecc9210db98335f97ab6d9c5c21f770c47e5c10bc4e070636089c341f388f1691ddef47491082475be7177b2499187581e35f763eaa4a31d2e112d249ad583f81c7019e99234417a7cf01dba91d5565bf046b0097c4958928c99b76a3d25317a652711cb316a158e229d3c4d2f5d6c7e5aa29b4ade4":"2c1182eee0a90b686a14e5c7f7bd47f89d44d531a53c84e88c459c1460ac7d2cc7922b7be672596d55654cb388cf9b3300a9f31f18fbb45f89a7dbee27ed462d"
+
+SHA3_512 long #22
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"85ff5f072442756665a41f36cb2c99d3152f3458bfc3fcb5cc759901c33f7311f8b41a490c7ee4b2b70ad84dc582caa75ffcc8ae8cf1b5c3f8f03410f393c81cbcb3399c00d8398d9ef3477fad50d434c0c6a469683178f4fb22ea0f94d498f45b6284aa0738bb1ea1c735758a7efda1bff591325c6b8c6f5f7282a6afe92cc05d2bc5182986b38e48ef6ad764f38e17e5f157b16f873a5dab4ac67c4bbacca94875c2916eaa69041bd1ae4c4499cebdb822be8da96dcae668117c3a702fbfd7a6a744bbdf8c25a9a3d6c97c315707bcc2f18e6f120584311d2e6d8726304f71fe2b133e83152fa46766821033157f3b8bc48efeb338af67520b610c76a5c29fd968f7c3632bce1eefeaa2b052bb8063990487e393ec95af900f20716776618bbec6b8f285b74c3fc4c8f2039732505b761a42c5ba0a7c325da2715d028b745a35ad1d72f3a2ef2e6d6a37b20960374caa6c844d317bad18442c1d784ecc4337c685f0ecb5d2001472363c64b02e7f5ebb641823ff257088ca15ed6b53221548fab6f707d131c6185c96c8c295846eb83369c5ee2cf20daa79c6a6de197334b558a8fb6c51a68b63b2f1a274bf4b4e839ae25256c1c9cba7d8a51378a9a9e6a769c4c3c23c18951cfcaf9321366965e676398805c591f3a76f1bfbe20aaa7446b37019b29b712e6cc337637103c8fc0a51d52fa04034cdd1c79125c4446026b9c015c3e475989c7b8df3da0e2d4e5a17b21e0fd23b99a14e676d5ac460b14329181c8affd2752770e54abf9dbce5c934227cef40bca8b746d718628d658715bd41eb36acbbf0197450a4dcc9b9748f8928579895ce4956e0a0fb05c55bc9e29ec5ec8f9236f1b8ae5869f7372be3f53f4c17d3777664c844497d0b154a5ff3f32c865c5a4e604e478402d9921a1a437e1624668fbee1539b5a053b243b3090e5fc2067ab082521665cd54a808f00c16d0fe71984ada8400d5cfd5e9b3526009cbf24762e6e287934694b12a9907fb735bec6b6fe4ba2d7c1d6cc3c2141288d3ffcf9528a8752a0d932cdf8b7287e6cfdab2a03a7a1b55fe050da9d5f661f7df63c07c3685b89dd7c40c1c54f5ce629ee5f7cca24b6ca2291528f49fcacf119eb06b69170f3b677451990411b369d36306122d12093ca66fd655307a11b87a943e26e834956c2b75d47a334c3bd8cdbea3986e1413e9b744b108ea1f6bcc975295897629c8c93e5ec526166eff99b6045700ec12fc12794a4dca8dda2969fc4c3f199f6109e134919c0319f46f3b30c688d243b9324540d305009844eb1f2e03934dc074e93282a0d1b7da670b2ba287b182f1515":"6d87f523d51ebfc11fffb33357ed7ff3e4051f58a52d45fba208429ee5b53995e5129d35e3b8d3448a3f56d32dbfdc762a1458569c839a4a1c57b4d69251f565"
+
+SHA3_512 long #24
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"d43522210236c67e4981bf3f441b941cd52c5732b94ad76160fa16f3fc74fe7ed9a74f0bec7ddc77ae60f71a2bfd2aa7554828539fc0023ac7f49efef34666b100ef3df51743b76181368927bc203ef4cebd2c18d978a7e7f0e9745f299c800bf314d226aa0fbf04690c5dae200b3acde6944dc990fa2c3182e1805ec5feb6535a1ef8e8ce6a5c280fe95bf77e4684f845d471adebcffbe026e5aa42f0f46f53dc169681abdbf6941ad56b49ff5a863d9485820d137e7abc83fbda55d10714d12203943a68eaf51133d975eecbcea6667baf67312f8f138c422ef8dd91be0b96d4edd95b2e1fc16702fb612c092a4e39a15b0861688b2d1a0a83ec2357a2bd6a99dc4f2c2403c25e2e45174ce1f7e580af914de5e6f92f2c84049e6f4c3a921419d9ddf5731d61bd60bf7f957cbbd3014c571e04d061838b57b8f709970ef35efdeb6bfd42f5044e3f70825102017f8521b763084e4b90ff2ca7dd3862a6460eed1be28dba1415d7746006c69b4e53d3d6b804378a40be50abda3945d28bf4ed907028ed0301fa21a697f43e6d2cb6b51262e9daa9c775457b58f478114466c38ff2266544441df47e1e35ffa32210f17dbefb38d6691da74529f4194759035891a9c43da566e418a4fcaf5163b9ca50c0d3209b37ad1e3eb05623709b5232733f9eebbc4feeb954bf394c7ed5774a9a83aa4149f41be1d265e668c536b85dde41d8812b6a64037177def3cd23e7f9976d49478b363bcc2b0be1aa5f4013eb5f3e5f6fd21d51293876f18c85728e3f0e27ba18a9259648104b50d387e0e944bfdf3c9ef9913c956e617dfeefedf685c959059eebe8b3be4bcd3aca853ec4d0c5cb76f5e8eeadaedee3873353b9a6318eaa30bf99a81a94a238a777a1832bf63baa155be65b2cdc4fa21912f90126ad26c24565fa8c5434de359fc223d7a721e72622ba3d00428788463a8328ebff5f594a4b7757bde804c76b2b935261bfb693e5a3f9330676175278f36e299fb8b1eeea4bddf8625e6e248352d2774afb1e058fa300119551f475e04bbb4546d90aaf494c7f25a43fd8bf241d67dab9e3c106cd27b71fd45a87b9254a53c108ead16210564526ab12ac5ef7923ac3d700075d473906a4ec1936e6eff81ce80c7470d0e67117429e5f51caa3bc347accd959d4a4e0d5ea05166ac3e85eff017bff4ec174a6ddc3a5af2fcbd1a03b46bff61d318c250c3745da8c19b683e4537c11d3fd62fc7fefea88ae2829483871d8e0bd3da90e93d4d7ec02b0016fb4273834674b577ce50f927536ab52bb1441411e9fc0a0a65209e1d43650722b55c5d7ef7274fb2df76ac8fb2f1af501b5ff1f382d821cf2311d8c1b8ec1b0beb17580ca5c41f7179e4ab2a4013eb92305f29db7cd4ac3fc195aff4874ca6430af7f5b4e8d77f342c0f578f714df4728eb64e0":"3e2fd51b402408073de5e665b81cd82052a11805345132a80f769f9574779081de8604f9a40699db3473fba4807eb1287dc2eb3e59763f21d81737b0ac6915f4"
+
+SHA3_512 long #26
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"211909dedf08fb0d8aa87bab8d45f6894b458761625e5fb031066ac3982b3015fe25f9d899e934d2e97f196a86b68e031c164788b4163248358f12052a716947c5b59cf624925228d4f41d38942a5c185bde60e89c4bcdc7c8aa43e915ed3ee97eb03b610a6d1db952efce3c3d0929710f8718a8a265f9d3f23f4797e00976a32f001e41d3e05c2a6b58769f0cbbbdb540f8b8f14ecc7e14bc366438132cd81ce28c8dbd0555d92627175b8886a8e08df61987ea29e824342d77e3f436bd2efd9e3cd0fd2a335a538f14c52035385aa13ad2cfbcba22b3d84eeb0cf2d2263eed6cf82e2ac9e2a859aa38fe8fa0d4f298130bd68e89e0f2aa2578265b6eced19553a8f16c6bca8be181694dfc4fe2721b8aace6891f8baa52bd077b56931dae9d5b345fea9753ca931a90f98fcbcca0d1a69d45d4038ca3781b81510cc87b9fac8c84c1cdd5e52f167f964b729bf844636fc63b99bd49a5c349ccf1a595506a6aef815e3cade88013b8618bca47d02878ed1012fdd62c78db4ed2a3488204d8818b118060a8c48631cbdb01c258ba13b92961102ad59ce3693279ae1d18ffb196681d6d614de10919c2ebf47f5520cccd2aa37f484201b015fdab5c4ddeaabd548f8e6e6625a7d172a478ae2cc6691c5ef8bca57ea6c2a586b84ff3005d6bc360074acb97b77fa5e57a6c75ef33fdcb119c96cbf588498b656b4dbc5d1bab8d65d83bcc1d8bcf4e1a4bae92f02544a1901d1738d570fd29591c8dff8da2d3e1090b48b920290095b81f264d5824a6668383293645e646490bd5f604b87a4988f4a758d9c71a7b4068ffbced4fb68be191d7b30b6d738cb1229d72120429774acfb455753be5a717d1f158bcfc655bdb63209c00769e372a477de9729c39c3ee423b26d5a412ebe49c00e20088b87e1ca166ce5d88f0af7c227b416da632973ef442b3412929b16d703142021b375c6cf2b1306acaf05d6f5aa263494b9a5a008ed4e401f2b3607bf68e600adb6b5d93fe0aaa6f6526a7cb98f7374eb2fb74fdb7f6a15c28385fd6d51e245ff3dbea586e7824b3811af6578384a5c604dc4dfd18b2d29cf33e1846b6e9774b89106984ea04867f4455b3dcc45096f768c64dc8590f5f077a4ff29341f83f14c69044df19b5b81bd95e44220263f02a0740dc25211630e6e6f255841d526603d1e5e131a493a3cf66bd13f1e6c69da808d262dd18cd2d805eb0a9e3f3ffd260d396aa4232a62de314fb8611188083b6940447b8e73e3f1f0b0f57766a086d73f32c05da6cf73f9e0a9f07493f998c9fd35ff37e36714c091599c5062b741d835a2e5cc0fa8dc2497131fd63031a9fa9ec6acef7ac6c3d87a3d65c5add4bccda2f2416bd83709c2c7039d0250e0aa31e08ad41ebf239fbe1dd4d843c299661be9b979b99afa9b78f3040e758057182444eb1b221b0e06d5fec86a672b75cc478c60e531c283ff9bad8cdacc493572364e7fd8a628d677a49f80928c52ea5dd50d711a60d933a4cf4916986305ec56ec5fa1a327631d80ce6285f74":"07a66b976af9b5982d5d776da8a7db28746161bd43a43e562c136357b0aefa7b8c33b8ad2af6add3b95cc962cd9617341322fdd2c07b4d65becc43a80f3df2a9"
+
+SHA3_512 long #28
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"97a89d3246067de18c799589040075c9e0d2083280a2c7a944222c0c9ec66a196bca5b8b8376ba858ea192341a74f6b1eb70f32492b2c32f4276438adedba8ea56e66d2834c88f9f7264fdd68f0c4a5fe28ba6fe2d690c0e756abd211158ece70202bb51828566f5dfcabeb58a50da9b6b2c0908784e0a0e8605801a5fc6a0d614292d4d9534a6517edcbe1934c90c2f315a048a9ce926f61d5075bdefab2b803760ab66945db779f7a1e34cb5fe49e1da1d7fcbc1c2c690e1518451ea92f5ad11b11de2a7890135f12116953477fa7b0f7d62140d6254a27b129620770066244a236b0af83eec4f1565403bd9bd85c3778395adab5036f5929b9170bf7fe6af8bbe7d26ac07e08d0a744787ce575482bb3600dec114d651cff25f8aea96dd147c8b3b7eee6945b9785715c138cdcd7f829f8cef78379a7eda21e6b61fceb31cc4918e59e4ee83990914903142a85a8475c41f27f740ec435a30103b86add08f0bd95c01b61d02f663b5a21e116f62573cafa2cf67b73369f825c36348bd9c35fb698fbc8d7e2a972e4132d2d0aa4dc17e68fe2fef24d6b95b0ae9748d8680d63a4b0dd3919a644613c12793a5e2828ae3f5198fb8103ff82be669b77c8fe2397087c08ee9f816c9b93c6baab89d6b7a1560dd37e903d5f112c22b743e602b2746238e34be21aae9cabae55f32666f59b9b1316eab83006bb6a517f3fa81c4686329610f379b866eeb447df93bc2f6ee7aeefc7e261a282dbf97157bd97b13c471a020657df01420c6e01bc2fa3b6802fd2128ad814fb500d6a10d5503d482031591b37fb7a7bac70399a70098582e5ded519c44e5aa0faca3c9e7ca9f1778ecf90301a50e49e22a4a7409fc3da1aec7f087408a79b49ff9cd198b20d6c95d48c5fef41eaa5df312417b2afe0f9f5108aecafcc966f4cbaffd99e19fcf7498df218b7334b26b554793b5f04d39d97fe7d122b847d3f3fc95da50d291b39f9379b3b0672d4efc6f91e62a4433e1d8a12efe975c4ee9379b740d46443ca9d3b5de2677b652a897abb8e3e30ff630221da3df32d024cf4a0e143d8320eada9766d520e849ebe5c4708331e737df4d415d0f1cfafc11aeb4bf3d13104fe16d730e28490a0840300b27bb783ea63660bdc7395df8c95faefb14b736f4b8698bef159d4be5db98aff5362862f14243931cc5eb49321d54f6a97749503742cc5c94e4fdcb81ab3d8a0906929507f54d0ce8beeb88b2e23aaf454fbd06e2d75007e9e10f74e75e75eacfffc1b988a59ef3a81a02c380fe57005804d902fb5e3fb577759deb1ede89f7d0897d777d3c7c71e540f8a2a25bf41269fe66ec8dbedf8dc4086ddb2e11c1d8930d8d77eda130ae269a95cc22df580d00a42b6b9de179b85a0349ea20e164b6a1f1ba60e0bc02d1f38fa1ea0774cd18a660f22835ae545dc1ccf7c0fb35bcb8809fccda5e753902d487e3a35a01995be19981cb5c0dbaa57fcd3f06c7f40f07ba7d8b8f70b41f6b52ea24a0226d05ff3cb8a1fb1be6f1b81e6deb648c08a6cad7f5be241d61fa31f4212c8867a2592c3c231a60792142bd2613c1815358c92a5d6e2f446e64137f4392c3043287dd096b43b4a37ea7f5dc1d298b0623ccbf4fd650a49569a5b27bc6a6":"767272f34a51e2ee0b69bc9d7a8b15f71c7f1d6c392ad37b4d2b43d8e989f076ff7167e368639eaad6df910eacf848c5f47979935988265bea455a15466876fc"
+
+SHA3_512 long #30
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"dfb77844e75f85583be98d8b02b601d95449ea7c954cd81001d31bf487e536f3db399124c73d6e0ec25c1e10c381750157d77b13f2d464fd8275c3594acbfa4aeeb6f563caf118c4884e7586f243435a04a68b6c46b5258e5959e392cfac0cf740b80cc9998269c2b847f9b53605532d843d83513af7020aab08e568bd905442f8c63e1ddcf84b4f78cd126538ce8dc1ff24c98875a3e2bba3082fa3bd7fba733e69f3293a5ba5b5f06a285da0a6d9609ce4c7d9a0c1afe766e32b0b768226d13c2793b35cb45e3a4aa5a36615951f508304e40e635750d71f203f6791a080a5178b8684ea0a6027ab06ec483fa447dadd0c87ed656fadd3f448d581b5e2b037fa1a34648b6692c43d1669cbc7da3946d2851a404f10ae220de2541f8b4e9ecf0b5e061ae7cfdc58285c83b65540dddc89f604cdc8433b0e9376240abaef33b572de6270a74d262d9461a2d390dc1be42be7ad5d790f3cddae8dad0aebca55305822b12c73e85889a8ab2fe821b8dca5dfe07db70a7c99d885ae56e7c6e9ed8ae5b35c17f2a95bb58cc490beafdc0668ce6adca522923a4741618968f253e4094018c9f9cd9715f969342f1de34e83751f0c32ed695a0772092eae56181020f692d9629aacbb6f9c678173cd65183914fb4fe75889dbe9a0069e2b79df298b99027f8ec1351b51e8ad35c395dc42128d8aba63ae271dc61b60386999f0a50c39b991b43813c1a42364d7893ef1d2f527f3d50eb7ee2988293e84d07ef28c8a1fde973ec5ecb54e96b3f02c914bd2c92b5f28513a83061513c80bc9ef8ee6ef949a19933169fd3989c3071453934978e1f53c920191bc57212854bab66cbc22de15a01b4331a34b43bba4a94f7040e991de983ad2be54349a83e80c9933150b4576b33ec5edaf6e0ec450524c8bbe048341c4b276b2d596c8044d28618cfa9213e6db647d4427893006917a118bcbb1ff474961b5164764f1d00d74d61e729f8e8c9ff535df1584f2a8f28667196fd84c18aeae5692b3865e12b05abf92851a00918759b36580479cd3f8df16ddb361b3db7b0323cd20e357f0bc41e58f3bebaf1c1bf8c07f71b976ae2dede67e9e347cb939c7e27096652392bb9111be9dfae456e43b23d5efc4c86218189fa5393aefd96f615c221df30c2134b109c6b22fe6666988a60e024fd91641c908f98b595364a53b598cbe7558c5b00b95518373ff7532480fd2b243f2f33166ea239c7af28163bca15680d450a5b6067f0416ac75abc8e427cb08865b216f590dca74861259324cfb276cf63ceace0a8e8975c4912fb2c2b69f0b015cc7830839971c63fc13995330a788c464bb807f8988a8a19b2a784c84f6c49c3d0df6dd36319bfbf8d82139097fde260f4155ce39a8b52ddbc3a3e958793940451c4f3ecb42f9344dd050674b57760587a4d45d6692a64e9823ba00fbcf74d3bd1c1695c26f3ef84522b143c1d65647120b8695d7ee83ee1c7145fb36a17d3eed35d449e162732e26f7c93632a588d6f99ef1de566352f4add6cd41cf975a6a1d8d0fc2f1c3a0be397622a9656c149884879fa1a9991d48947ad93a8e58153e954f5268b939cb8fc6c8430223d20077faeb18449939ebd21984f14e3d8db6a19ca122a3036dfe8b1514b4ab347f565aa5f5e231eeebc57a831d9de5a2dd437d7cab09db950740996d83fe0a601c1e28cbca87ce7056b2281c6c666787f1c6b97b968e7838ae9aa1183da8896f515ecbb5":"c6844ef20c8d121ce80dd8a3cee4f36501003232dc3e71519de69a4cf77329ece5f08967517804941bb00d65a864a0e82df5b5452d3700e4cc0f5b539ced454a"
+
+SHA3_512 long #32
