Merge pull request #1249 from gilles-peskine-arm/psa-drbg-no-hmac-document
Document that MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not force HMAC
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 9d30412..892ed28 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -9,7 +9,8 @@
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")
- [ ] **changelog** provided, or not required
-- [ ] **backport** done, or not required
+- [ ] **3.6 backport** done, or not required
+- [ ] **2.28 backport** done, or not required
- [ ] **tests** provided, or not required
diff --git a/.gitignore b/.gitignore
index 4f29d5b..6068cbc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,9 @@
seedfile
# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
00000000ffffff52.psa_its
+# Log files created by all.sh to reduce the logs in case a component runs
+# successfully
+quiet-make.*
# CMake build artifacts:
CMakeCache.txt
@@ -67,3 +70,6 @@
compile_commands.json
# clangd index files
/.cache/clangd/index/
+
+# VScode folder to store local debug files and configurations
+.vscode
diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt
index e0e5ade..356931e 100644
--- a/3rdparty/everest/CMakeLists.txt
+++ b/3rdparty/everest/CMakeLists.txt
@@ -8,6 +8,8 @@
target_include_directories(${everest_target}
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/include>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE include/everest
include/everest/kremlib
diff --git a/3rdparty/p256-m/.gitignore b/3rdparty/p256-m/.gitignore
new file mode 100644
index 0000000..f3c7a7c
--- /dev/null
+++ b/3rdparty/p256-m/.gitignore
@@ -0,0 +1 @@
+Makefile
diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt
index 2ef0d48..d3dc813 100644
--- a/3rdparty/p256-m/CMakeLists.txt
+++ b/3rdparty/p256-m/CMakeLists.txt
@@ -8,6 +8,8 @@
PUBLIC $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/p256-m>
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include>
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index fb9e1c3..28d4b83 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -73,10 +73,16 @@
option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT})
-string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}")
-string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
+if (CMAKE_C_SIMULATE_ID)
+ set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
+else()
+ set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
+endif(CMAKE_C_SIMULATE_ID)
+
+string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
+string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
+string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
@@ -184,8 +190,6 @@
set(${dest_var} ${no_ext_name} PARENT_SCOPE)
endfunction(get_name_without_last_ext)
-string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
-
include(CheckCCompilerFlag)
set(CMAKE_C_EXTENSIONS OFF)
@@ -294,6 +298,8 @@
add_subdirectory(library)
+add_subdirectory(tf-psa-crypto)
+
add_subdirectory(pkgconfig)
#
@@ -315,9 +321,42 @@
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
+ if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests
+ COMMAND
+ "${MBEDTLS_PYTHON_EXECUTABLE}"
+ "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py"
+ "--output"
+ "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h"
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py
+ )
+ add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests
+ COMMAND
+ "${MBEDTLS_PYTHON_EXECUTABLE}"
+ "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py"
+ "--output"
+ "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py
+ )
+ add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
+ add_dependencies(mbedtls_test test_keys_header test_certs_header)
+ endif()
target_include_directories(mbedtls_test
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
# Request C11, needed for memory poisoning tests
set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
@@ -328,6 +367,8 @@
target_include_directories(mbedtls_test_helpers
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)
diff --git a/ChangeLog b/ChangeLog
index eae2a19..b691a0f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -144,6 +144,7 @@
* Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3
ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A
malicious client could cause information disclosure or a denial of service.
+ Fixes CVE-2024-30166.
* Passing buffers that are stored in untrusted memory as arguments
to PSA functions is now secure by default.