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"1d024b761257e905688412b42057f150daba54c4ec7d5ef4b5557be82f24992dc47a9678635cf48dd245d45f466b227931430d9c5b47baaa34f739c2691eb8adb556f679facefb63904b07fbdc6dc8822534cf97a4c24513da63da3127cafff2979e55bfff356550499f91ce0ce64a34609484fbf07667f650a0487b91b1d7c313589a939b179a1ca5475c21fc5d1257876b131166ea891c3eb669e8d05aa9e9d18ead3df5fe028f4e4d4e3bd45a87b345c264212fa6114e4aae27c20c4ddb2d7847760537710571e9b85166bd65110f3fa05f73723269521f8f694f6c13d755b08cdc3386f90b8921914ce8df071835200dec4e5817f7f0636116d9193303292364ca0e0d1d7ca09bdf260a61c704eb8e11f3fc09dc25f2bf2c18a63b35c97377d725dff165c07e02aac9146b2e3efa31b55cc3ac095a1edaf956fef9a290f954edd6ee5d593febfcfb1c4e27c32c2ab3000fec6926fd3e5dcfb82b7b01bf8463afc583778261af31d907ffbb0e3742b9fbf4be69bc7818efb72674eadac0dc4b24dae667678f914b4c72714f97c70ceeacf483d452327539b888206eb6fac9b554fe5e56902f5bef5c45ea0ce7454ef71df581d271931ce2dac6782e1bd513494817356c86abd3c71268b3198517d17f56e00289a003d79325c9c45394b981ae070eb1d0d069c27b75c4149ff9a75d2c5d9e4c2467ea6cf4a2774c04a60edd8d99cc1babf6d3efb38d3f54c6cc5cbaa63c16a7c94eb0a4ac58b9576adb3ced8d0738bb24814f241663c2bdb5859daf96fb2f5da1debd476450782eacbaab7a575839d864f847274cfe369595acd405a4a0d3b5d39e7a1dc3909a1af4cbc44b9294b9bb92e322c1fe6781258dc968847735e9f687174ded722208616797ed2ae7c49fadd7cb48bad4a48db5c665c1f4b8c15869e7cf9f81180dab4b2fa58fddfeefd3f45b3621da75bf408d6807471d0e4d0a561850d99f5e5a6a22747d132d7e1d3cd845af15e98abf84f49a3862c722e0e60545226110ec102c2c5da8dfe21056c4a3bdbb8caebaad4034847f7ab99c82d4bd94cba19c6937dbb313ad5dc45ba3529bede4eef2ae905c934f64f7bc233bbcc72dd5ff0a7ed85efdbe14f49a080bcf0afbb1a37d0d70bf5a236f41985f14866b39c8e524d2fa9d5284660b2ebe9721360faa1317805653d02729c015f9141bf1e02abab00ea580fc902a0c46264e31685258a688af48ff3f8419dcfa994461a14985e677d9e1ef4208e85eabe738e7e7eb42c5974151abed61c8fe11e6aa41c39d60d141dcb7d26b15296925aa5d2bfd03f1d60edf763f23e7bc8c208950a39e0344e3d6be2e11c0de73957c17c6e6f0c2eb43b330c1a4293e7ff0f0293e707ba4b884fd284f94898c514a77d57afe094fba724fdd39c0478d9990496f7b8ea2a8441c80c221430e4648f0df8d815d90d3e5cda98de67cc5fc90d6f3030fe75b3670132533ac079635e2ef7ce6e4e9cd75f5ba8be9d1c1eab5ee29b58c0262ee76c5d1b524f8c66a80a6af1689aa8c075e71a3bb98017500dd3af058b35ce6a291cabef73c0e6ad3511c99751ddb2d88b5e1ef02437e814d9ffd95a51f265dc1af0842b524f5d917cdcd13604b80b496a3ce06289251ce1a21be7f617868ae91f705c6b583b5fd7e1e4086a1bb9f087a50bf50f52c8143ae8b0516576828c15b924bb0c00257bc526cfd5bfe1443137ce33c3531ba16c753065bc24e95707e66a8626a9e49e100d9de8df840ff71bce385cd1da3e319444fba46eb0da747cdfc60d05a17ff5eb05d9d77c72f2333ebf95dfb70145091a1ebce50f95d47b69663e21feaf3ccd3b424d0432e9229":"b250f9455a5a90e3b7d2e2c7a70e42547b63550cab908ab514de782b6215584404971db76d6e2f2c604f0697bc309e7f53672b617c8967943a896ba260d65eab"
+
+SHA3_512 long #34
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"ea850f0e319762b788d715889a51d30b160d54ab0de3df249c900d37ca0acfa2b311b24fe70762cc0d016dfbcc1e4a0beb189aa6b618ad6ca4cf48a138c2a62225e5bc9eb56cc2026bdeee35e86b83060b7f0a635c97dfcbab54f005f4cdc213862ab562646f8843ec951f9fb6df84e5bf6b2d48c7087d28f7478ccdc7d52b5b1f072302bcb7be76d64f899f002357914f0489bebe118d6ad1d1a560797feae438a590e885ed6b837233b29e8cde04f10371a82e0b5d197b811ac226d2750694192c837b87b89851086a240523b991ec22db12fe749228424f496b879a5f875509c385238ac14ccae01b673a8d5c086cf6694d98c259c3a7838629eb98e4760e52921d4855af8fd5416f01a7926e7058c544e362bd59f19264fb82ba95addaa73ac2d352b12b695a758e7cb2fa98d297d8935cc62c3bbaeb3bcd005c5962bb070a7b2faa66dde342c29f60c58c813513777f3e2ad8a6269a50272b3aacaa211809e4bab63c6c047371ca334711d1a1b3ea3013f88a433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a1fc6eec93140b03a00af0a76adc3bec7ad2b8f786fab02893e6f62a8689f065da033d785a1090c01143438afb4988799b0b4446d50be9f2edcf5ae28ba33b129d6c19aee4770cddc2fe524f1e23536f94bb2d9058c04e519e57b3b25d7a30636891941ee6a9e7a32186ad52281c2534e48cd54266aa45bb321a8128508188eed80e3d36c53ba9b6a986a532bd76967006daebfba31c68a6457253a3295bacfb485c6594f4bedb8ee778ea7f52d50f97783fd21a82a94f8955199bb12c6b053f45e6ada81985f5a257d7dd867ca9f911a516183d89d332facd5ad9e0fe223a216d4785ee98237087771dfee68f87fb753a183ec32d1ceb713ac09ea10333a4280af98ee6f539e4b4c1d5ef2e2fd18f48a390b649e108b16309e54a7fcff1ebd9cb77190fb51bbaa0c47a0ebbc2291cf25e2a0f404a092d66d7236ddbd8ff69bd1b4ac4e75c6b7ad1fb84de1deaf12d18d64eaa24cca0c7e31f259953a2beb62866df030c5f8b9dcee380edc30ecc5802a8793785ed62197e3e462d75b1b259c25abe63dd430eac0df8f8be59920d0676413407e220cf8a8ed11fca908a6cbd01536367d88b571e05b846b0304955b0ba4cf9bbb81b4ba39b641cd1529150587bed687f8cad177c4cbe0563f56918ff650844c3761158ed3a63b7d22a6b0fd48885381b783ca24f5956bf6a0785d93afd2fafbfaac789dfd25c9b5d867bfd89bdb74cdc199e99ffa23edf02e524190be90f94f0d48250f3f9bb11d40558ac1081f02131ef676115bdb2eeff1cc84aeacf449f0771f640b2170bc5c615659de18bcc6fad780b9a1a127f599f2cf7014ff64b18740177db92c0cb21b44537357521a852bf321f978536e0c9638414beb424afbbc711ab742e7d85b01ef3521553fa10a4e7ac080bdf917398fcb0c5e5afa0ded36100f5cceda3a7fb76ce2ab0065ba1c0a754494991c8c452cb416f18ab115509e28ddb2848e9be5e4c344597f4ecb8207eb977e344334f814fa494ca3eecaeb9bbe6e028d8a645631fa4272fb823e05eee4a086b5f67719f0a58bb6cc3a9488d6dca9931156fb9a451bc3409b87796d676847f345bdbd7267bec6792d1cdbedf68976af377bca79ca2db10988e7e6821980740f0b216ec9224be1dbef1c07e3a4cebd9c278037bb6539f316e92aeb0bad330f2030a9f2e7c857c4253ac2803288b266a30aedac27c04671afe7d6f2d2ca8a006fdbdeb29402e7579e3597aea2493d5a0c08":"74aa96e89e9ad0f23e1cb37ed4cecc53a0af47a68fa3289dd2c91da6f8b0ddd5d290418ea43abf0f3700bef12ce62de3f9969d45f8410381153c5d698f1f4406"
+
+SHA3_512 long #36
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e6e9e74abc89e6f6021a4db140520c7c02e0271d894f0a1fc12e1e1a736e9934bc0b9ae8beef750695134bfb8ce7df5391f4a47ce7bf1bcd1bf15bc639b6f19a3f63ebead25b30d43033132c66142709c36154848c9a2abcf181761e407b13e3593803d96296be67bcc3cacb35a28ca77f715ebce1a8e2f52c2495a7f184a717f1d40a3dd569c9c71f0b9b61615ab834ac6aebac4cb1e87fb223e1ebb29b543fef7d279c9399f6fd4353ac75520150b8349522dd367ce7626dc68171ec86c2613a7c828004f1ef100ee3258f6f62ff3cfe3a2cd608d285a744549dc1080e9a88bc19447090385c086a022f3822446bc6f2a1301f287b6a551e175f646cfb84b95c9b95f59f35e4ee3efaf2f6d36e3c61f8115741003f3f74e555ede1821527fe024c9c9699b130c972119554e8a91b12f8d4c9c3f6e6ac0d80576fc0b1242c5e967282dbe674e8a1ed9040d7cabdb0e3da30ad2d74375826d7650e8a60ef3ae201566e4cee46b37e99bf1d09e172a2db866e2b08e1fbeccad2c6f1c6f93ffa902940897219ef39695de5517195909902e5d56ddba5fa0ffe59c442fce3dc1472f777fbd4d0362369214b07974fde3f61ddaf982e28fc6acc54a526b4868e2f905345ebfa79e51987cd3a6504752539ff5742d78ad1c9a53babb2c7774a1df3f026f0816d7ec2c2ca4af8933f712d32e53cd850750a28675346334dcc97500a9c56c1e7b44596c73a7ecdbad0a9bed01972b72b793be3581d0d70e03cd5f0199ccd0042573828cfdf5203024087a0bba5e327911ecac021a0e9b0a64e6cc5cbf671f5bddfbd4283c2aee19216719a9c907572aaeb20886ae5c03dca8ac497c5b42ce87dd33eaa8bea7bae93dad1761be312df9d68a502daf27c5d7278452eb2dee520adbb22298e5f9fb32c150efadfa5a1b5931dc1f81ad10359c7a15852387a84e67320d187352a0438864e90ef91de0a3db393dd30d28a3f79f08c63caff92f082f788b38c27529084c80dbf1cd89735bf26515f74a923160415c1d05fb02d133c627e30000cdf2de11bda034b5dd70a8213dfb18a47a6724460c905d9f354d45bdc87b0aa8edac295a73ec442c8a671d0a3c6393a551a3a7ff72b6c006f0e1b298c2d9b53534a37e993c06acac00c52effd8d614e7b8856fe026f6b9bcd63d0ec9bf759c30337742508e95dabed1295284bbc908c60f7ad09aa1e6c74b45bdced316d52c247a960912d3f05adf8bf22c3b2dc2dbead6f29e716bfd651cdff25747418ee18c7a9e5752b4ccb98891ce1085c74a2aa09f9b1e270da11fbc05694c98f7f968c2a3eea1829981533472fba3f710c56191d9b2e40ddf7853a34681133a82bb0e8187158c350a94c47db0296af182cb1d2915f864a879f9ad5d23e85fbe8a2a6f23b4915bec809d99cec9d5ba17a5d1b9f0c4da2489659b89641dfd66a766ede7338ce0a51b84022fa2306f35dbf26fc46366c6a8232ae47432953eec67b16c232ba081fc448d491292847442b0e10bc90b8c4c63f8125afa534a3b3571e23b8f967003d5ea24f8df0a26838538fa2c3453a5d9fc9ae46588408d60f67881c2a8ee7bd4a68eb397d193a6fb61c6c647a2d6340db66df99aaa84df4e93ce0897fbae3472f2a4e18cb6a9766a5d0cade470fdc74645f3da70ed8ac06281f4ff31f4503a7d5ecf176deac6254efb5d49993b54c0120fceff7eadecc13b658fde172f7eee423f6fcda1ea642427b13af1cc7e55cf0f9841d11a78057237a2f11dbe0984d06008f98cdf322e037313486ef4968b448d641f17eae87f23f5cecb369d1efc7165601edd6c5e6e33bf95f7f9b8306fb119e7991c566ba476d44d60d14adc5051a0c92227dfcbcf456bbdbc2a7db86da533b75256e36e3feb71a364463dce2ae1d0a8b5f4a006abb915ff1789bbbb2f817947dd60288c8bf25c65483dfc60e6b243834cec63ab8dff3cde9c9008a50fe6491d8cb08c33331be3178f00ed311e4397ed4947810700985ee0bdc5cb02993431ad02e084eeafc8a41eab37a6cb2c063c4b4dce8eb58e04ea89eda":"a598cdcbc02e98ca000e739872235834bc639971465f52cefe54304c0af4cc86f6e60e0292bc9bad2654bfde619eab534202675ef22b3b1c321fef534a5d190a"
+
+SHA3_512 long #38
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a48a4ae3ffa7acd035454bc8188419fed665629dc37eb21759f3f4b97da1d784049c763876dc37b11233f37612825890302d8c9868cc13140024f304c65516b79954efe32a9c61f50421dca6ca86c9cfc08f287e8dd9774940c9d6e290c26aec689bff0da350f14514f74c7ec9f6326490747d76bb0da65d21cae67d65509acb7b57ecde675eb048489d8c26963c5cf6a8c2d4a979d067f9ab0f68fdcc6770fbd972ff7d003066a7aafce4c7b9be0f2e0e63753f4f8a84c5e780a78a4e6fb2258ad28013f62cda0942fa9b89bbe612b4cc3da85fc5a3c368dc06ea4a72d029f09761b7c7cfbcd6171680fb93231b2f2fea3ab5316483ed8b92877868c0f29d050705ebc21547207931774a0e79c42c476e41e3deb393cad512ec9a0ac03ed60be2a8662b4f3581d698c5d121464bd2a562397c8e3b3921ef631e9859fb1a9bab30316e2b06edc1d65554d8f51017e9f1cd0cc66882debb808d04ba7cf8efb58dfa884ceac1d9a8226e0aa7b1629039d2b8a10a9512eb61319985489b3f26ed584895488f0860fe62eed1857ec11e89f12ae08f3d73c6d9aa8e8b89e0592509b42040a94363ea8a3dda90bc84b729a3f62bb19f862bd9eb9274fdc671cd56d14b8c71b92d5bdf155c3c2f92eacb194d88c3fc809bc48b619254c2477623200fc29310be7677a867671b9550d98656504ffba97ba2c643025135c45418e4ea89c43d05014540ab480580ac3d786e4874f5daa0d8c4b76b95781fea357e971e08f79338cac33d5180de725ba3f00d58801f69cadf28216ae3ae1a1c31d2c42354039c916117f602d69bf98ac868ebec3e77af0dd8f78ba8b49c2f429139f361359161f90d6bf32714e41d21f5098e6e74a5b4520a587e8dcfe965459eddad407349e85617e4bd260060e70972fb8044eb518082be748181fe3ec50b9de67928d5d23b92c7acdb6963b85e28876549d86b221c833c721cec0743557dd97ce08125d5629365ebd55604948b677c6f6f90bcc08f3fcc7bd736b39f1f8399c569b329f9634339c83457ad9a74ae98437cd6a5d4e19cb6b73bc7cafb2b0624ec9c26aae748888b6c7ed3247523e62506f811ef061a84414dcf0714fe7fecc31701426f46194ca2ff3e3232cba0f569e369a862fd43deb6661b5f5951251fbe6f217042bfdc76c7a8f9db9f45f1c5ad005905c66264925d29a835609b25855d1b8316e9fa9bee428f3938338a203d38854f8fe3dc83877ebffdf2f2858508e843af9e2d9e5d9c5bdd85b0b6433544549bd4ae8114aaa7614fa3ffd7b74f8fa6112e6ed6532b685aba66abef1736c4476a6fca67b1e0d94e0220c2d7d88b01e0ab87f0acc30c3a864d6391a7af2da45a19a84b5e5c2e058c00fea5b9903f48de39428a779408fa28bf04cba6b221ccd5d0079a2ebd9a136470c40f4789754be8e4e8a6fe6e27908837d1bfb4c91b2300b9151d9f7b2fec1e7afb68476834f246d300ab0afa72e4eede53d6999c229322f9593d783ff27602482a1782d885253f30120163dff0dea2dc11781cd23e0485bb5b6283b0ed9a57ffd986c07f6ecc1c20a610d1c6a967eb58930e0713775c6f25a4f58677274167ca911cc905facf26cd453f1c57a665137a62fe2009d684295fbb5c4a3ba85178cfd84164132e16a25f76f80b39eec2606c05b2305a6264fb92280197a579b4d336395d5b51148adbfec2a3671589641b530490feae24e42ce6744a355da150c02839d87466b31118d0b0a6f89280358b5ae80254ae22ed068226a1eb0a280f86cd621b78fb1394a000c86a8659da1bfaa6386ff8016665cf8fc66d825417d76f4c3b8c2eb73dfcbcb49257d9119f00ae627c3fb350f836d034dd16c3e57592c1cd4c946043382fb41597d6b863d8cbf0b43dd94d43de46519af20473624a27c57a1e9cd4460c17d04a5e4dedf78c6408c401a78e81227f9ae88d9e5d769e7ec379380a5369c29b587b6f253e74c3b33ebb53103eb3ccc7f247364e48c77a7f03f22247a55461a293d253c77483859fdac1b87c2480e208a3df767cfbfde512cc0e65bc92aef116ca74919957cbdb1223fdba5309916e29f3d7d48e3fc1e81f68f488d0e21f7bde458cb105aef5ccf46298e0feb58d77122b58d9eddcbb8a8e1dce13ea5c5105e24c40":"10f9dea4b2b5fba6d63e37612450a26a3ca900804c0d3ab8426d4539a1b89d4da38ed3821232bd9ffb1f27c26418072cf44369e48b86ec8b4015e37cd29ce5f4"
+
+SHA3_512 long #40
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b5033dd03db57f3da4ba033569a3e4fd0ff36b4bc630d2fb473a4d0300db4ba9719ef8f4d6e507600636b0d59bd6f4da53992807b6f8b1b8f9640d0923da13fe6eb87b01f0cfa0927ab9853ac16c16c0bb10b1a04c0ee5b9226a7a46de52b10f74f7cce1d49bd13bcaeb8c4a2290d31711010e00d09bf6658af39ca3786bad464b03f57aca7223c3bc76ccee0868b2481b13450d8ac66a23f8a87c083b4c900aba85feb6197c1d9219ff4d0fb91c3bb9a2ef60b1c1b8cb5d3630215e6d1ee2c28a25ed7b0be04710a83118937ed5f6d36d3c66d2bf98a07a0a35938b570829d8838accb3e6c729a633b134649fbb6cfe46a3605aca8f72e23d5cdb794133efb36d5da245f3584cba802aa96864f524a3f3cc55302bc5c8fc974f000e72c6bbbb104578197abc37b65942808915aca6283d5e4d3c2a612a32dfb60a3434ea165834eb5517c31a720084a1c0adf9077bf7ec0251660e8c20ebdf3802d2cdc787f2a0f64127159b8602c9f071be592f2a76c85f6796216d33905d7eefd0868496f11d0f4531ba67fa22f2d79ba37d4b3b0f981e9ab4a92dea872230d915a74acbbd73de671df8a556cac5fd4744ad84372926e6efa8eff3ce39f6f5c88b7840afbe6a0ab1d3187d23610c0b7d893102a52b3860705a3be8660ea075c519418fc95dc93c2b3b6118e74f8da8435a50ec0d7f973324b3d5333a6fea59d7a7495ea1005a1bdc3e1d9e2dfb117da39f546af78c0b08139904fed2c29a49071ed9d6c011e350ccc292377acf5f32a44083a6ecba5c8746f5116eb77079ec5c64391fadf62d8203b00a095832416e4e2526c573715157c4b044ad70e24febde62b160f019005a8af1cb3f4e8c7dd9aa3784f21519b32195b0e5e3857fe4ed950089c112e02480686b1dffe546dc1cbf5ce753591a4a8cc2df3c377eaeff9b8a27086b9ab5609ba5084a71a3c626df967d9510c7ddde41522491d2e4d96a9dc4bd778610ff7d534aaf99bf137523c93583d752e7c837e74d662bdc3f67eb9a4bab1e39fd2544525d48510ebabb9a83a654f54142441c27bc8f537c15c04b3b28da45ade8917a3de9babb89220155b5f1da37045fba57a9a68651daf04c51276231340a59aaeabff3ef1f55d2ad1a061cfbe5c4c690ae1413336d1f5772c70601973277d8d85b7e85cec59d5229b21e31a146a80030ea110b7eef73d39d73820ef6891cee839422a63ff4872bdbe5a637b3a3d99400d347974f1efdeb321f418f357f2222135e545f2af53be42d7a463719447e0a6a305fbe8e43e6279a91eb8f3c5db1fdf081bcb77711e205863ba538bb71c0ebd4cb008923a6550f3d922913f36bf00683c501b60f8da4164dee6c428172c7bea86ad3fef68f732c83e9a32542f008c532f2cb64d8b4a8a0ec5c425d538eba0b4dd67f28f0466805d56000cc113621c266cfc4cabbcd172bca4dd092190fc15b2bd7ad0cf7125b2299bde81148836186882592efa01f183d4f89bee8bb3b0634aa3405b4f43d740c39c905facf20f398febcdddb70f3d460e3d7b368215bae2132b72e27d00ddd4a1b4cfc928e55fd80325c4e971191731bee00571933b6e4a72b26d16d71cbbb64a90e78de6d69a8c78acd8c2a6d411cf6d8cd5303da96ce50fd4a958fc1be39e349d61fe855a61bf470d6409c6b4bf77a09034f2efc4194a310eb2394a7307c4e656d99b72c527f8f4b4112f6f2f62d2eea6df2a382005f28cdd122840a67af2d649c8f53dcb6fb2083d4a93fec8ce69be1d2e569551b57689ac33b67d4acf809ae29a9c54b1ab8308058ae7f4053494757f9d0885bdaa3eae08a1646ec477f68abdc8e1463c5dd46a994c8bed6947fbcb5ab59097e856c3608ee5a283a806dd5c37fe7480a0193eb6852a0059696af8261b02bf3a563d9d578b7b016a69fead55ed85b6a2a1402a62458de5b68a3021fc5d0ec4eb8bd134e9aadbf1718eb1df2e4b19380aa4751ff466f29c93401a01d47d345229edb4129d598303378ad2fb3bdd0369572e2a97e345f2956e2f9b0045180dd7841058cef903faa72ae2e48a051fdedae6a2d31ac57f0870a5ad35b5a4aa05d5788831c27356bd6dda2b38e42080260d57a70121017eaebed84d7c8a99afb6cc85b9c18592be45b7b3d872c204ba636118af27333dd14fc08484d2078a859b3d2a29aa80eda72e35565f148c380b0186b82fc7d9b0f3763628f7c8a50de82d97d45c3f6ccaadd137103380bb111e9ade94ad657d2171bc8033fad":"eed31b1cf35dfa5d2afe01f13448ee3ff01e89b6da29d36c93d9292ba8d142f96945c645a888e6a13e22532b6e3f7f434d4ab47e791bf3b0159a9b70d4753fad"
+
+SHA3_512 long #42
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"48645a050dcd38634f2edc65bdcf79462f72e06324ef96fb6f1c2a332defc55dfae7037965a701fca1e5b8d17d82899e95fa1848caff5eb9f161fae1c831c8fa2e26b511933fd2c2adaaa7436ce5c9a43123af543bf1c1e86119b21807c7100a4bea19d47fddd13cdc4751c1744062e069b54a905d0de60f290cf9e0d2f8c415b9fbd7ca11c926f296825f567cda7bdaa6779402199bf6b6b0027842110e0da1df2196fb324afa6c442579076dfc3d1b513232b458e218655ec3d745ac4f12382724fe70c8aa75334cf646de2deed02ad0aecfae002b75a59b16bdf28b04fc61f8cbb830bc2fbece18be6fe2a5f85b8f8db311f6fabe34fdcfc5d24f9774f2a5badf6c43f722fec50e449b1bbd6206d3ee09a0962fe37ff66296bf67b6e91d8ad629c1b260cb5ca1985273925e73fb7d5d77259686e27b16bd522c3fd1a9a49ab26e6084de7101e81dae9f4e6e745f1541c748fce60252e846c1c0e1d1fdb05db779f1c15b5d14250521c657d6ad5d2302bfb0d2398c2cf166aa24549c2d695a4d111b71bed8beddb77390b67f661a300828062066c830bb85d600a01c81f619ddfd869def28279a9d6ca77250e7c1c3bac9f1ec55fe87cd0c0efbce37418022cd06db4dd59576e31ed4b09330777865826c1a40ee7658af6118bde4d7b42efe87f4c2875a69d441a27256220960679dc7d728231977cceaeebcefede3232934718fe25565ea683b910f3e26c2e8b8f3f2d3c49ebe4b0b051ac439ee43d6984cf59ee4bedf625b59547313a7435890ef692896b7c5383c884cf642f1df15a4ce7aeb6fcbae17d42351667bae74f81a1a959e4578168788fbee1cb3fd9f287543683c2c82bb52fc22f1b01e413d0f7bfbdefd7ae9998016e767fc331b6b563233265ac3edee5afadd9c18a66b86e7de1bad0cdc11376a0fd41f5f6b522be904241e0ddb142f79f7dcbb68b83137c66900689414f8d68f9a487e0c02aac72712a0b71c1cfd67f51ba8b466ff9d38f54434795dc9a65f35e0cdeccda12b2759852e595130b27c178dc8f1db20b671bc983f462fa424bba508ead168f0de33c684576c72bc3b582776c4d88ec684ca628da739d24d79d0273b2895a696cad4b838a158486b9ee16dfd25d34997102c314af6b80d6bad8802a10da04f3cf7f075c896869be2e501304b7249d23b617d6ff8b32daaa6c9ca8061235a2b896e70465dbe5c33cc189fba8733a2f25b7fa765be67ff6fa8d37de7a4f22c0126363d731fa043d7cf3da351daf145719f73905bc599962516d68b8091017c9bba573d4435c4a451935ef43e6c329c17ae44229834d15a949bd7db9351d8b3bfeeda5a01c8b2e567c1827cc964810eac31fa43663498b383dde055680bff3a366ac67bf1fff370e201b22239eb6303f7cf9edd0bed7409bb84f8e146e8ff77c8d523885d030eab89faf5ced82862e3c13137d7d086f0c40539286777105ed43cd8fa688dfb8b0026555368ec440517d2fecd19fd28914c27a477cf41aaa7b85c1a5205c910f3d67fb9d4d9be66d405f2df698bdafae109e96ced01edde5f8bee443346596acc945ecf810796b75816e97c1115af256764153992e6c2d610b4bbfda5138430a1a4893f61dbbc5f18b27e7cd09fc3d0abc371b56f640ab7419d8beeb154948bf76dc8b07c3d77859d427b88ab115f24368fc7868b640bac7bad26be5ef1cfa25857e5cbdb1610516d2ca647ac53cb498f31dd54eecf0fda454c5316b5d37e9e4bcaa637854ccfec12dac762da4d4f663e0f7bc8a18b5c6c27e2dc9ebce0e8a6592ed59c82c9fc7e14b2a8803de833a3cc936b89ab823a88a9d787fd7d0157e308eb38a4db73df2ef91e104ade0abe29c0247440149af35754941ddc001f117ce36998f59734c0254b85c667c49c3920a2295d95e5bdce00af7f65e24b205f9a6f11bc37bef3e68b914f9380f787ecb0fb0cef2f25d212ab430129b868ee896536496e1359989a8754e33f3d80b11fff5134f2b7dcc1088296832f055f6fd704bf7a74306f0a24411bab924566041a382f092ed41272f8aa326b4072368d91a0920d97380833cce26e0e5441b16724811af36a2fd0cc294e9f2224a7f72efe6038689fd02cfada92d5744cd86ac187029c5a70701db9e5946311a34baa3c676d38f554a2e4479578d94543b398fc89e53ca6063e022172a4089f8506559e14ee1a1b7e56370246bd01ea017a43ff734f833ff54186ea19a716339182023c4d0c6741e4942e143588d6c94ed473b28d6af78e0422b1fd22c513379064b8fe5aefa6d14f03d063aa02df4bf26931fd1e5e22f9fd898b42d52589124b5780cc82be5f32874b25d8ed53a4d8b4e284c870":"72db99e7a99975cdf4792f4649e2d08a1beb53bbdb7b6b186f2e7dc03abdd649c43b3b1f43b7cab4da8603eb6327e9595f186188aa798312837e61a4276657a1"
+
+SHA3_512 long #44
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"2109959848fbc919af4f76595c42f41e8f61a908f8f1da17288dc06d4611df5503b79385cf80eca04ed6bbff056fedb15a7418c0bbe354b61d324c60a83595d2b0413eabe892a89bd2ea97227a7b8a9a64074877c346bcceeb880214099bc22912efbd94f9f8a51125d43249222e72e0976261b478e1b9647cd80b10d20c0f60100839c86c7b8c0a2edcb3fc654f4e8bd9cc8a00427ef482b7698fdc6950238191d6d9cda7e3058ed54943c3aba8c5a4148febe289e3142f8485b501382fa8937f9fc62d14f8b7a6026509275cff80312ff1ade2b5d9c274cb72a506a571439fc1ac277019814b599d762eafe01d263d123bf8882e28a658747988731add9eac3f45251c204868b08ec5d9e4a0ca60cda5b4f35d5c9867e368e286d1fe3c61c2e1b2e8bb9013b7b1bd9a334c02cdd6ebd0a6c7e8a8f1ae1d8df5c6a7b95634e98f3a97d4d1abe066133d64716ff02f9e7b579bb178fa220fccfa717db3f3bd2a31265af04bd88ad776f593db50f914ef8e109841357c6cc00e38aedc53dba78cafbe5b9666615d0bcf0be8100bb12ce4f119e61f4840333839f8a64a03d59818f14abf4e8a10030a07c78c9a0ae020888cbaacd3170b2080368280512bab38d5df12b1a11fab21dc0471a701b34e97e0473b13e60ca8db9fee1e6579312331cb625e57158dfb628ab05160cb70c23af60be342df8edd0b9d48147d497e0628026075d9343cc86b1af2afe082a806b1d1befc6146047458832babef497a1bc883c2a0608694dae797b1d24fadc2e0a3794acc9aa4d8336c58812ce4018d2cb65571271492fef87c06d703d4d52819b8f7959c138071e3ec2431df83fa20ff9d8054521ce0e0ecd2714b8a97814179995289b3f462374c83ef230cf5bb995e230d5268a0f8a37c92dff5afc13975c7ee920d5b66d29235d7c23ffb61cc620ff00355b3ca63b0716459bdba7a862ccd5ec008da9159ea6790a46df4f0b6e1daad6a4479c0a86e92efe68bf2e9eece5192e264799c7ea7ab579e953eca008089024a0603aa4f44a9dc8e47a037fbc31c32030880afca31c7d4b79f221632a6e296ac8599b1e09c7cd259d90c8b3574f6e528dc37f4c4f183aef773e8fdd5baaf1297a883fde4ddd57a50297e0e2347a6535bc8e590f44da98d66f9d8a67026b61d145708b5e36e7a7c7a203ee84da5f625a3b4d4aee2aeff1b0d1a39398b51c0602a7a710163b9337fe0a493403bf7ac0309884a74177d4ffdf3bc55e0aea39483e1fa060aee25ca2b889ec73e76a39194932c900a1a205fde20c872c16284fc2d41bd0ff80b1a052a7cf7200c85136d814b88ee997301f7649d27d9042e5cbe0653acd4f34300ae21c495e7cff0ad08713985ab49ab86e13771bfd2d29b93a3b71eaf9d221c408bbb666263b240db290d640911414919e400a47aa453309173e8aaafb1ad2040659e6c45dedafc049afdd4fd66aad521c7673f3f99ae75bff640009259bdd7690372dd259e72ac8f21e8914af3abd706531349f5f70cf283f3682742dd7ac8232fe0c2ececa0d8e68777a4d6006dd82f50adca8607943046340827a5850b7bd7af8f2281108c09709351148bd518600686dccbd9116fb6717fc709a5989878eb4c2905cc5260c6950f1ee950b9d3f5f2bc4952d65dc40c6a9d4dd429604b48c9ce5374b5fa4198bdc1882b0cf6c6215bbc9c6a6532bcbb9b56439018234a72d7fdb775244f5906507335e3a9d21a6ba94c7c186eda7f4a6a7151465c2abd7e7fa1fd13019ad098b6ebcd190e96f75b45359166d99b344141b81efddcbdcdf42881cd533423ced658f2f9d32389847a953e845b8ebe032987f153bd8024a15d3966cd3fa5327a499c4f611bd0f5ea4f0231fdff768a1588a4e5978e30a663411c18a8de3d0ffc78ebccacf8fd205063f5d5a35b774992e9005c9379d48c3826385f0438e2027debae2f82739253df3cd4f11f767a41a2d1031eef85541f4a96f5038a567d52252b4b418d9277d6bf64084e185968bc6bca15f252bb98a4c118bbcbe13ff7481bbf2cca725f95f11763fab4370a2700185b9ea164218966c535f280b1fb362c882fb792dce2d2ec0fbf11ea2493a155cf0d06f4cec20dac7c7302eaa4932446930456607122170ed102b4ba86fbbc05b866b5b038a30dbd115d54d1600ea8dd65c570fdd9274da182b34dea064b6257fdf013a049ce72e2aa784efd8d74a93a25fa6c32bdf95aeb4d5b43434b8a7a92c333898baa4a2263704e5936d4ce11a6fc2cb4c5c5a128355881fe8dfec0ecff35b67d38031f07888a66de43dd23c76712e2af7e98269dc6cbade690c6f6a0e678015870fb560899204843ed4f7bb3c58ea4c527df90a3e8cf6863134c337d8fb79c83fb3af50cdd5c7df2fcd2debd0a98fa5e8641e721e18c38dde0377f6d41181064a16907fd9d648c51381055cd7c5a6de2656734fefa29a8bcbd30":"c69d1e7b32f7300a89291d2fe03c63b4bf50c6746003100ef82cbefd20468ac8536c697ac1cf5340ab21b15e80745665516e708f028bb37728e2d13440d4b384"
+
+SHA3_512 long #46
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"97586b625a8aa48ba39ed7e0134446b480871e853d00e6d39b491d32afb51f9f563e491077bf5d4f88642807545e621ffbdbd5483a35c2d2ec6980c4d1cc662b8ff9ebb2f60e0c738818ee0d39cbc5f77377f4145d3776875d6c7cc8dc6957f74970997160de77a2aca2721a4af337e2f143c3102f6eca99f5385a6756f6bcab8c8b9b753c966782fbeafc54103f7f887b278965374388b1bdb662c8c9da5bef603238e512a0a4bb7dd8d4e6121567931c0b903afd1c7676bbcedb14bc7dfc69ce4db9e96b63f6f63a5541f6d8deb5a8d9d71eb80a625e91f9690f72b84769c4ddc466abcd4725db3b478cadeb033271bc737c06e57e06a97f6d440b44a069a6967f8750c3b4f8118798fe32d2eaa696ccc7f24e16d6366753c4c306e8f0c3b8ff676403d2123941262eddae15fdd9bf11bbc7b526d4b8737f54d48c2c9f40a1236245ea84c9ae1221f371483da39293943845659cdf53740b07bec59915a8090759712d6041202d7fcd0429d1439bba5c24b286005ece12fdc3cbd8b6bac39ab53531f5eee3563948a6dc785947badd7169573fdbbbf2f65f7241ee0bf758fa34dccd6ab7151adf8465425e5e16b8a4dced7cb9b45d87c838fb692e213231d18c388db3424032c73cf27e0367185cb6a49a691c13ac552f91468bc17fd414c8c630b8f917cd67987835d88efcb570bcd156658f801023d4713befceae46ca86e8ab9863bf2281fa3e169827a555ba5d6c0bb93a84f1ba5fe0c2dc7e34ef1bb4fd93731ac1a94897987d05f8eb6004427ca0ae46a6b7e377e7c39cf99b36cefa0acf9245a5c984148d526826553e141209fd8adb6fca64c48c2675666a85adff19473d0df4e9fc1c257d09dc6c57b2761c0a9520669305f0d9d3b0ed2a437e6c31e3bc9a3573795569e63040b614a816bbaf193e137890a0d6b294b862d70ae85b8b5613f0cec3676075257abddbbd99f1d45c5dfee2cb7e8aac6bec9aab191c9e2754a0ae62a2fb13132fb30915b8a8c361a7a3b03a8032fda77bb45b2673b0029ffe6bf597deb988a69813202b62ea3b3e423bb0e67564378c0e362bb0df4b8fdb9c9950d53e48c917a6c18c8383086053754b865073bb41446a9a95b126954ec3765544848b51de4fa2e6d587e3a93a8888fcbbde41df22b6d7091e9110384640d4c55b0c8d7bcd35d4a9819e4976d2c6c275d6faa979e2c99fab50b965d97f38fd111cd50c6fa0b083331a2f7e162ff36ddf5f0b71318a6709a7b28fed2302953a620f47d0d45faaf8ab28a44b3259f9cf61de7962ae20775c25cc7c70bbd63dd3e0bdcba053100a7c3a3164767259be3024dcab4499afe0e14f27e9b54c031a10b2adc74694bdb85508bfd7c77d362cda4fe10bdf993c8ce04b4a3c857c9212380167a5883e6d9bcb3c596508fcf82a140b7300fa57d162a041bddfa8f38a0f95f474cb2ff9299d28ff8876ff96a89f25801cf25f7a754a6b5a0938e65af3f86db45ba3036ff8a5b278d27275f44d7556d56349d4ab312c87bdb5b10759d6b50968a493cb45e29cb3d0c2c133beef93ef33d06e22920cf03d9449b0d2973a2db139d8055126ef68712eddcbfe9b96e138c1ecc711d60e7fd5044e9f10bd274aad4f7e605bb828f235bbadf9a1334b4778a83ebd68203fbf97374be58972a5f344d11e0cb2a39422469eb9b1e22f15adf90f4fb9f117a899cb55c8ea055fbd10bfe741711e903be1ee00895c8b37fdfb011fa521726450f5b8854d164c2c768a66bb6ef7662726157309a66362f20a19d9ffca5eb4ae3fbca7f063d12580d94781722d06540f5ca71ee0972c300944efc9d946d97f9e7ed4e0be91835a03ec3058370606aef1e58037aee421bc23b36618d29ff99adc1427ab166094b15eb92d3330825f3d74ca86069a16a9d0e9606410145f25cf0f099c5020576cf339482759852879c94112a3d2cdb42b320352d2f7c70dc7e4df661a1606fe73e83b9f04135f80bc1affc5bee56f4611ab18919916123246a2f6328b47eddd12570dc8aea9e61391f757ecbf85a754c203d0269fb51e550ad1f975d629ff7daf0957cb0b6341685e29f18e8dfb9d67a602d518ce1c13fe7b399337e3056465b4c7c0ae058899088c7974b3128f7a062570cc6f0d9218b601a16a819a22441d8757f07b8362157984ac8963358866baa71460344360550304d3265ae3cac62e9281903a6c37de45ad8dd7a7de30880a94b7376e5acff370ec9570cba643121f3b0f48f1aa501bf36ee30786f5cd097e5421f92539251a8221b0f0dbcbd65178ecc7bfaa24f5f50c3175c00963a8109e4f1a4f61c8aaf1c30bec4d923acbabc20c739e6cc26e94175d0cab370e09c6f3ee6ae12befa8a1ba12102ff8db6a478303d98c406c021f9c5a706f18df37530497d8568a966551ef9fe6401696fa4e4638c2322c0afabe248f69b5b4be7cde59b32e5687a52a2aeb183425f354c5e79015f5373b849e9b3666bf2514941e8f7bab328b29043f5435e7c38997fb113beb013c4572c236db5a4639663f47668ff1e5ad9a789cecf655725b120b752772de645d01":"19f109cb86236a5ef1eb3064413da5712989d87ab7eda21313d72471ad577ada2632cf058a554cf2512c821a0638dc343d62744199c2ea2507ab0fa09e740faa"
+
+SHA3_512 long #48
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b8fc129b4d456a3fa1cc832b81859386066bb9cb556849ca897565f0ee02cdc97098f7c353bd63352418299fefd5d434b24b729512dcece04d1d94e97037fdc7ca8e0f93a0a05a6c222fabbe9ea2ddc4f4a9f24c4a2063bb0036b350e6ce4aadad2581939cb5faed845a3210f6b45941b3cc617764fa55638c06ecaeba8d5e8203a6764bafc6e8bf33e1e61c60d2eeb0d9fde69fca336ae1d7d6658a533dde4eb35915444299cfea160cee6a42c6441b4d84a94be3934b3ccbed466c19a67519a5868705bbf855771422728205560489f7a9d30317e1a07c4f95b8dc748fc9ecc175f31684a9226d176d9ced124bd603bfb48c50cee710aa4a14e363ccc182ceef6e82000374dfd406339232d06c61908decfbb8706b44cca6b3ee88890549c817b85c4aa22334b4c8bd7cd9a6834e38499a49c56536e4ed4aba01d41321c6e1219ca87cc87cc8164753836afe564403db069dff161097121e7146ced3dda021f5628f1fdc4944016a3dcf6e3fafecfa2b7820ede9c005450a1fe2fe2f037f907b5238ba48504f7e19c2876dd054ee242238fa174710d78df60e00ec90590d379cb3cbd5735a92943c2bd3ed1b0df18aa68d520599c6b5f3ca84c6215fa9ef1d3ecf72f8c52eb54bbcc0dc7887a49d32a0c1504045ab467d6eca5c2402b9d04a4aec53aca6965fab7fc9ca957cdf9c26f91a1e4fb5873335ca28eb7de35156c7a95396787e5838bd6e8ec5cd6288936e97e1e1ba4f222323c7e59bb5683b299b414c64e5b53de9887157f4a6a2652d10645dc40a7d43bf4e4b4b9353fb3ef2cefc1ee57ab30d1a14716b7faaa23f101647d8ecc6a6b4afbe3fa0fcdf03215969c11340bfe190726a54138f61cbdde48727988476313b9a7b8c2dfde1e8ad057377719e3ca58d9a9104974c528509526ceee6b2a288a1298e183abfe211aa9ff40881267a68ce3a91673fdd05398901cc830a9ed312ad03fecd0f6a6ae8e0cef55b8b01009319f97367526a024d269bafce4c72903729d0d392f325ffd4163b7c58d756568c377f3eeb1a1dd22ba8c51eb7f453625fdb3a154e30182b3d168e94e7ac4e05bdf075fadadd1cfc39d7291f26496bd0f28de7cdeb0c6c758ba66e42f05411948c0b83b01ee48f08e17b6fbd0394e26258057f0350d04965278f83905b15c68b635250679e779f7e8a5b3ffd361de0a0fa0cabbd65c3d6847798768510389573a98b852742de73e79b403fe9a72c8c133e691305122f3c59e48bef29f804a7d2c67fc9f8f26035cb7ef21a883f090e428de65ee23f5aa26dd72f9585f9c3243322f6c5e396460ab09a3976e2e4fc8fb55049345dd48d3146b64b11a0fcbb341b25b821ef16d91c2057ddfc007f4c37f5ed5b3f7cb910116eeaa80a83ea36fd14378c84255a5e93a21da553e9f9422d89cee42449d72b696ddc0e2934a97aaaa5c03b968b4b2097bf545a23a538269af959ac8ecc142661c9f34416bd23cf6157288e002ccf664efd64c4163d2640a5cef87a230c5948230c961478253e7f4ab0d74a6a0dcf77e3e7b6abd2b8aad7778f12178b118fdbd4bd2f44f875e4d18f3a353a7b38349c7c02b0d7ff1eab3437c40e4c6fe39c259f65259d3db4fc0c557dab25dcb4e41d42d8bb10467813a00ef656df778b6a6faa8be0e7f0ea6e79c7009fd23589c9425cf0401d4fcdc96124ac51984a10df001db7c8eab82022600a4b7a0a2dc0ca53f2d2a5c7c125b5bfa06e6741917ae5222172456d3e5dff0949e6a5956c5fce972e0754d64488bf04aac400a0f3d1631bde42bf3a29a9efbbaa5a863b9b71bf573616b31282ffcf766c37847f191e40347bb29e17220cdabf552d87c462fb84db32872c422091cd5f0b4e5ba4aa6966b520474acdd18fa65e73ea0ff76807056b4be32530c947a105b292eed74fb8bce6f78b2b24dd393cdd2c16859d569c2a4fa8b008a2232733b18789a3e2b0152a0e2505a9e3ef138487a73b537ed3c3dbce73793c61d63c6baab2bde38c74879877d53d2dd4ae2366a30de0e06288830031d1c329358b8b323a5cb6179c4417ee672dbc1dbdc373cb78858e94111ce481c1ec1837e5ea1e6ea7adfaa5dbc7cb14275509e367d50b994f38ccd75238ee46c3ecffce3b9afc093acc13f711a6adf3ff76ace59a8df1ba704e2211ef84aa3782f90156fd442de93be289730588c57136b82e8d1d932f1423ee18aaaea71f3d4539a537f48fbaf8f216e2838116197716421642ba8ecd91b040370a584a553e53d773d9e824aa1ca691a88e4bf8b4eee53dec6b3726d1185e6d069ab5145523f5f9f3a5a1aa053fa17a62fc2cd59bbcecd039725d044590779d0ec08cae26d573c8ae01e6cad34829fa9934ec55d8cb732483bef4d030e341f7d5e5a6bfd03b156b2b56802c1d1f8739d4a053217101c26055b7c4319bf805a4e572ccf05c3c230af20d3877ebac035e9ba729e1714820ad34c594d08db70accc6cdc4e9d1c2e4cf8c8cd45343d7e49276b1353cdd87d733aa502e550e089a95fe60565137b4a1e0803d1c6a2f8874fcee2640dbbfa62d193ec0586726d3fb2a17924cd197f9a2655687da61b6a7f9c58a6f12661e8c6b88797ddbaede0076b199ca6d10f87b2f8797d1d4e3e01cbc14d3f273840323d8a7e1ef7fd43d7753530a7280b76221":"d1b2db67f3b0539ca9c4cb755343efe7076e0c28625d3e63e98b864c98db3184cebce0f2d4fac97c36920f7c6e29ec3c801986fe9b30e2eecb4b4e9b7707d755"
+
+SHA3_512 long #50
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a23675723ccfb3decbe4652fdde21951fd2f660d1f0473803f7fb8cc44f4090d2a85d08f60f29a3e6fb2d55ddd42d77b51bd23a3f7ade8d42620cbb041ffe678db9c11381e8a603f6db1edd248a1d72270278a7b4c1e41bd8c88ca100cde89d4fba4c0d73c3f0ecb0c0b35f7e6a9202ca39624fbe6028625b7df3d536e38fa07d3c466d383bbaac996e835327e00b9833232778c8dffbdf3f04cade12fb53ffbab258a94bba33f20516f76ecda4ead0d65220d9708bdf00f7ff7a12217fe6296cbeeb482aca2d2ba86c97f8ec03c01b4848f6e8220e52660ac09a17eedbb6bc27a486c051d5e6d7e7c1dd87ef971bf5ed6a020b69d1f68d0bfaa355d7b936066015b3b85d87f17547d940a264d96eff5a47ead9c4712bd46ff01e627872f4b6aa84ea86aa3aed924cf569ced8353976036509d9be5672dabb6373b44da3733b5b7493c1c4793bad6bb8a163a654fc187d43f761a41c6c0e52a73bd1c3c52213176767d038cd5c25389590177b9337452c673c28321d57fdda3def21775281cc52dfbf587391cf98181eae30b48a6b9a95313083d4e3f717b6ba0649e4c622c5923002c1118126849eb66475eda519774c547d1b090aa9ea8c9e09b178aa859d6a1aea907ef5d16930ef4b2d837dc169b6239a444aebf0f4a04c61eecf7a1ac22ef2cf4d387a50b4833bdaee126ee3e06730e09617225cb4a657c75835bf62c2655a395dba893504ea2e8c2e1702f189e3ff1886fa284da91342728467e4fe2ca1b3b148919ceec8fa39e7740dd49ab491008aad607864506b9f2bf9b2852d4f7881bfa44a4ffe7f27e07536635e1fff02c7bf6fe69d113903b03c3ec20aa0c93e56ccf730fce4a5e7a4ae0bb40a21d7cdc73f550900d4c190482bca02ffd92877a55198023e21cbde090a6a8c6310cd368182d3243e3f9885a98301f1df46cbc8fff62d2a8e465f6f8002c938e39d4df1891280d4cfa21c5866da9d1b236a4196c9231d1667b2df10ac3fae561607e8634076e4a71fcccb7cf28ae1eb56c428559350fe525507d965e009807074e11b203a1854f7b8e02487ff1c86ef03d4cea9d108376ac0b5ccd3ce08f5f48ac954ace88f786315acc5fddf27d292952cc2f814c15ecc453d37eeb8b6557ec221336dde34c555d0831e4305058b72952c93c4d114daf35d0e991b428a556ba57915e78db0a26c5403ac0c136de80b8e64cf94986b427c72ba6eedfdfd4c37bf41aaae798bb6032a9eed9d8ca99ed9db65c4ebcd4d1bd410c127db4da7c08f7a0b3027141e66b6deb5518bc341064a2690123f0222cd76d1a36277a3e248cf604664e60fe14af3baf7765b79dcb4e8da743602b994edf11fe19d27b3655b740c83a76faf9cc94679d5da90f2d5314271a2bedb661be3bf660c367fde796f19c93386288579682b75c0eca0d0b2f1c3868c0b2d9a10455e4e63dcf497c6fa2d40d66fa5143fae1f59592b2f960e7d088390b97db82a993a33b8ef0a71b6832aedfce279fe38119e7eff2471b530497de361285062b345ffa05beb45eed0a0af3b178cfb85fb29256133573ba0d0dd80406df62a0c42d20b2edd602b819dc906b2a6adbe5e016b409a8631d20b58afdc0527a18f2771d3d939addc1fbc7672dddf3ae346e8e33e8ca57852d9374036ddbc2e98d446a8b2065b5dbdb7021314912b44cc09b9094945fc8a18a5c7201901dfd36abdec5ff30f0e5d9375f4cc44dd3144a69b40fbe2291a2c21ec3d60bce4dac695807b101d5fcd3ddbd1073a89fe6bbb21600323bf8288dedd00fc9aa8f3576887e08561a775026f255cabc63a913528cafc8229180ec332c888a72653b9b049d0429dbd17eb5871de7d74f7fd22481de1b54064b20a539862e7afac43a48fdafd2b268af53f39e685b7d558481dfefb244ec07ee421a4a04ab28884ff4040ac7d0eb273b5cd212da9905f6f8200e450f11d84d044d140cace5dc458fd296d3ece61c3efd021a8c7b8ab7596516772afe6a5fff15a95b2788c5de580b3ac8ff26fc8cd57dad92b35414daa752cbe3478537cb45a7bdb744a03375ea4b9560377dfa841544c603306c20b80748a71944af60624844f3f00bfa18ea23d84c2722fac84c25d9b335aacc9797a2ce12e3c881ce6d3073b2cd23a05a852a39c5e569a44e2c2ec4def0ca7a5fc0a06c74077b05673325bd6317359ae38e28f66a62b384756c588eadfc3880627b28aa354e064214fe4ea86c96e8ee994d4498a265a9a02353cabe8a209be6860f6211bd801140be14d3be3612e5a6660aa7a6d4b8f302412aaddcdc259bb2b5c67728746543084bbedd872953d3ca310c78a86a2138b2b83928700bd4e1eed6e68f77c3c445a1a544948aad205b60e29ce027cb6920b66ec864037ff315a1d1b8d1871067be13b2ee1f4f2b432572600207aa5f5855184d1f891c9f4adfd48e8466dfc41457675c04a65e0982d807958614b98eb57ce03c86be44d5a3e58ef49276084894b8a489cd5340b1a61c28687030dcc04a401422442b0289c4d2d7ed29288803af88d223924c7c89779bdcc107829c5ddd46bee9a2f9de21764cb76192a4e95c2c70fa119bb99afbbcfa2b88943380cd3739e578e850600681fb37361613b2bdd517223b30c3226e3fe41da55f6a117820bf92b75e5711a0ad895e55fb9d6c8d7026558999929d4ac6ffbb01b050d5c75f80cc8e4b377857c29b35a689699e33c64498e31d4d93f61af30c82cf0d5620be269be5f9171e9487dcc2110aa0d0199f1af531061c":"f230ef921cde7b61cfef00b479835a892a7eb41794545a494e141749cc18734d0df36ed0f57e5d1519ffb3845a751ac726c6926551c738ff001ccd040473b197"
+
+SHA3_512 long #52
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a1990301c5f0fb63024de2f5b828a00fb2ab0749f066b7d9a9443e1c90be8472574e674f7127a28f1d23f30aa0fd7d69d1c06b38db7fd63c3f47e806185242c8a37d9c68fefcabd3304d48946a6acea58d43c484eb6bbc8a52127a79473359548f0eeb73f4d9e0d645b329ba9fd95d6aeb1c5b58a893316ceb8d3c9ca3c991bd22ea9c98d9250741633ddda4c6b1f061f53478da995dfc8910a07698b67db2ab64f7f7013748e9bb93d3ae7b675a5031b27162324632e78bcc336f9408b583c85e1e43d395aa4eeddc5de2670a3c45832abc6389377bb817242e70b91fdacdb91748ca397cb3fe7e46c3c28f38bf96ff66fec107f59e38d82279c12e85555829975bd25973cbc017d9ed961c784b0d4c6d1dc5d307052f73cdfcaa1cc28cecbee741a45b025a5d609ec3a635534870134703b716f51665932da073ab5ce951200ee08868b1c89e009c2e3903501e88fbfd96dff7483ba1de4b4b6302ddd34ef81422c5a8097d48a0db1499aef7351dad96c0849f87dbadfc2ee6c34acdb2adee02eda54291e126e7645f0c5dd0f5f7d01a67f0353a5d4f96de5adbaab2ed34a9df2b6e5ed15cff7e3ef5db3864c7dd0d927569e2e92b5054648df34b16eeacd2b3c3692652579a0c71c04e683a11980c05d138ce1dac77ddc7695355801cdc10879ddec09b38c03a06a6ac15da3cf1747b63a5205d488eda0fd543ef79df8e0c62a11554356939b004913f66cdb1adeefc13f70132675bf245b80a41889f886e4cb7550ba650cd1573684d849ad7972191c978982371a8ce70fcf17435c493dd4dc7e80c785744125c131f97c91576b6416d6e0eb8ce3b15988840b008b677016eb9148032e5654ec679fdc6e3d5115415e7228a79e7dc70c5443f1c8adefc83b675228f5d61f972b9842e396f7e31a4131fdc35ef225587001835e142a2ea0b2ee35a608035c8253d1bfc19f5789e4d45fee436a1e86d0150ec6c26b86b0840dcec031c23c89a105b26ad8efd2a20f8b36a81b617a2eb87bea82a1475a21fcbca7666eacf8237da1a8e8abf10fe7f4d644cfcdddab698c05134b8d300adf753006accf30acb672c8339dbd5b55b82f3608d9dd2718e3c5511785e8ae1f6588184b17b5f5f0bf1ae9c10e8f775a9f393af13acbe64909fed065d6362a1e30afd6031bc5553aa9e076ffbf84ed75198d45ac871c83c26883139c91182c7ded46e9cd4d6fd701036e004e3550263b9395f6793341980b7c0c8b1a5ae12db4e807d3e8113803da681e061ae453aa14aa0dbe15b3cd8b8aa105c76da833c669bd4d15020b90642d246b09046111e1a6c94f1cd0ad22e6d693e92914fd826ef2c9913d99811b608fd4ff7999101d75588dc4935873e43255b121409ebf5f8fe6b96eae2d363b91690625e82795c8dda04418a20bac83e6be8568ae69821db1bbf95ff72b8f737f4f1488d55e56c67324a8b5d978bb848c478d09b313da5f7cf905cf9912f14572b8ac92b1abc778ee4c08269a1e25588ba7349f0f1c1c973a147b5814720034142c2ace0d7e8c62a78d0ed5746a7e827d4428a312e0ed5771a4a663f9d730d1ec100bb569650a16277e196ce8ec2b94c9b4b5805f00b112dc00237da9a10781631aebc325edc4f5e685a4377821b102095f77e1440a0c5bb1ed7f2fb47e08c501933781f38741a47d3a5bdfa299b35cb4caec20725b53849b9325d49aac993f501f7b7c32a0048454029ccfe8c286f7448d9ee86a832b3001b79426dceb4d32c716240c63f68227f384e372bb1ab08430fdec838d0ff7e07cb16670eb88a951ef2dcddd17c94f01e427cc82aa20d46612b2719c6a505e187516f94d5723121f20bcd548ceb6dfa49e71b45a3673472f6241aa8d72f2a24a836ee93690393bfd1459d6e9e93d98729ae93773d060ad32980213f1477578e9101f92b747397b7e327b4f3b07cc1e1e61f4d26a18976b323c9a3a4258475686b3afa239bca24504f397aab69af0e4ea7c2af1a77f75f580c8608a0b15e6afa5d695844881124d43e03585e7233a6179420221a6659af0b0b40b7fb600e208c90177b56e3507e89d70eb4d372107384d6c00ff016b64d14487e1a7ddc9b7d662ccbcb21538d1ab843e1f7d3124f5cdc952adc62301621bbecc898eeca0d6bd0580eb06c81d2e0a8a9048a26faf74869f8e7f3395c8213481fa69915d56dd1113c6792011526b8a33200d394d1102171287eba3c41000b0208a185bba3c29672015ed9a6b6928aef065c3ce53fa3ce3d4d779b35889bf133d040c5a8dc14a43bcf7bed240c1c3ed54ca02ce0eeb637158e5bfcead858ad219e0cbfa4296be2b4cd473642c0cfbc9d2d550b4e8354444013b14725da4127149b8cdc7732d0382424491dca7ab0ec8fd00240f7a982dd080501e3ac365d4856ef4884e89e4a8ed5fb090882e1c9b6f35e2f35a3064aeab38cd4384793b4f62ec1c820c115e2cc0d7b1060349e210310fe64511a42b3538acfb0aec0994f1ae3399516c8419fdb15cce58ea659c0b92fd92afc2306c500d5f720addef1359dbe8136d0c6c789a1351511f8a1b9afc29816089e88fa89d9dc2ba99d68436e6507be33b48252a807b47f1a08ec66f50493de879f0fc506c7e694d5e62736035c061b152cc68805f5dc318a2551099a6968592d68810f45b03d592bf0e373fb6902be629f5811a754f353e8b6964aa7d85eae855fa5824c7e27a4332463a25e7345cfa5750196960a420fbd2584d02338be0614ed45c42517ed9a76e8716a35641577631589bfdb01118b90d9e3441673d088647a277dd865d7657ba5d3738723bbdd26e9b8337d1fa8efe93a7b4d8870dc5dfc6f14566b4e2c2dcac452665c987f2b7558569b844e4e":"074228e463f71f74ffc3d270373c247acf7ff36b7796419d917d7ed1b1f9312417410b8d59070f5ccc7a6ccf2a4b3fafa5951107cfca1c01dccf0be9fd422529"
+
+SHA3_512 long #54
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"9d0f499d8552ce5d995e158c400d5b033f2324c7dae07f383bd68b8c18f93a7c91f5553d57c4c1b2137f00e00674faa2ec7afe9e27810477196d3545d225ad42ebe67fc5b1def97587f62ab685efa26865b079d1a0de93d7d4ae217369f76b62748cce1edbc8000cbb6a9cf706a3dabd716e9d488d20b4c0334059ff2698fe46f48c4a2e1dab5ee177845c89d1bb2a09d75c73ec366eef9a00cce5d25130ee543391fbdebfaf995a85ec74562e5d1ab4602102a3e2f1cdce01f9cbd332e6c1f6f841ea1708fb3be1ac49eb4565b23326d4655356dad1d5c2ff7015e910e301930c441ebf42b8ccddb343ca3dbde1fcc8fbd26cee673590dfc1d8cbfe354f359238439fbfb30dd2b6638318287f12fe009c0e5751cf45848d11daf3f9e751e65d42e67600a323d7d384b1ddedf46fbf3781c11c695a2b3b35b51e97c16f119b5bf2d4aa695c21629ede752274611dc9d67094c11c520c3d3d764bbe4015b8dcf412b643e12530fc7e3875eea51147a443322e5054fd13100f1c09715d206e329068334a5245782bdb5b5c49684b13d6e88f39d0f8a5653e116f02b700da5a2397bef4c6a305207a1e10d03ba556a9e92c4e5a4af0902d4fad37db981189a53971daa0bfbcad516ead1d79cd447b326576393bc5240691c94a3b3f1c797676fc8784e03d85853291f14a01062d02d6d0301684497c51b9364f44d44c1ee9f6f33f865c49e6d4ec6a52610def4833bcb4c1aedddfe0b8ce1d261a422fe9294da602a7bbeac7e4a6813928488e7e550d9891c9ec8d3882f807368532cdc280a29d39aea62910fb895f0c6957edb5b2f005082f5c5d6cf85e7be74d4c2f92341d614a64c40ca962bd8b34eae514d6908e828ea7d35764622901a139375c3f8ee8799f91be9e7a61698d1a749809ca380f978bfaf98208088021cc129c5cb3d6286d9efd3be46b3fb5ee25ce18d677f29acc67f078e641318c64d0a02238d45408c6b16fe4e86546ca35bcc20e83c70657aa8a51f58bf526755116ab72f78c50ae0b3fb061b14ebcd0ea49162216a1bb6fb85ce51b7a0d30627104fb33a1c21142c4b089594710eaee963393fb99ec5a0a7e46748fba72957b4a03570e3f5ee0ed796bbf74b391184dc0e2014213922b4f85aec5fc530a9dea667c89abd84705d6b3da1d5bfcbb8e15f0be289e8d7a766754fda1084ebf92d44dd557b17467c827f9646ab62a74936dae2fcfb80e8c837a749cd05bb278ba6485788ac91ba57005d4716d2c46a6707d839dc0379eb099af6bf11a9e871d5fbf98cbea9ad6e9479acb69ef6656386e6ef670c1c445ce022ec3664779d595c7100e383ecdac1b930e66b5b80c6512d36890109b070cce042003621e93a5ca3a7d6d255009a6249d892dbb90c5781ce792d7e516a7fa98e8adb44d6895fea3022e3ffce6f7cbeaad32a9e43f39993ef4155558f94d1815f6fc5d8eed26e908664c0b24c93e23560b3161988c11cf60401992cf0ea06d2b7536868f75ef6de1adff5a05c187b650feafdd4041f5236a14c515b31b4901c3af82b8b7c8989216206eb307957a8dc1cfd4a642248c9b44b841666de9efdcc6ea09796eadc8609007c29e920fbeaf8fc7c74308fe7f42d674b60d63403b071a6ff2541cee27e035aa22a30ef5fc24a42cb13cf896751d09904c92ffe7d589a98666ce29515e19ee50b74be310dbf5e646b91a7cb61736c3532a7ea8a8646a59768d71fe9f1513a442a91d792804293f5f0864fb240d94ed077959c54990b214898ec4019ff3d73dc91fa239051ec896bdc5a2dda9fe3f70f260a9c093036ac105924f9b1ba16ca32b4160896ed2dbd2a9195d890d9340325c08f8004e629a4833c09b34d9c7dabcb038e1d22cc868dd6b2c1b6918739e1d8f98cded425848915b412f35a30c2a72a22cad7d08a77a9e4b2567e492466118d239b1ef368b7e83c53c93043f1863ab47444af0c71816fd912cc66242b6920a6c132b6ef4a34308b8da500b75948d51e9a9429534c246e2846bc24bf16937dda64dc3d24249a0077e43edb10f28b14bce831dd3164e11356d07e20867075b78c8100183e9259b695d9ef25dd37bd6813ef96111346380de942baeff6c3903c31a836eeab1de3f149e13e8798b3604db833398b957aa99c641fdaf99c8a739a6e3cf916d611c91f188cc566cfd004341e45a493247ca66d3bca56c3e42f804096d1bf275c3899be865eec49ef2829c9ba896fde4cc6cefee4c4c6e57a4d46dd4fe901a6b9dcb64e27ba4ba77316416d1180e3b37ae383b003b1a3b4ab4e57aefdf5690b5b88af4c51414c15f844dbacb7ceb8b93b4d552efcf365d813bd035425894dcbddc6f547b766660beb1e58f721c547560a8ec3ca551c95c620040a6b6b07287e9d0218beae9c320fc81d59dac3f7282065024010808fabe57cddbd431311918a35e49a1fcb7538881bcc5ec622e6d39ed7426aa023ef20dc76849c79c21b117524c8f9f97263d20b52a5c857d326c237dde9a3f7a39d8d01a9a3387e0c9610d5d639a8ca580aa700192436fe39197c61f5526c65743d590b72b411de37152812e6b13700d0bc101cbbe22b27e9317ac39a0754983a211d408e31a908f61acfb2c2ca153b710ab5a7c74a0573482145d35882dcfe59eb324748a67e8cbe09603bf6eed3e8bd68f037d7d6564efa4b56079d5f7616581e40863e7cf2d7e3738224ff89f3871a7968535a11ae49643233c6f4f7a06eb91cb093dc3fb6892afbbdf44935e4a51c9e7670ba767dc11a5867c7dbd5fc65f1891ae6be692a1ee8e47c30707d27b1385ac316959f356481205a50de94da9a95c5d8053183dde7a1c0355fe1ca4d39f230a6cb67d675923d4c8418699edb8b2a658065e21a4291ea3181d92997c5addeb2b9f59dc6aee8a32f8d75096e7fa603da9c8f4c86e89c269aea32b480119b6253752bc3ea51c6573bdf0d3a8e2789c6b7a4e7ed644074e":"5f88a84dbc3b2769aad1604365f5aa701340b42867fc44aebba6b0a73f06f0ef6261b0c90ff2884cb78c4569ac3f8a678441263fc3afc1bd9f8a2187a11ff4c5"
+
+SHA3_512 long #56
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a8a3016669bcdd9f98deabda37529e4f2db001ed3d00cc9e392075cc7366082475857a9af2b53badfc0e0aec76350db9cd3b214de3c26ffc4c6240babd4b12dfc12bea27ae52edfdd8142af9046ebba720ed0c8a31cc7a608c5c20a849a9ed62f55bfa1687da1b1795b6b509c845cfa18e8e6bac0e65165361d8be9dffcac43577de526e6497ef849cbd5025aa02712f7fe5e5bc64d76b5c339cc1a1c7f5bde1b17c99372ccf8fcb54f0a55392eccbda5bbb23c01a68a0036a72d2bc897100ed09fc7879c9cb237424195c9d684c02298ad8ccc31861ddd06e2099f72d87b6e1e928963d22d3d40876fe1d0b146a41a5740489ca460a4c4ca86ebd599b7f0746b8c69c8a1f2ec90eb1698fa47f8eaed4810702df8caa12fe7e26e7ebbca11aa2de9f3169a8262c0e3c205a708f0071401aa8de09d28a5a6e590ebeb476341880c37bfee1a501229081eb27772d07b371a5b0c65100f34a25a2f0ebbcb2822865cf22aafafe08d51de7949ec242ed9cee8ce861bdfe2b0aaabf92150b59d173db6a5bdebc9c836d3cd6e16658b4f8533f35155858b47ac3851abce5aa516a2169fcef423065ba1176b69c28416d7101ec0a0252270a2a9d3f193802a084955998eda77d5d42f4ea52f08b8b8653a0cd7d7176f834e982bf5f26cd16f5d89a43eea549384c1b7b2058ea77382e50cce07bd438f28637c9526da842c6b137c008f58c9d1a03d995da100d27d6414b3e616e9a11e725de487df20760bcdd8850d0350a6dcc8c628b4003c1650ec82b3f79dc2bc97f1ac4476975aaefa081b392c235887ff5efa0a57cb86ff788c9da15504fef28636cd30d3d7efbb719a39fce077d6c9c3e327a2ab3b77da6eb4f3f080d4e4ef63b23f1e42295617fd04d364cc695208c4f5fd7641089553adf5f4262d962b0faae480812404344116d865f5328060a17cf7da199b8b55d7b0e03cb69db117dfd65e1ffe0be0f0c339757022d555694056795bf12d6c3ff311d42c2673ce61dc708f9be96c58222aef6c608207410251dbeae1917903ca223b7250fa22366f8203e952d7c7c22ec4933de5775aeb924287dd097ef0ea7ad1a82b29b63b91b76d0afbf34da0c7ad3cef6a4d8742adbfbef4b0321e4798c8ade26f34cf1258c009e047ebbf79c0f4003e622736411fd1137d1509f3cf973a0374cf00b969041fc53e5dbaa1c556b99b2ac5f118f8aa8cecbb6bef940b5e557ed9cb0c19822c3d4b7f9dce9915f1547a1f063983bbe639a72a3561738d66917c7bd3b54400299ee92e98c609ee195b3995937f2b1d4b6ddf3401fe16c8388488e5899aed6594bb4ac5cf0f88b037444618fe20539f529ff1734214023e5c9520a14d3b5a24e628ccdfb12979fef3961c33b6cbb1a494568a628641aa724b49e039aef53eb0a65e0bc6ef92623ca6c748505defa9ef7918168c3f1593e67d1924191f86ffbb5dc17425cad8e5fbf95e470943fac0b2896b024aecfe331d6a9978ba2f3f018764f99276e37b59bf33d194c9197b8aa03da5ea49006a2c89bc316ab75eac08b7547ce334b9e851f91eb7be1a3ee06c3b1e7f4ae129f7c4adba77567b1e4c69cdb4c1e2d9beae532bf2872f6734d7e9e5945d80bdca15b01c1de1e88feeaea92d0e4f1df0823bc1ea57b6655a8bb0882247a74839514263372ef77d6060314b77b99af0f3852f4296d6cbfc4eb418cb93a102fdde500c5291962ea186e372c5105f2c086d37f749c3c83e50ce4e6f289c28f70e3766e1f2bdcc0dd18e18e1aa995778c0c82b024bf3d4940f53ab2223be47da15bed651e80e390ba9c0511c60754b17c69edefecd99545384696ad0416ca64290ef5eea972575ae86d82c719b26a27f664bb43b4346f0036c99fe0816499cb70c43410a84760a7cf5301b9f9f4fe6163c694b56416f100a044fe527f6b7c3bde4452d3044825fdd7152aed4f1338e82c57224be4c843cfe0805a0be775993bdb58f83fa3bdcfe7687da46d04584143b7df0a0f1c928ef55c455c14a2c81853cfc6ce5d6eee85eaea511841fe0b41fa6e26f709f5bbfaf87e5aac7497ac220b22577b344d227090c55a2d6f27745f96b8f38f40558dae62ad89f133ad6bdfec3cd3a8cc29a3b86061608c0166dbc49efc107abc264ed3ba5098d35ace4c767d8502fc2ee8b784e2272bdcfea287989aa44361854e479089d150fcf0e1960f4666ac206174a7fc9f7d82c66fc5c102131755eca4b7c00e56977911fdcd92d4d04598bb6db3bb4a1ecc2ef25bb6d12a90bd0ec220470074a90adbbd8a7c88eba28b8f765b8f3a93e77df807ca5dff3999fe358c01e851eb0a923da69dd5bf7c45a159f932ef6e0283f6a5aec5a29357b64294f14f81f99b0297697441c081b03fedbeebfaba9dbc79a1008e526dd4ab70f1f19a13f941ab188125d07b2514ae1ad986f4bcda10ec51e5d0507ca60b5e4e73152e553a7144d5b83a6255ecc19f5dcc78bd7f360fb89429dc9b48358097d930c8561b2bd18dc0a470d1d6fed0ab912e5dee4bb6e148c9d7ed18c0027b7f9791d1ba6fb4a9af61ae8ec5064189f93d66fd2f2842d0c57856cb6eebf6443e12fcfa0158bd40d1403c5ee8ee9e34b2e9de20261fc222572a0e3e46d1f722fbd2da09d4df2edf1ce6b8a6df95fd18fd1efd8e7e371e202565670e487bee5fdf5d94c7da0aefceb8da882f5504477e03622b0edd793e1258b4c9021bf0c441113d90fcbce3e955cca416c1f04162aeec40d06aeceb0b40179c9ce468385f11b9fa3870217202bc80cdc824585638f0df3d546852976bf18ba7487ad65ca916011af3eab2be234afddc081f364ab08c04e320d1b785476fdc5c358d0e63899a0f27283417cf35486b593d7b3226b1c984b99a6cc5bc88003143cbe4b755e6e30ba94114f7ad1efef2ccce00f3f125f187472b03224414edb2e573497a3baa3a1e26a553fa61c8b4b8be257622b3f34a34163b5c7625d57e89c99382ff1cbce77028bcb9c9f219b2e8b7a9a56675031db4ad33416a67b2fadb789558ed0004322836ee0d0c68fb3fa83dc255683e3db12f947978a51392abd378df93edef6a":"b9c0384217f755b7392a0c9adfbea180e16a45f77ac535a42337eb8ddf3c854eb92c69caae0ee2aaf72cbe24f5b6b11dc985d7c8003c8aa0663c8d4f269fa9c2"
+
+SHA3_512 long #58
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"993a3df248d8a14607a75122f59986a73c80d6e245760851287c27a36761d5c0dbe6e209ee1f1de10b1c6a6c53c9159692136658714c7637edd1400d07eafb0bbdf1a8ff3ab7e7d34a230e56101c7c40fba92b70f6578577dfdc795a3bf9cd9428a5b65b9267a624aa046569945a63aa608c4db23c5fde1be8e4f8146a58f362024835a560f802dd1506962c484b71deaa02f3a6ac2c282aef33e5c2fbcd147d35234c660b33a5057272ca2892b64fe3bf5445d5ac850caddb0f69ed5821d8eea77e2424fbdd34a4a99028e3db65a5c189ca6cc6a53432ab96c1ac1ce81ce9bc42a1e46a98c15ac3a1a8d9e78c1e1a80efab900100ff412c0790d5d71385ecefecd3b5bd4aa6bd68440204bc0baa5629d841d80f23afe23916c60ca741268c908f5dbfa77953059e79e6d2e8c2d102c42ed26d77780cbcd8abaa7b12dac56fa6128729af8d91db6a289b6bf5175ac657d8a777c165dd7814ae8347a2462b3d395d991c5eee28e7d6396af66b740f49ecbe081d7654ecbdf2079a9bdfee209f5258dbbf3a04e0d0e9959b9bd040b6348ac83c871dacff347c9f379d50386b3cf7eb953bcd38813eab227684aee3182e3ade8dde3ed5df84b95ca1757d8dd6be33fe0eb79ff0d2db25c942d68cc5fde003e8414a61375456b127224cee5627ca0b798f5c36959c4c5e7349bcf34e2df1edcea1f20f3a25526de9004a2cf9270b894460511c90a73c5e06d15c6ae66f0a0078f5ffcf461c1ff4888496bee09e26b447c9bfd947bb512e6c23de79f58cd345ce85982ac3ff664eeef6592c7154c6946b12cef324a033d58b876ba8e34df3c3b998e6a71997ce84019ebaff161091329682a5f48e1d8b5b4d442b80187713821f7811ceb0ac009dabc3e2be369c2f95b1626d64edfc01c998a44588fcd5da8bea6b4027f006a3a1d2aff8f138be49c5a5fa4dc9a8033c2656ede148f72ef1e500ba9b3b426c609960a82520863f87cb58926ead29fbe57a6e6829497249ff984bad4b910ca7df8c3cf791d487e690aeb472f897d7aba3cec85d4312d3efadadb18b78b1b780c7824ee46394a37d0d76a0e212101add1f294c14572c84e8a32b1c9e4924acbcc1837eb6c4e942caa52c0329e49f5a570193e2d48e1debfc881a732ce77152267498b4b7db5acc9701d7c79097ccffe2f01472e70f6f72f305839e7e7a20108589c8d82dd16fa9aac87fd35f531f714694b5e49303a98094c16d84dc29ba50a0a71cd261cdb042cba32c0fde3f21194b967d202192547ca865e00f8d1cc67940779a8a9bf8a6fdc43ae7635484595db99e750ed9e3f7d0f798e426db7cccf32da04ce92379d8435c34b7b70b494fa65753a397021f1ae3490382b10c7154252fcb3ad54079ce7d5a3aa5f349b78c5dee5e11a1e56d461d664dc1996922e7790ea06b373b20111187f3b8ff57f697e84666c715cbf601e6161faac43ab80c5691c6e7f85c952869ab08f8c37d2df8b12714cbdcfae2d6a62021431bc75a4c2482e6b6feeb019beb8e206d280285381e591027dcbb584ac54dfa968657312e4ca7a7e133308bf301f7e420143025de99a301e3ff5580e7ab6553abee34653a34c8b26e7e735cb712affb18704d357289cf90052c128334c130d38839a41df845afae68c6fb9b6f857f0f5d25a2df7d56a364974b3889b96d75233751f081f1e72344d4f51171a4c42dc5f81a77498667e826a04310b9ff18feeac01c60baac83eb1cbcf2fd06dc3681c7f036149b1526657d29fee23c8d2b91d129843bf0b17fd0dd27a50781a24345bd4d63c0feb2fae4123963f63aeb0cf7807c70cb4a89459a301ef6770b7b533f4e1888c49ae64b2b8cd85a93daa225f89ec1c756f1bb3b11bca8cd94cbf1ce3823588c6896388204940ecb024439dd5bd3fe73250dcfcbfc2acd12a7ea8b1df9e41559f41a310535d2e49e8ca1389beac93d5b80c54e5c252195adf88fd2a6473857d6b050573d86ed61bb771928c96b258567ae41bf55524a0986cfe34cd2edc727ebe45e3592c18e8e0b0bd390cea792df7ff9aaaa204c4d3086740e8309b13a8c80d76c506dac5c717492f8f81266b6518ba7289724dbd113932e37ffb45d398f7dd2a33234110015df52afe8fd6f39e67301e20fc9c67eb89647864639b76b37ca1d2a6251b6217f359421e9f78cc4a31f4f019977d7fd29780524e20288798c50002a682a6368b95ca075826883ff9278d9acbe96d4f66e1fb1395b75970a96f5c3cbcd29e27cca3ebed43cb81d91ba64e60c058e86108d7592ec37fcaec75ea2ad3418b4fa07bac236669e4f222323ccc049f6c8b5f49061f26600fe9358eb40078ed13572ae91cf4f5230955a5cd699ad8a19aa294a7eca17cf3de30f6445b519008013131b584f53c17af38de5dab1f6f7f79da9b9609a4a4e7712ea9375eb2bb3aeb6a5f6172988da05cf826537fee3b9170affe93db8d30b35f5ec8f82c885cfe286f0e6d44537c658920285f667bbf80157f1831d0cfa2ffff3ddfd74366f7ba5ebbb94998ba7acfba5d5ed1ed3c8db3eee482f097e07e25d748488541c30df7e4dd0a86de322b5776ec344b72c508b5535cb9407f6414bd8e0aad629611124f514f5c95935ee0953579432ca599c30ce96445b225cf293f7a0178ffbef5a7292a8f39f636954cf17c70f615d42f4f13277792b5f9860e1431a935cd2ad53f0de7191d396679c304c26fd767bcf9ff6084234adc892d35e43b7e6e5b78343c760d8990df7170e5379db261c29e8e768d85e3b89643395327fdfd7d1b159741ea043d1f49061f261265052f97175126f2b3356663b61ed847ffb30c8c9172c1e271b0331682e8f81dbec49b55a5e693287294fec5605227ccc71b77406a6b4ef7cc9f56c87642edc2117d2f9ec8b34da77a8edc4bc087d44edab357a70ec54b828b3704cf6ed17997f39b76d30e4bb8e8018f796755046016a0f71850fd253a2b1433b79bcaf92e17ebabeb82d5245772ce136098ac7c5decc07353bec40fbd4a1e0209ce194e7dca403b082ecbb1cbc026b72c60254410199fa47440e1f92767ff1e55d6e835db17c7a5475730986878a1f7275e5de04925c5070497d5561b2d4e053636a633d898b887437cc22ccfd4d6300bd3c4f54ba9a7078f242ccb0ae27143257dd1ecf8b5b95d670fff03648d2a0e2":"d9b7d7f2ab02c4229f0cce5a02939b5ecd8364070d1861c72a5590a9825d153fe146f044ba8fee3f26fa3923b0a66d751fc360b19a43e5e3f10b6921b8e4097f"
+
+SHA3_512 long #60
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b7571241008d792f0e1be9cea346e4aae82967db6aaa119262ad88f1398819204bb69e9deccfa5d3a8b7ceefcf1675ef320991fb2718dcf9d367355ca830423c2c7059acfce1a1481129740d4351086e0b784fa38dc91b45d6aa861862369128e1ee0b173aabb5b5d1d8a3d106dde54ffede677ba5a6169df3de44ce6f834e09f2977c85ae1628426e2b23e21fa454bb90a4a22a7697152ab36b3725d8fec10ae8d2739f5f084419728cbbea998d9dda4b30c85908855f139dba27c6a48e31504a09ba0d556a4f5f6562358e797f07d3b6eba1af64563d813a31dc58db1de806a0a317769825923fcd145778c964dbcf593df4d591f4f79c10391d8486922c5273085382311f55df340cea50912362f5bd8f8b729745d58ba93bb4f2abd4465c499f36da2742e06721b1b5bdd7a4e16e69472c2f7f331e778d9d674955cd7e4dadd2872682757a001d6b8268a5cfa361e5cfa0b450a51c8742c9ff3189641b4d2408100d4a9f6cd2afa217f9028ceff7ba8dafa8128215e4522544545181678338aa973888aaff045fbe3d17f7c30c576feb20b4ceb452b5451bfd57b40ca818701ee54f447d78beb527bc6a8a5c43ab8c4fbd7f8b221b23a111f4e5bbee273454cdc2f98400222a3a465c9bc53fdc189a234cb251b4b856f071efa46c0d2cfd6d1ff5de521b446d7581e552b0541fc820ce96f428527075b9a2b73cd152fe9e427d48a7b5b625b2ee411e36528453e3a6b863ee19e48ca9850c1456f2a5e73d5c4d81fcb6b90e1f2eefd0f0b3b5c290b4497b472b525419db17cd9ad5ef2d0341f869845b0c47dcbcf1c328dbd0b2f8d3e9a5a8678410ee432bacaf841619177be7c8e8ae98181220b1bf85d3be6c438a00abb9d363084f45b0773e0704f3a1928166d0b743c9e9e3958cafa265389862f653217ad584656a0ef7ee649f03cb0c2d0ae27df6a1888c07f14f50af5d1fe233668961c3cb5739adf468a5d190bb73557ec9089ae918a36eb80de6832502921fab989216264e3bf63653d281e4994e60882b6015eac0b132a7906bc8d666fa23ecf714b4dd72f64f8458f197458e26b6f1b18e51e9a93dba8781e768b975a3a5ef4def8738eaf421a71f0cfafcc282bf8002993431facf701f87624a1657140f7d432b767edfbdd5684f2a94515ceae2ffc789a809dcefbb394be5563534d5c75e81d168f978d7d18d90544c8b84e68a34a76694b87726039b7477745d336f375aaee947efdecc7fde8c910af464ff1ce94b39df87f2fbb10eab218cd87c69c5397279faa938244625e8e9b6d221bc01e45a0a73be76f72b5a98ea86ec384bdbc2778b696faf658d284f64396ee6a6a1ee7ddf37a52aa0da47e2da4ae28f9ee0be62267c896b19beb0670b7910d94364ce5cc213833781269d32f9c102a8e83cf6de531b3e93c74085d8e55f00221eb34e9ebaefa2c41f78232f50d193acb4562f91192ed750f87b6f4bfad385eabcf434ebcfb348fa0436a282e663dfc287983423809d9cc933d7366853bee859a79149ed0a48be01b7cae3d2c3602c13eb69cc3d9050d52700bca1d6f706729666f0554972944c00c09aabc8f0aec3c76731be87522fca91e7927a3eee9568ca817b20aa1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75ed979615d0eddea33ca6f9bdeaea806e44cc4cf91b29d0d298d3acee75ef803c6c9cfe74f0d6440f1c996896e9495420a351d4179e0bed3a25e071e8b3b0d09b667331b3b021c17550d04b53801c0a6d70ccbb59f4b3f51f79d3bd883ec95699c165565a7798ffdcbf93cb79192d495e9385284785e9918a7ef7bb577e02b93e66b896f1ac01a34c532a10921b42bafaf5c4446ab97769821b9390dcdc25a1923db41801b92558cdf3dc4126ee2404497cd13649f924240f38ee679fbef8b89e2ea3051105ccc46887f287bbfa9bd05311f3276cabb76b39be5166298d45a36922cb84aaf8bd8f24f8b409dba66fc6219d743f5c39f9e5099304b501b2d20dfbff76be53fac2620a2c6af00d5c678dba069aa5a009b23b86a04f7daf93679c5dafeada9473a1e5200c5c63da844cce2636ae82c085a914b9cd7ae6bc9acef896186f01f5cb23bf7080d28bc884e6306e13f7fd4513a819a803cc17af2ececaae244f5bff6a10980271138f61c5fd5c9987bf3fb61d75f25d288e3910b62ebaaebad00f39b9301adcc568982daf59f9af794c709b0ad946e0250973689cb76f9dc13c462c1e4beb086619ceb3abc1b0b9d0e8b67d429cbd37e382ee3e4731928323d9275e0228b38e3a6e587b1fff29bd76d93ce22d86006c4944d11a1f64ca69c7f0db59ce901b742bae5f0d74d90bc652672855335fb7873e9645848c17c05695c889a5e84bcac420230af21318ffd94cdca35bbcee8a8eacbf7205f6141c5275ab5ac8ba216a86001382b16284ac004c7ed47e30fc1f8b7a087f24c52185654fdf764caadaa0c0b5c7eed2cbe4bb423a97e445f751218590b9956a6107a3980bad04b9223d167c268777ddb501d3a8fe6dfa3879b53685d61adb5e338d1ff2915d2c95891374c13b9b455b88a49d3881483fe01ef0069234727a88a17da17bc937186a47246198dc4a7fd4ab93c0fca972dbc44fc93ab4920b9970149ed03c9c83edbfc4388607f1dd4ece8897e5fc5f32f56d720a7af3d82b619ff5b7553cf088d61d67178b19629cd9d38677b43f8ccfb561f1796d58ee1bfa9caa91d784af8ff90b9a8817d317cf496a0dfdd4cd1692442a32dfbceabc238bef9df4ff1abfe07e11c555d23ff9bec51c85efeeaee7c3ca509f030fb22a8a3c2134a775080ac38eb74e446664eeb1766f5616a9ebe5aa6e599eaf0cb6219a37b9d974e056768051869e1e784adfef83ede93aae8afa8e59cf99a95e008799a13ff321e90aed5eee051daab3fab5c1151ea423a4960db9b339f7baab9846d0a53bea77372e56a68dbd33b2bc7b566f5489f09834140571a32020aa9c8444876836253e73c998a1583449fc3ed5ac4167b63662060eccff":"a3e6224e7cc986c44ba987f70dd90f08cc77e36ec717cb07f9c831c0770bba22b88e9d4e86e994751718ee0472b2ae7b1c1cc8c832f5118adc896b0f05fb3c14"
+
+SHA3_512 long #62
+depends_on:MBEDTLS_SHA3_C
+mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e78360a670b2c0080307cfee5a2d20eebf117dfc66e7d98eff6f86fe8c76a92f709fea73c96370ac00570cb29fadb4f562fe34649047208d8b310d05a695000a383f2767eff2c79866ad762ff92d8a76d8b3d1565a07837794bd74a92bb78e8366eb7f498766af135c91752c11b48ab948b8be9b6b31e996419c25b2c0e43ae1232c5ae33cc80f670a8c71738e4a9c05db9661fb6dcc3c30bb5586e80f25ec6e968820fbb31fceda9925d2ca19f7a8a4b8d4243d05e1638e2a700112c0818c70e889395a9773d6b531e500fa5ac496dc09fa6e2bdd7746f8b575fdfa7b01033040b70ec88ecd0e40f95364cbf8b84ef6f391a68b9d96cdb584ede266e7ac37f6c799050d40345ec21af764049cdcb939a0203626ed46e00fc060171fac8a110aa4b787f057b0ae85bc59696fed36bdef382f85c47390674c915406ed73a379b30099fd3a7849e6cf0502dcd294d1435ee246fb2dda7b4ab51e531697e400583a03c8cdb34d08efe9207923f638b234d0c7ee0028c810719290e4afe7a6a894e7d4cb61237ef4af1b3346a8a382e3768b0faefc7ee656c42b0e9039a362a317029c2a1f52b3150fac67f2d1a0196bf3d8e10f57f7db552cc7c1dd1c94bffac7d3826e71089374f7e6e30408b7a75291fe6598795b4f158fb0d155c18266b48ea2af1ebe0cc618500fd004b4aed1a03a47c5d1cb72ec9fd72c65808e35fed953b64bc26d27f50a0070557a3c4e415ed5f92642b30457faea84a5e5ec743072fe587de2e821c850f1519bef0a5f9f944a5db3749ad83b2eb200ba0c4408a48576d06d0796c2e6f409fac9eb85a9924881bb91eee9b73e4415e7cc7dfcba011da56644b8dfd1f8fd32b208f415f3c384615beb3806690843fd8302c17e50ef3f72622a7e2b18a57453c280942207da4fd484e7db5bb64233511a855f309218f5c50b46e0e25d96605472585214ab7eb2c27fad5e4e66941cf9f57ddf7c4a214686aac1666c6972c91c0ab9b654a857b3119566494940a507dc5c11cac93eb53b9d87c2983204e2b895d2ca4948c60e5daa0b3a25b30d1efbe49669a67e377adaf3ea72ff9af58e33a612b49259cc4bb5752c5078f495a601f8edaefe05fd182d6e1bf9220d061d4537119e1aef84b5c55a3fd1cd74a0e62000a70857c558383cf7617e89f4fd38f33118b16773b4f594428be4a99af68660e50d9e3b2610820d770629bdb5a386477a6f14034b25b32a1359b296d05e2dc98d67993190ec9dabd4502345bac0b048fb5ef076e19f9690b7f1631b7ea28364e1fd20c26bb6321bf88894a9691c5dfe9c2d6d469cea46cd149b1ec10a883238c9165c741f34e866c9f5a4722c7e36724623b2fde3cd6ce9149f0b0eddd9df4d2efc75d2142f689531e179276ab0e2abdf89e8222011b0ed9e44538c5f5c34acf6f59261b36e59b017923e508a780ab150a7363eba7eb9e099d41ec3f8dbd95c0b4adbab62bb64bd62511976f69f568d82c5c5d819dc30caef95933a111c7665534379378adc31c6fc66322015ed6d465c2bbd78a5f3bcb387d0db7910e9b2d0b827948d949a67d2cc19b2d64f29f8e4c52145a7c68b06a449cc1d085f0835a421405336e6bdaeeabab2c1200c1d9e70a7ee85ebe46bb5a41dd382706441a8e975d4dfb9ea0db015ae788687b48f08f1e9dba6cf675c72bceb2b3238895eb3a89e2c609e0752125b90b42a92af48de6f7330d0d8b726e5f39b1d54e83525fde88390fd6ea4537fc448afd4ca6610c7f32d352a903c91b55115f11108cf602fb10c47deb02bd99d59bfaeadb53fae6b83ff31dd7e5e658bde41ef9021c1d5f00b219b2cec03ac1421dbfcdddda3ec732ad16e102a86690ea3085ffaba724de9ffaad20faa94948d2485e08bcafb9087ed8b32ec1d1a66e7a75088765c4a8fc2948f35ae734659b06ba6a1e002ad634ed615c699de8424bdf203b32d8eb16522d3b80c32ce81c224fd2488030f232d71ec57723ef52a6b398d072846d80f95b1c20e9fc244ad9892e3e9dd1c79c3b69737397d04eb7603037f462feac2cce8186c7735875c32a3a123dbe855c6f7c569c0a4311247ceb3c2d0a61041d55026ffd6dc18a99e78abfac7e4f0d48026248f8e7ed491919c441e891112729804170d0a268e4f92e87844d6eb3fc12eb799b0a9b1afa852477fc1b16e7ea6944e82eb0f3be0a1c1e8d12859d71b455914ed741a230a801037295050a59c044f973141ed0556c8b2e1804e5792cd8888a4e885e8be2d4056d40d766f9db4b55348eab6ac6b37eced3c4b5dd8039cb143cf51881b685f11a986f2d914400ee028c776f25554cd34fb5ffbfee512d2e813fdf228bc0be91b93b59f214a75f2ae547e9d9ef0aa5ec963b458d884a7b6577e96910bd28e13859bc9ddf71624a74761d32662835433d3ada12994c0aa8f230e02f7d965d925784a2a7403823576d2d730dbe5183a9479629038d99e03a6774baaec3b7ed4671b26402cec9591a7773cfc82d0b644c8e309e84b50289b4379bcf437d823672197b974cd5a571e82601a9fe4ca665a193a2a112ba06558ad51e949a25a5f7a9a138b2c1ef7d1c54eb2f881c97c2f64cda64d73a0725d232e285a12f36637f51bb822d1e8680a6f55985f0af98d194a2d4efb76716e19e50c2698b5f3a7b5c0ecad08ccf3580a02dd38d6a23ba62cf4815bbb82683ba08490722a9c6ac2e0c3551bc583076dda682fbae5b1586f714a11f416ff4b82faea0235982d2062c0e79e2adf60ec4f81879347149f198fef3524429355e3ea30fdaa966bd2dc2d5e120e01e0ca69a707495007ecd443afae9b046dbaecf81c49a7cfbe2af268cbc12deec95029481d7594b021f4b8a176b766f79c132c52bf4dcebbd45df48ae5f12186a9b5e44f58d252f9bdb4b3fa8d117c46f7277eb87c455cb4018c420b23f7d41eca99654701266a7405b52e159bc4c739a77d48f3fb3838036d4043b22cda30fe548313f7bf7ac4691f7e8fbb49d92d17d49df3cce32e4af03f005f49a9a21c6e6efc56293bd54820339840b43f57982aa510e808dd2f7ac2a055fe9641587fb5408b96a31d3fdee06a89a7c82446efb8435d8e729044b0c3b7c688639d03431cf3b83b2e0cc06ef3ebdb2ebfa1af1a0ad60c4cd1a574d439addb657664ab4febaf0bad92b061e09fdf153c605d99006885a68cecc3c8ce6da91cfe973f588b6a9b0d5597b2291c2d6ec03874010c8b1978b2b58c934686a7d412b990d613dfe0e0459905ba210ae5bf638cc33410a267d8b82f79bcf8e52f5544ff28d0e33397a53be2a36f4f930efb869f159fae2d98cd40617be7e6d14c553a3926d6d16fd51378993a7abd9df149b2d932e9ed15f57ed3b55abc173347fc7dcd538fe47be3":"cd4af24388fcf4481291f864142b6cf011bb4dbda0c31668a055f8530c253b9bc14b8784e31a1b32870c9703314308d1a79fa557da734b31fcddd874728b1a48"
+
+SHA3-224 Streaming Test #1
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_224:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"
+
+SHA3-224 Streaming Test #2
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_224:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06"
+
+SHA3-256 Streaming Test #1
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_256:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"
+
+SHA3-256 Streaming Test #2
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_256:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06"
+
+SHA3-384 Streaming Test #1
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_384:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"
+
+SHA3-384 Streaming Test #2
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06"
+
+SHA3-512 Streaming Test #1
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_512:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3"
+
+SHA3-512 Streaming Test #2
+depends_on:MBEDTLS_SHA3_C
+sha3_streaming:MBEDTLS_SHA3_512:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06"
+
+SHA3-224 context reuse
+sha3_reuse:"41":"97e2f98c0938943ab1a18a1721a04dff922ecc1ad14d4bbf905c02ca":"42":"b60bd459170afa28b3ef45a22ce41ede9ad62a9a0b250482a7e1beb6"
+
+SHA3-256 context reuse
+sha3_reuse:"41":"1c9ebd6caf02840a5b2b7f0fc870ec1db154886ae9fe621b822b14fd0bf513d6":"42":"521ec18851e17bbba961bc46c70baf03ee67ebdea11a8306de39c15a90e9d2e5"
+
+SHA3-384 context reuse
+sha3_reuse:"41":"15000d20f59aa483b5eac0a1f33abe8e09dea1054d173d3e7443c68035b99240b50f7abdb9553baf220320384c6b1cd6":"42":"8283d235852af9bbf7d81037b8b70aaba733a4433a4438f1b944c04c9e1d9d6d927e96d61b1fb7e7ecfcf2983ad816b5"
+
+SHA3-512 context reuse
+sha3_reuse:"41":"f5f0eaa9ca3fd0c4e0d72a3471e4b71edaabe2d01c4b25e16715004ed91e663a1750707cc9f04430f19b995f4aba21b0ec878fc5c4eb838a18df5bf9fdc949df":"42":"7b637bc5543d96f49500aaad3b27d8bd37624db23d415c4d0f3dd231e9b9fb061f39b7d8561c540650de8bef02aca43a2069cc2512697bd34f2244ee732743a9"
+
+# Test a subset of the 12 possible cross-size context reuse, with both
+# larger and smaller hashes.
+SHA3-224 to SHA3-256 context reuse
+sha3_reuse:"41":"97e2f98c0938943ab1a18a1721a04dff922ecc1ad14d4bbf905c02ca":"42":"521ec18851e17bbba961bc46c70baf03ee67ebdea11a8306de39c15a90e9d2e5"
+
+SHA3-256 to SHA3-512 context reuse
+sha3_reuse:"41":"1c9ebd6caf02840a5b2b7f0fc870ec1db154886ae9fe621b822b14fd0bf513d6":"42":"7b637bc5543d96f49500aaad3b27d8bd37624db23d415c4d0f3dd231e9b9fb061f39b7d8561c540650de8bef02aca43a2069cc2512697bd34f2244ee732743a9"
+
+SHA3-512 to SHA3-384 context reuse
+sha3_reuse:"41":"f5f0eaa9ca3fd0c4e0d72a3471e4b71edaabe2d01c4b25e16715004ed91e663a1750707cc9f04430f19b995f4aba21b0ec878fc5c4eb838a18df5bf9fdc949df":"42":"8283d235852af9bbf7d81037b8b70aaba733a4433a4438f1b944c04c9e1d9d6d927e96d61b1fb7e7ecfcf2983ad816b5"
+
+SHA3-384 to SHA3-224 context reuse
+sha3_reuse:"41":"15000d20f59aa483b5eac0a1f33abe8e09dea1054d173d3e7443c68035b99240b50f7abdb9553baf220320384c6b1cd6":"42":"b60bd459170afa28b3ef45a22ce41ede9ad62a9a0b250482a7e1beb6"
+
+SHA-3 Selftest
+depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA3_C
+sha3_selftest:
+
+SHA-3 invalid param
+depends_on:MBEDTLS_SHA3_C
+sha3_invalid_param
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index 60dd3c8..326cc79 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -2,6 +2,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
/* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */
@@ -148,3 +149,162 @@
TEST_EQUAL(mbedtls_sha512_self_test(1), 0);
}
/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */
+void mbedtls_sha3(int family, data_t *in, data_t *hash)
+{
+ unsigned char *output = NULL;
+
+ ASSERT_ALLOC(output, hash->len);
+
+ TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0);
+
+ ASSERT_COMPARE(output, hash->len, hash->x, hash->len);
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */
+void sha3_invalid_param()
+{
+ unsigned char output[32];
+ mbedtls_sha3_context ctx;
+
+ mbedtls_sha3_init(&ctx);
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+
+ TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0);
+
+ TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA);
+ TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0);
+
+exit:
+ return;
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */
+void mbedtls_sha3_multi(int family, data_t *in, data_t *hash)
+{
+ unsigned char *output = NULL;
+ mbedtls_sha3_context ctx;
+ const unsigned int block_size = 256;
+
+ ASSERT_ALLOC(output, hash->len);
+
+ mbedtls_sha3_init(&ctx);
+ mbedtls_sha3_starts(&ctx, family);
+
+ for (size_t l = 0; l < in->len; l += block_size) {
+ TEST_ASSERT(mbedtls_sha3_update(&ctx, in->x + l, MIN(in->len - l, block_size)) == 0);
+ }
+
+ TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, hash->len) == 0);
+
+ ASSERT_COMPARE(output, hash->len, hash->x, hash->len);
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */
+void sha3_streaming(int type, data_t *input)
+{
+ mbedtls_sha3_context ctx;
+ unsigned char reference_hash[64];
+ unsigned char hash[64];
+ size_t chunk_size;
+ size_t hash_length = (type == MBEDTLS_SHA3_224 ? 28 :
+ type == MBEDTLS_SHA3_256 ? 32 :
+ type == MBEDTLS_SHA3_384 ? 48 :
+ type == MBEDTLS_SHA3_512 ? 64 :
+ 0);
+
+ mbedtls_sha3_init(&ctx);
+ memset(reference_hash, 0, sizeof(reference_hash));
+ memset(hash, 0, sizeof(hash));
+ TEST_ASSERT(hash_length != 0);
+
+ /* Generate a reference hash */
+ mbedtls_sha3(type, input->x, input->len, reference_hash, hash_length);
+
+ /* Repeat each test with increasingly-sized data chunks
+ * E.g. start by processing bytes individual bytes, then 2-byte chunks,
+ * then 3-byte chunks, and so on...
+ * At each test ensure that the same hash is generated.
+ */
+ for (chunk_size = 1; chunk_size < input->len; chunk_size++) {
+ size_t i;
+ size_t remaining = input->len;
+
+ mbedtls_sha3_init(&ctx);
+ TEST_ASSERT(mbedtls_sha3_starts(&ctx, type) == 0);
+
+ for (i = 0; i < input->len; i += chunk_size) {
+ size_t len = remaining >= chunk_size ? chunk_size : remaining;
+ TEST_ASSERT(mbedtls_sha3_update(&ctx, input->x + i, len) == 0);
+ remaining -= len;
+ }
+
+ mbedtls_sha3_finish(&ctx, hash, hash_length);
+ mbedtls_sha3_free(&ctx);
+
+ ASSERT_COMPARE(hash, hash_length, reference_hash, hash_length);
+ }
+
+exit:
+ mbedtls_sha3_free(&ctx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */
+void sha3_reuse(data_t *input1, data_t *hash1,
+ data_t *input2, data_t *hash2)
+{
+ unsigned char output[64];
+ mbedtls_sha3_context ctx;
+ mbedtls_sha3_id type1, type2;
+
+ mbedtls_sha3_init(&ctx);
+ switch (hash1->len) {
+ case 28: type1 = MBEDTLS_SHA3_224; break;
+ case 32: type1 = MBEDTLS_SHA3_256; break;
+ case 48: type1 = MBEDTLS_SHA3_384; break;
+ case 64: type1 = MBEDTLS_SHA3_512; break;
+ default: TEST_ASSERT(!"hash1->len validity"); break;
+ }
+ switch (hash2->len) {
+ case 28: type2 = MBEDTLS_SHA3_224; break;
+ case 32: type2 = MBEDTLS_SHA3_256; break;
+ case 48: type2 = MBEDTLS_SHA3_384; break;
+ case 64: type2 = MBEDTLS_SHA3_512; break;
+ default: TEST_ASSERT(!"hash2->len validity"); break;
+ }
+
+ /* Round 1 */
+ TEST_ASSERT(mbedtls_sha3_starts(&ctx, type1) == 0);
+ TEST_ASSERT(mbedtls_sha3_update(&ctx, input1->x, input1->len) == 0);
+ TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0);
+ ASSERT_COMPARE(output, hash1->len, hash1->x, hash1->len);
+
+ /* Round 2 */
+ TEST_ASSERT(mbedtls_sha3_starts(&ctx, type2) == 0);
+ TEST_ASSERT(mbedtls_sha3_update(&ctx, input2->x, input2->len) == 0);
+ TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0);
+ ASSERT_COMPARE(output, hash2->len, hash2->x, hash2->len);
+
+exit:
+ mbedtls_sha3_free(&ctx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C:MBEDTLS_SELF_TEST */
+void sha3_selftest()
+{
+ TEST_ASSERT(mbedtls_sha3_self_test(0) == 0);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6bda6ca..a8c714f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -7,11 +7,11 @@
#include <ssl_tls13_invasive.h>
#include <test/ssl_helpers.h>
-#include "hash_info.h"
-
#include <constant_time_internal.h>
#include <test/constant_flow.h>
+#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -27,6 +27,7 @@
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
+ USE_PSA_INIT();
memset(input, 0, sizeof(input));
/* Make sure calling put and get on NULL buffer results in error. */
@@ -79,8 +80,8 @@
exit:
-
mbedtls_test_ssl_buffer_free(&buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -115,6 +116,7 @@
size_t i, j, written, read;
mbedtls_test_ssl_buffer_init(&buf);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0);
/* Check the sanity of input parameters and initialise local variables. That
@@ -189,10 +191,10 @@
}
exit:
-
mbedtls_free(input);
mbedtls_free(output);
mbedtls_test_ssl_buffer_free(&buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -210,6 +212,7 @@
mbedtls_test_mock_socket socket;
mbedtls_test_mock_socket_init(&socket);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
mbedtls_test_mock_socket_close(&socket);
mbedtls_test_mock_socket_init(&socket);
@@ -224,8 +227,8 @@
mbedtls_test_mock_socket_close(&socket);
exit:
-
mbedtls_test_mock_socket_close(&socket);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -259,6 +262,7 @@
mbedtls_test_mock_socket_init(&client);
mbedtls_test_mock_socket_init(&server);
+ USE_PSA_INIT();
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
@@ -317,9 +321,9 @@
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
-
mbedtls_test_mock_socket_close(&client);
mbedtls_test_mock_socket_close(&server);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -357,6 +361,7 @@
mbedtls_test_mock_socket_init(&client);
mbedtls_test_mock_socket_init(&server);
+ USE_PSA_INIT();
/* Fill up the buffers with structured data so that unwanted changes
* can be detected */
@@ -445,17 +450,18 @@
}
exit:
-
mbedtls_test_mock_socket_close(&client);
mbedtls_test_mock_socket_close(&server);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_sanity()
{
- mbedtls_test_ssl_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
+ USE_PSA_INIT();
/* Trying to push/pull to an empty queue */
TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1)
== MBEDTLS_TEST_ERROR_ARG_NULL);
@@ -468,14 +474,16 @@
exit:
mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_basic()
{
- mbedtls_test_ssl_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* Sanity test - 3 pushes and 3 pops with sufficient space */
@@ -495,14 +503,16 @@
exit:
mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_overflow_underflow()
{
- mbedtls_test_ssl_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* 4 pushes (last one with an error), 4 pops (last one with an error) */
@@ -521,14 +531,16 @@
exit:
mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_interleaved()
{
- mbedtls_test_ssl_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
@@ -555,16 +567,18 @@
exit:
mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_insufficient_buffer()
{
- mbedtls_test_ssl_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
size_t message_len = 10;
size_t buffer_len = 5;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0);
/* Popping without a sufficient buffer */
@@ -574,6 +588,7 @@
== (int) buffer_len);
exit:
mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -588,6 +603,7 @@
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
/* Send with a NULL context */
TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN)
== MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
@@ -626,6 +642,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -638,8 +655,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 1,
@@ -685,6 +704,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -697,8 +717,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 2,
@@ -749,6 +771,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -761,8 +784,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 2,
@@ -801,6 +826,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -813,8 +839,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 2,
@@ -865,6 +893,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -877,8 +906,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 1,
@@ -923,6 +954,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -935,8 +967,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 3,
@@ -983,6 +1017,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -995,8 +1030,10 @@
unsigned i;
mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
+
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
&client_queue, 3,
@@ -1070,6 +1107,7 @@
exit:
mbedtls_test_message_socket_close(&server_context);
mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1080,10 +1118,9 @@
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
@@ -1112,12 +1149,16 @@
void ssl_set_hostname_twice(char *hostname0, char *hostname1)
{
mbedtls_ssl_context ssl;
+
mbedtls_ssl_init(&ssl);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
+exit:
mbedtls_ssl_free(&ssl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1141,11 +1182,11 @@
size_t const buflen = 512;
mbedtls_record rec, rec_backup;
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
+ MD_OR_USE_PSA_INIT();
+
ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
@@ -1295,11 +1336,11 @@
int seen_success; /* Indicates if in the current mode we've
* already seen a successful test. */
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
+ MD_OR_USE_PSA_INIT();
+
ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
etm, tag_mode, ver,
(size_t) cid0_len,
@@ -1456,11 +1497,10 @@
int ret;
const unsigned char pad_max_len = 255; /* Per the standard */
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
+ MD_OR_USE_PSA_INIT();
/* Set up transforms with dummy keys */
ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
@@ -1685,6 +1725,7 @@
ASSERT_COMPARE(dst, (size_t) desired_length,
expected->x, (size_t) expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1738,6 +1779,7 @@
expected_server_write_iv->x,
(size_t) desired_iv_len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1782,6 +1824,7 @@
ASSERT_COMPARE(dst, desired_length,
expected->x, desired_length);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1815,6 +1858,7 @@
ASSERT_COMPARE(secrets.early_exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1848,6 +1892,7 @@
ASSERT_COMPARE(secrets.server_handshake_traffic_secret, hash_len,
server_expected->x, server_expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1885,6 +1930,7 @@
ASSERT_COMPARE(secrets.exporter_master_secret, hash_len,
exporter_expected->x, exporter_expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1914,6 +1960,7 @@
ASSERT_COMPARE(secrets.resumption_master_secret, hash_len,
resumption_expected->x, resumption_expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1925,7 +1972,7 @@
data_t *transcript,
data_t *binder_expected)
{
- unsigned char binder[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char binder[MBEDTLS_MD_MAX_SIZE];
/* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
@@ -1947,6 +1994,7 @@
ASSERT_COMPARE(binder, hash_len,
binder_expected->x, binder_expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -1971,8 +2019,6 @@
size_t buf_len;
int other_endpoint;
- MD_OR_USE_PSA_INIT();
-
TEST_ASSERT(endpoint == MBEDTLS_SSL_IS_CLIENT ||
endpoint == MBEDTLS_SSL_IS_SERVER);
@@ -2000,6 +2046,7 @@
mbedtls_ssl_transform_init(&transform_recv);
mbedtls_ssl_transform_init(&transform_send);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
&transform_send, endpoint,
@@ -2045,6 +2092,7 @@
ASSERT_COMPARE(rec.buf + rec.data_offset, rec.data_len,
plaintext->x, plaintext->len);
+exit:
mbedtls_free(buf);
mbedtls_ssl_transform_free(&transform_send);
mbedtls_ssl_transform_free(&transform_recv);
@@ -2058,7 +2106,7 @@
data_t *input,
data_t *expected)
{
- unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];
PSA_INIT();
@@ -2071,6 +2119,7 @@
ASSERT_COMPARE(secret_new, (size_t) expected->len,
expected->x, (size_t) expected->len);
+exit:
PSA_DONE();
}
/* END_CASE */
@@ -2114,9 +2163,9 @@
/*
* Test that a save-load pair is the identity
*/
-
mbedtls_ssl_session_init(&original);
mbedtls_ssl_session_init(&restored);
+ USE_PSA_INIT();
/* Prepare a dummy session to work on */
((void) endpoint_type);
@@ -2248,6 +2297,7 @@
mbedtls_ssl_session_free(&original);
mbedtls_ssl_session_free(&restored);
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2262,8 +2312,8 @@
/*
* Test that a load-save pair is the identity
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare a dummy session to work on */
((void) endpoint_type);
@@ -2310,6 +2360,7 @@
mbedtls_ssl_session_free(&session);
mbedtls_free(buf1);
mbedtls_free(buf2);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2324,8 +2375,8 @@
/*
* Test that session_save() fails cleanly on small buffers
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare dummy session and get serialized size */
((void) endpoint_type);
@@ -2357,6 +2408,7 @@
exit:
mbedtls_ssl_session_free(&session);
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2371,8 +2423,8 @@
/*
* Test that session_load() fails cleanly on small buffers
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare serialized session data */
((void) endpoint_type);
@@ -2410,6 +2462,7 @@
mbedtls_ssl_session_free(&session);
mbedtls_free(good_buf);
mbedtls_free(bad_buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2432,6 +2485,7 @@
corrupt_config == 1 };
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
((void) endpoint_type);
((void) tls_version);
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -2484,7 +2538,8 @@
*byte ^= corrupted_bit;
}
}
-
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2645,13 +2700,10 @@
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA256 */
void handshake_cipher(char *cipher, int pk_alg, int dtls)
{
- MD_OR_USE_PSA_INIT();
-
test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
- MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -2721,15 +2773,10 @@
int expected_cli_fragments,
int expected_srv_fragments)
{
- MD_OR_USE_PSA_INIT();
-
test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
expected_srv_fragments, 0);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
-
-exit:
- MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -2738,15 +2785,10 @@
int expected_cli_fragments,
int expected_srv_fragments)
{
- MD_OR_USE_PSA_INIT();
-
test_app_data(mfl, cli_msg_len, srv_msg_len, expected_cli_fragments,
expected_srv_fragments, 1);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
-
-exit:
- MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -2859,7 +2901,6 @@
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
(char *) "");
-
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -2870,7 +2911,6 @@
char *cipher)
{
test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
-
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -2887,8 +2927,8 @@
mbedtls_ssl_config conf;
- MD_OR_USE_PSA_INIT();
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_conf_psk(&conf,
psk0, sizeof(psk0),
@@ -2899,9 +2939,7 @@
MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE);
exit:
-
mbedtls_ssl_config_free(&conf);
-
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -2931,8 +2969,8 @@
mbedtls_ssl_config conf;
- MD_OR_USE_PSA_INIT();
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
switch (mode) {
case 0:
@@ -2983,7 +3021,6 @@
}
exit:
-
mbedtls_ssl_config_free(&conf);
MD_OR_USE_PSA_DONE();
@@ -2998,10 +3035,9 @@
mbedtls_ssl_config conf;
mbedtls_ssl_context ssl;
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_config_init(&conf);
mbedtls_ssl_init(&ssl);
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_conf_endpoint(&conf, endpoint);
mbedtls_ssl_conf_transport(&conf, transport);
@@ -3042,10 +3078,10 @@
#endif
mbedtls_ssl_conf_curves(&conf, curve_list);
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
+ MD_OR_USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL);
@@ -3059,7 +3095,6 @@
TEST_EQUAL(iana_tls_group_list[i], ssl.handshake->group_list[i]);
}
-
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
@@ -3083,10 +3118,10 @@
mbedtls_ssl_conf_groups(&conf, iana_tls_group_list);
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_context ssl;
mbedtls_ssl_init(&ssl);
+ MD_OR_USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
TEST_ASSERT(ssl.conf != NULL && ssl.conf->group_list != NULL);
@@ -3122,12 +3157,12 @@
options.srv_log_obj = &srv_pattern;
options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
- MD_OR_USE_PSA_INIT();
mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server));
mbedtls_test_message_socket_init(&server_context);
mbedtls_test_message_socket_init(&client_context);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
&options, NULL, NULL,
@@ -3181,6 +3216,8 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ USE_PSA_INIT();
+
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT),
@@ -3195,8 +3232,10 @@
&len),
exp_ret);
+exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3205,9 +3244,13 @@
{
mbedtls_timing_delay_context delay_context;
+ USE_PSA_INIT();
mbedtls_timing_set_delay(&delay_context, 50, 100);
TEST_ASSERT(mbedtls_timing_get_final_delay(&delay_context) == 100);
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3224,10 +3267,9 @@
mbedtls_test_rnd_std_rand(NULL, own_cid, sizeof(own_cid));
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
@@ -3383,11 +3425,12 @@
/*
* Test set-up
*/
- MD_OR_USE_PSA_INIT();
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
mbedtls_test_init_handshake_options(&client_options);
+ MD_OR_USE_PSA_INIT();
+
client_options.pk_alg = MBEDTLS_PK_ECDSA;
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
&client_options, NULL, NULL, NULL,
@@ -3478,9 +3521,8 @@
size_t pwd_len = 0;
int ret;
- MD_OR_USE_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
+ MD_OR_USE_PSA_INIT();
/* test with uninitalized SSL context */
ECJPAKE_TEST_SET_PASSWORD(MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
@@ -3617,7 +3659,8 @@
#else
TEST_UNAVAILABLE_ECC(30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448);
#endif
-
+ goto exit;
+exit:
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index a6b001f..edb7824 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1,402 +1,410 @@
X509 CRT information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #1 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #2
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #2 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #3
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information #3 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_MD5
-x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
-x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA384
-x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA512
-x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224
-x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384
-x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512
-x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224
-x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384
-x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512
-x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
+x509_cert_info:"data_files/parse_input/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
+x509_cert_info:"data_files/parse_input/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, directoryName SAN
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n"
+x509_cert_info:"data_files/parse_input/server5-directoryname.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-10 16\:59\:29\nexpires on \: 2033-01-07 16\:59\:29\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n"
X509 CRT information EC, SHA256 Digest, two directoryName SANs
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n"
+x509_cert_info:"data_files/parse_input/server5-two-directorynames.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\nissued on \: 2023-01-12 10\:34\:11\nexpires on \: 2033-01-09 10\:34\:11\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n directoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n directoryName \: O=MALFORM_ME\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
+x509_cert_info:"data_files/parse_input/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
X509 CRT information, NS Cert Type
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
+x509_cert_info:"data_files/parse_input/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
X509 CRT information, Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Key Usage with decipherOnly
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
+x509_cert_info:"data_files/parse_input/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
X509 CRT information, Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n <unsupported>\n <unsupported>\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n iPAddress \: 192.168.1.1\n iPAddress \: 192.168.69.144\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Subject Alt Name with uniformResourceIdentifier
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, RSA Certificate Policy any
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate Policy any with qualifier
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any with qualifier
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate multiple Policies
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, ECDSA Certificate multiple Policies
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, RSA Certificate unsupported policy
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, ECDSA Certificate unsupported policy
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, Key Usage + Extended Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
+x509_cert_info:"data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
X509 CRT information RSA signed by EC
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME
-x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC signed by RSA
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
-x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
+x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+
+X509 CRT information Parsing IPv4 and IPv6 IP names
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_cert_info:"data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n"
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0
+x509_parse_san:"data_files/parse_input/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0
+x509_parse_san:"data_files/parse_input/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n":0
X509 SAN parsing directoryName
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0
+x509_parse_san:"data_files/parse_input/server5-directoryname.crt.der":"type \: 4\ndirectoryName \: C=UK, O=Mbed TLS, CN=Mbed TLS directoryName SAN\n":0
X509 SAN parsing directoryName, seq malformed
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+x509_parse_san:"data_files/parse_input/server5-directoryname-seq-malformed.crt.der":"":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 SAN parsing two directoryNames, second DN OID malformed
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
+x509_parse_san:"data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
+x509_parse_san:"data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
+x509_parse_san:"data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n":0
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME
-x509_parse_san:"data_files/server4.crt":"":0
+x509_parse_san:"data_files/parse_input/server4.crt":"":0
X509 SAN parsing, unsupported otherName name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/server5-unsupported_othername.crt":"":0
+x509_parse_san:"data_files/parse_input/server5-unsupported_othername.crt":"":0
X509 SAN parsing rfc822Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0
+x509_parse_san:"data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0
+
+X509 CRT information Parsing IP (invalid data)
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
X509 CRL information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
X509 CRL information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
X509 CRL information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
X509 CRL information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_VERIFY
-mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
X509 CRL Unsupported critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-idpnc.pem":0
X509 CSR Information RSA with MD5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256, containing commas
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA224
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA256
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA384
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA512
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA with SHA-256 - Microsoft header
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information v3 extensions #1 (all)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n"
+mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n"
X509 CSR Information v3 extensions #2 (nsCertType only)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n"
+mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n"
X509 CSR Information v3 extensions #3 (subjectAltName only)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
+mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CSR Information v3 extensions #4 (keyUsage only)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
-mbedtls_x509_csr_info:"data_files/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n"
+mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n"
X509 Verify Information: empty
x509_verify_info:0:"":""
@@ -437,7 +445,7 @@
X509 Get Distinguished Name #5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
-mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\, Commas, CN=PolarSSL Server 1"
+mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1"
X509 Get Modified DN #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1
@@ -1016,36 +1024,58 @@
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 CRT verification: domain identical to IPv4 in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: domain identical to IPv6 in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: matching IPv4 in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL"
X509 CRT verification: mismatching IPv4 in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: IPv4 with trailing data in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT verification: matching IPv6 in SubjectAltName
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL"
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL"
X509 CRT verification: mismatching IPv6 in SubjectAltName
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: matching URI in SubjectAltName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
-x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL"
+
+X509 CRT verification: URI with trailing data in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: URI with preceding data in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
+
+X509 CRT verification: URI with bad data in SubjectAltName
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
+x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL"
X509 CRT parse CN: IPv4 valid address
x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4
+X509 CRT parse CN: IPv4 leading zeroes #1
+x509_crt_parse_cn_inet_pton:"010.10.10.10":"":0
+
+X509 CRT parse CN: IPv4 leading zeroes #2
+x509_crt_parse_cn_inet_pton:"10.10.10.001":"":0
+
X509 CRT parse CN: IPv4 excess 0s
x509_crt_parse_cn_inet_pton:"10.0000.10.10":"":0
@@ -2021,11 +2051,11 @@
X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
-x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
X509 CRT ASN1 (pathlen is INT_MAX-1)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1
-x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0
+x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max-1.crt":0
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
@@ -2977,99 +3007,99 @@
# Please see makefile for data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files)
X509 CSR ASN.1 (attributes: invalid sequence tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (attributes: invalid attribute id)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (attributes: not extension request)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0
X509 CSR ASN.1 (attributes: invalid extenstion request set tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (attributes: invalid len (len > data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (attributes: invalid len (len < data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CSR ASN.1 (attributes: extension request invalid len (len > data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (attributes: extension request invalid len (len < data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extensions: invalid sequence tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: invalid extension id tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: invalid extension data tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: invalid extension data len (len > data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CSR ASN.1 (extensions: invalid extension data len (len < data))
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CSR ASN.1 (extensions: duplicated extension)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA
X509 CSR ASN.1 (extensions: invalid extension type data)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0
+mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0
X509 File parse (no issues)
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_int-ca.crt":0
+x509parse_crt_file:"data_files/parse_input/server7_int-ca.crt":0
X509 File parse (extra space in one certificate)
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_pem_space.crt":1
+x509parse_crt_file:"data_files/parse_input/server7_pem_space.crt":1
X509 File parse (all certificates fail)
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+x509parse_crt_file:"data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
X509 File parse (trailing spaces, OK)
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_trailing_space.crt":0
+x509parse_crt_file:"data_files/parse_input/server7_trailing_space.crt":0
X509 File parse (Algorithm Params Tag mismatch)
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
+x509parse_crt_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C
@@ -3145,7 +3175,7 @@
X509 Get time (UTC invalid character in year)
depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
X509 Get time (UTC invalid character in month)
depends_on:MBEDTLS_X509_USE_C
@@ -3278,3 +3308,68 @@
X509 ext types accessor: ext type not present
depends_on:MBEDTLS_X509_CRT_PARSE_C
x509_accessor_ext_types:MBEDTLS_X509_EXT_KEY_USAGE:MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
+
+X509 CRT parse Subject Key Id - Correct Subject Key ID
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":0
+
+X509 CRT parse Subject Key Id - Wrong OCTET_STRING tag
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Subject Key Id - Wrong OCTET_STRING length
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_subjectkeyid:"data_files/authorityKeyId_subjectKeyId_tag_len_malformed.crt.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT parse Authority Key Id - Correct Authority Key ID
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"NL/PolarSSL/PolarSSL Test CA/":"680430CD074DE63FCDC051260FD042C2B512B6BA":0
+
+X509 CRT parse Authority Key Id - Correct Authority Key ID (no keyid)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_keyid.crt.der":"":"NL/PolarSSL/PolarSSL Test CA/":"680430CD074DE63FCDC051260FD042C2B512B6BA":0
+
+X509 CRT parse Authority Key Id - Correct Authority Key ID (no issuer)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_issuer.crt.der":"A505E864B8DCDF600F50124D60A864AF4D8B4393":"":"":0
+
+X509 CRT parse Authority Key Id - no Authority Key ID
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_no_authorityKeyId.crt.der":"":"":"":0
+
+X509 CRT parse Authority Key Id - Wrong Length
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_length_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+X509 CRT parse Authority Key Id - Wrong Sequence tag
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sequence_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Authority Key Id - Wrong KeyId Tag
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Authority Key Id - Wrong KeyId Tag Length
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_keyid_tag_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+X509 CRT parse Authority Key Id - Wrong Issuer Tag
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag1_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Authority Key Id - Wrong DirectoryName tag in issuer field
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_issuer_tag2_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Authority Key Id - Wrong Serial Number Tag
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sn_tag_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+X509 CRT parse Authority Key Id - Wrong Serial Number Tag length
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/authorityKeyId_subjectKeyId_sn_len_malformed.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+# clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376: test for bad sequence of names in authorityCertIssuer (see issue #7576)
+X509 CRT parse Authority Key Id - Wrong Issuer sequence
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C
+x509_crt_parse_authoritykeyid:"data_files/clusterfuzz-testcase-minimized-fuzz_x509crt-6666050834661376.crt.der":"":"":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 905d62f..c936443 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -429,12 +429,15 @@
int expected_result = ext_type & has_ext_type;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
crt.ext_types = ext_type;
TEST_ASSERT(mbedtls_x509_crt_has_ext_type(&crt, has_ext_type) == expected_result);
+exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -463,6 +466,7 @@
size_t n = sizeof(buf);
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), parse_result);
@@ -490,8 +494,8 @@
TEST_ASSERT(strcmp(buf, result_str) == 0);
exit:
-
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -503,6 +507,7 @@
int res;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -515,6 +520,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -526,6 +532,7 @@
int res;
mbedtls_x509_crl_init(&crl);
+ USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
@@ -538,6 +545,7 @@
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -548,12 +556,14 @@
char buf[2000];
mbedtls_x509_crl_init(&crl);
+ USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -565,6 +575,7 @@
int res;
mbedtls_x509_csr_init(&csr);
+ USE_PSA_INIT();
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
@@ -577,6 +588,7 @@
exit:
mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -586,6 +598,7 @@
char buf[2000];
int res;
+ USE_PSA_INIT();
memset(buf, 0, sizeof(buf));
res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags);
@@ -593,6 +606,9 @@
TEST_ASSERT(res >= 0);
TEST_ASSERT(strcmp(buf, result_str) == 0);
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -616,11 +632,9 @@
* - x509_verify() for server5 -> test-ca2: ~ 18800
* - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
*/
-
mbedtls_x509_crt_restart_init(&rs_ctx);
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
-
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -673,7 +687,6 @@
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
mbedtls_x509_crl_init(&crl);
-
MD_OR_USE_PSA_INIT();
if (strcmp(cn_name_str, "NULL") != 0) {
@@ -758,6 +771,7 @@
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
@@ -775,6 +789,7 @@
exit:
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -790,10 +805,10 @@
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
- verify_print_init(&vrfy_ctx);
-
MD_OR_USE_PSA_INIT();
+ verify_print_init(&vrfy_ctx);
+
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
@@ -827,6 +842,8 @@
int res = 0;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
+
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -844,6 +861,7 @@
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -855,6 +873,8 @@
int res = 0;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
+
memset(buf, 0, 2000);
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -873,18 +893,20 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret)
{
- unsigned char *name;
+ unsigned char *name = NULL;
unsigned char *p;
size_t name_len;
mbedtls_x509_name head;
int ret;
+ USE_PSA_INIT();
memset(&head, 0, sizeof(head));
name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len);
@@ -897,7 +919,9 @@
TEST_EQUAL(ret, exp_ret);
+exit:
mbedtls_free(name);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -916,6 +940,7 @@
unsigned char buf[80], *out = NULL, *c;
const char *short_name;
+ USE_PSA_INIT();
memset(&parsed, 0, sizeof(parsed));
memset(buf, 0, sizeof(buf));
c = buf + sizeof(buf);
@@ -964,6 +989,7 @@
mbedtls_free(out);
mbedtls_asn1_free_named_data_list(&names);
mbedtls_asn1_free_named_data_list_shallow(parsed.next);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -973,6 +999,7 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -986,6 +1013,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -995,6 +1023,7 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -1008,6 +1037,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1017,11 +1047,13 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1037,6 +1069,7 @@
#endif
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
#if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -1103,6 +1136,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1124,6 +1158,7 @@
oid.p = (unsigned char *) MBEDTLS_OID_PKIX "\x01\x1F";
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
&oid) == (result));
@@ -1157,6 +1192,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1168,6 +1204,8 @@
int res;
mbedtls_x509_crl_init(&crl);
+ USE_PSA_INIT();
+
memset(output, 0, 2000);
@@ -1183,6 +1221,7 @@
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1194,6 +1233,8 @@
int my_ret;
mbedtls_x509_csr_init(&csr);
+ USE_PSA_INIT();
+
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
@@ -1207,6 +1248,7 @@
exit:
mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1218,6 +1260,8 @@
int my_ret;
mbedtls_x509_csr_init(&csr);
+ USE_PSA_INIT();
+
memset(my_out, 0, sizeof(my_out));
my_ret = mbedtls_x509_csr_parse_file(&csr, csr_file);
@@ -1231,6 +1275,7 @@
exit:
mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1241,6 +1286,7 @@
int i;
mbedtls_x509_crt_init(&chain);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
@@ -1255,6 +1301,7 @@
exit:
mbedtls_x509_crt_free(&chain);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1271,10 +1318,8 @@
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
*/
-
mbedtls_x509_crt_init(&trusted);
mbedtls_x509_crt_init(&chain);
-
MD_OR_USE_PSA_INIT();
/* Load trusted root */
@@ -1313,7 +1358,6 @@
mbedtls_x509_crt_init(&chain);
mbedtls_x509_crt_init(&trusted);
-
MD_OR_USE_PSA_INIT();
while ((act = mystrsep(&chain_paths, " ")) != NULL) {
@@ -1353,6 +1397,7 @@
const char *desc = NULL;
int ret;
+ USE_PSA_INIT();
oid.tag = MBEDTLS_ASN1_OID;
oid.p = buf->x;
@@ -1368,6 +1413,9 @@
TEST_ASSERT(desc != NULL);
TEST_ASSERT(strcmp(desc, ref_desc) == 0);
}
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1377,6 +1425,8 @@
mbedtls_x509_buf oid;
char num_buf[100];
+ USE_PSA_INIT();
+
memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
@@ -1391,6 +1441,9 @@
TEST_ASSERT(num_buf[ret] == 0);
TEST_ASSERT(strcmp(num_buf, numstr) == 0);
}
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1400,6 +1453,7 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -1407,6 +1461,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1417,7 +1472,7 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
-
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
@@ -1426,6 +1481,7 @@
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1438,6 +1494,7 @@
unsigned char *start = buf;
unsigned char *end = buf;
+ USE_PSA_INIT();
memset(&time, 0x00, sizeof(time));
*end = (unsigned char) tag; end++;
*end = strlen(time_str);
@@ -1455,6 +1512,8 @@
TEST_ASSERT(min == time.min);
TEST_ASSERT(sec == time.sec);
}
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1468,6 +1527,8 @@
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
+ USE_PSA_INIT();
+
buf.p = params->x;
buf.len = params->len;
buf.tag = params_tag;
@@ -1484,6 +1545,104 @@
}
exit:
- ;;
+ USE_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
+void x509_crt_parse_subjectkeyid(char *file, data_t *subjectKeyId, int ref_ret)
+{
+ mbedtls_x509_crt crt;
+
+ mbedtls_x509_crt_init(&crt);
+
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
+
+ if (ref_ret == 0) {
+ TEST_EQUAL(crt.subject_key_id.tag, MBEDTLS_ASN1_OCTET_STRING);
+ TEST_EQUAL(memcmp(crt.subject_key_id.p, subjectKeyId->x, subjectKeyId->len), 0);
+ TEST_EQUAL(crt.subject_key_id.len, subjectKeyId->len);
+ } else {
+ TEST_EQUAL(crt.subject_key_id.tag, 0);
+ TEST_EQUAL(crt.subject_key_id.len, 0);
+ }
+
+exit:
+ mbedtls_x509_crt_free(&crt);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
+void x509_crt_parse_authoritykeyid(char *file,
+ data_t *keyId,
+ char *authorityKeyId_issuer,
+ data_t *serial,
+ int ref_ret)
+{
+ mbedtls_x509_crt crt;
+ int bufferCounter = 0;
+ size_t issuerCounter = 0;
+ unsigned int result = 0;
+ mbedtls_x509_subject_alternative_name san;
+ mbedtls_x509_name *pname = NULL;
+
+ mbedtls_x509_crt_init(&crt);
+
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, file), ref_ret);
+
+ if (ref_ret == 0) {
+ /* KeyId test */
+ if (keyId->len > 0) {
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, MBEDTLS_ASN1_OCTET_STRING);
+ TEST_EQUAL(memcmp(crt.authority_key_id.keyIdentifier.p, keyId->x, keyId->len), 0);
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, keyId->len);
+ } else {
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0);
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0);
+ }
+
+
+ /* Issuer test */
+ if (strlen(authorityKeyId_issuer) > 0) {
+ mbedtls_x509_sequence *issuerPtr = &crt.authority_key_id.authorityCertIssuer;
+
+ TEST_EQUAL(mbedtls_x509_parse_subject_alt_name(&issuerPtr->buf, &san), 0);
+
+ pname = &san.san.directory_name;
+
+ while (pname != NULL) {
+ for (issuerCounter = 0; issuerCounter < pname->val.len; issuerCounter++) {
+ result |=
+ (authorityKeyId_issuer[bufferCounter++] != pname->val.p[issuerCounter]);
+ }
+ bufferCounter++; /* Skipping the slash */
+ pname = pname->next;
+ }
+ mbedtls_x509_free_subject_alt_name(&san);
+ TEST_EQUAL(result, 0);
+ }
+
+ /* Serial test */
+ if (serial->len > 0) {
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag,
+ MBEDTLS_ASN1_INTEGER);
+ TEST_EQUAL(memcmp(crt.authority_key_id.authorityCertSerialNumber.p,
+ serial->x, serial->len), 0);
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, serial->len);
+ } else {
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0);
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0);
+ }
+
+ } else {
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.tag, 0);
+ TEST_EQUAL(crt.authority_key_id.keyIdentifier.len, 0);
+
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.tag, 0);
+ TEST_EQUAL(crt.authority_key_id.authorityCertSerialNumber.len, 0);
+ }
+
+exit:
+ mbedtls_x509_crt_free(&crt);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index bb40029..4eeeacd 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -59,111 +59,115 @@
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
Certificate write check Server1 SHA1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 1970
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not after 2050
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 1970, not after 2050
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, not before 2050, not after 2059
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, one ext_key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, two ext_key_usages
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, RSA_ALT, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Opaque, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Full length serial
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, Serial starting with 0x80
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server1 SHA1, All 0xFF full length serial
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0
Certificate write check Server5 ECDSA
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0
Certificate write check Server5 ECDSA, Opaque
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0
+
+Certificate write check Server1 SHA1, SubjectAltNames
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1
X509 String to Names #1
-mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark\, Inc., OU=PolarSSL":0
+mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0
X509 String to Names #2
mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
@@ -175,10 +179,10 @@
mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #5 (Escape non-allowed characters)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #6 (Escape at end)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
Check max serial length
x509_set_serial_check:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 0e4062e..ab4a2d0 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,8 +7,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/pk.h"
-
-#include "hash_info.h"
+#include "md_psa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -47,7 +46,7 @@
goto cleanup;
}
- psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md);
+ psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md);
size_t hash_size = 0;
psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len,
hash, PSA_HASH_MAX_SIZE, &hash_size);
@@ -59,7 +58,7 @@
}
if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md),
+ csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
goto cleanup;
@@ -176,10 +175,9 @@
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
mbedtls_x509write_csr_init(&req);
-
+ mbedtls_pk_init(&key);
MD_OR_USE_PSA_INIT();
- mbedtls_pk_init(&key);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL) == 0);
@@ -266,13 +264,12 @@
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
-
mbedtls_x509write_csr_init(&req);
-
MD_OR_USE_PSA_INIT();
- md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
+
+ md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
mbedtls_pk_init(&key);
@@ -315,7 +312,7 @@
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
psa_destroy_key(key_id);
- PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -328,7 +325,7 @@
char *ext_key_usage,
int cert_type, int set_cert_type, int auth_ident,
int ver, char *cert_check_file, int pk_wrap, int is_ca,
- char *cert_verify_file)
+ char *cert_verify_file, int set_subjectAltNames)
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
@@ -350,19 +347,59 @@
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
#endif
mbedtls_pk_type_t issuer_key_type;
+ mbedtls_x509_san_list san_ip;
+ mbedtls_x509_san_list san_dns;
+ mbedtls_x509_san_list san_uri;
+ mbedtls_x509_san_list san_mail;
+ mbedtls_x509_san_list san_dn;
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
+ const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 };
+ const char *san_dns_name = "example.com";
+ const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test";
+ const char *san_mail_name = "mail@example.com";
+ const char *san_uri_name = "http://pki.example.com";
+ mbedtls_x509_san_list *san_list = NULL;
+
+ if (set_subjectAltNames) {
+ san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name;
+ san_mail.node.san.unstructured_name.len = strlen(san_mail_name);
+ san_mail.next = NULL;
+
+ san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME;
+ san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name;
+ san_dns.node.san.unstructured_name.len = strlen(san_dns_name);
+ san_dns.next = &san_mail;
+
+ san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname,
+ san_dn_name) == 0);
+ san_dn.node.san.directory_name = *ext_san_dirname;
+ san_dn.next = &san_dns;
+
+ san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name;
+ san_ip.node.san.unstructured_name.len = sizeof(san_ip_name);
+ san_ip.next = &san_dn;
+
+ san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
+ san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name;
+ san_uri.node.san.unstructured_name.len = strlen(san_uri_name);
+ san_uri.next = &san_ip;
+
+ san_list = &san_uri;
+ }
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
mbedtls_mpi_init(&serial_mpi);
#endif
- MD_OR_USE_PSA_INIT();
-
mbedtls_pk_init(&subject_key);
mbedtls_pk_init(&issuer_key);
mbedtls_pk_init(&issuer_key_alt);
-
mbedtls_x509write_crt_init(&crt);
+ MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
subject_pwd, mbedtls_test_rnd_std_rand, NULL) == 0);
@@ -390,7 +427,7 @@
if (pk_wrap == 2) {
psa_algorithm_t alg_psa, md_alg_psa;
- md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {
@@ -469,6 +506,9 @@
}
}
+ if (set_subjectAltNames) {
+ TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0);
+ }
ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf),
mbedtls_test_rnd_pseudo_rand, &rnd_info);
TEST_ASSERT(ret == 0);
@@ -577,6 +617,7 @@
TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
exit:
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&issuer_key_alt);
mbedtls_pk_free(&subject_key);
@@ -597,6 +638,7 @@
mbedtls_x509write_cert ctx;
uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
+ USE_PSA_INIT();
memset(invalid_serial, 0x01, sizeof(invalid_serial));
#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
@@ -619,6 +661,7 @@
#else
;
#endif
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -632,6 +675,8 @@
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[1024], out[1024], *c;
+ USE_PSA_INIT();
+
memset(&parsed, 0, sizeof(parsed));
memset(out, 0, sizeof(out));
memset(buf, 0, sizeof(buf));
@@ -665,5 +710,6 @@
parsed_cur = parsed_cur->next;
mbedtls_free(parsed_prv);
}
+ USE_PSA_DONE();
}
/* END_CASE */