The PSA core now protects against modification of inputs or exposure
diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt
new file mode 100644
index 0000000..22939df
--- /dev/null
+++ b/ChangeLog.d/9126.txt
@@ -0,0 +1,5 @@
+Default behavior changes
+ * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT &&
+ !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the
+ corresponding PSA mechanism is enabled, since the server provides the
+ crypto. Fixes #9126.
diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt
new file mode 100644
index 0000000..bb5b470
--- /dev/null
+++ b/ChangeLog.d/asn1-missing-guard-in-rsa.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled
+ as soon as MBEDTLS_RSA_C is enabled. Fixes #9041.
diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt
new file mode 100644
index 0000000..8570a11
--- /dev/null
+++ b/ChangeLog.d/check-config.txt
@@ -0,0 +1,9 @@
+Changes
+ * Warn if mbedtls/check_config.h is included manually, as this can
+ lead to spurious errors. Error if a *adjust*.h header is included
+ manually, as this can lead to silently inconsistent configurations,
+ potentially resulting in buffer overflows.
+ When migrating from Mbed TLS 2.x, if you had a custom config.h that
+ included check_config.h, remove this inclusion from the Mbed TLS 3.x
+ configuration file (renamed to mbedtls_config.h). This change was made
+ in Mbed TLS 3.0, but was not announced in a changelog entry at the time.
diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt
new file mode 100644
index 0000000..83b7f2f
--- /dev/null
+++ b/ChangeLog.d/ecdsa-conversion-overflow.txt
@@ -0,0 +1,6 @@
+Security
+ * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
+ mbedtls_ecdsa_raw_to_der() when the bits parameter is larger than the
+ largest supported curve. In some configurations with PSA disabled,
+ all values of bits are affected. This never happens in internal library
+ calls, but can affect applications that call these functions directly.
diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt
new file mode 100644
index 0000000..11e7d25
--- /dev/null
+++ b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix compilation error when memcpy() is a function-like macros. Fixes #8994.
diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt
new file mode 100644
index 0000000..8a406a1
--- /dev/null
+++ b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix rare concurrent access bug where attempting to operate on a
+ non-existent key while concurrently creating a new key could potentially
+ corrupt the key store.
diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt
new file mode 100644
index 0000000..e3c8aec
--- /dev/null
+++ b/ChangeLog.d/fix-psa-cmac.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in
+ CMAC is enabled, but no built-in unauthenticated cipher is enabled.
+ Fixes #9209.
diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt
new file mode 100644
index 0000000..b5c2650
--- /dev/null
+++ b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix issue of redefinition warning messages for _GNU_SOURCE in
+ entropy_poll.c and sha_256.c. There was a build warning during
+ building for linux platform.
+ Resolves #9026
diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt
new file mode 100644
index 0000000..23a46c0
--- /dev/null
+++ b/ChangeLog.d/fix-secure-element-key-creation.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * Fix error handling when creating a key in a dynamic secure element
+ (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
+ the creation could return PSA_SUCCESS but using or destroying the key
+ would not work. Fixes #8537.
diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt
new file mode 100644
index 0000000..2604219
--- /dev/null
+++ b/ChangeLog.d/fix-test-suite-pk-warnings.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled.
+ Fixes #9029.
diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt
new file mode 100644
index 0000000..e4726a4
--- /dev/null
+++ b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix undefined behaviour (incrementing a NULL pointer by zero length) when
+ passing in zero length additional data to multipart AEAD.
diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt
new file mode 100644
index 0000000..d00aa8a
--- /dev/null
+++ b/ChangeLog.d/pk-norsa-warning.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled.
diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
new file mode 100644
index 0000000..39e03b9
--- /dev/null
+++ b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes
+ long. Credit to Cryptofuzz. Fixes #9314.
diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt
new file mode 100644
index 0000000..a3f4b96
--- /dev/null
+++ b/ChangeLog.d/remove-via-padlock-support.txt
@@ -0,0 +1,3 @@
+Removals
+ * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C.
+ Fixes #5903.
diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt
new file mode 100644
index 0000000..8ceef21
--- /dev/null
+++ b/ChangeLog.d/tls13-without-tickets.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix TLS 1.3 client build and runtime when support for session tickets is
+ disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395.
diff --git a/Makefile b/Makefile
index fb80529..74e328a 100644
--- a/Makefile
+++ b/Makefile
@@ -31,7 +31,10 @@
lib:
$(MAKE) -C library
-tests: lib mbedtls_test
+ifndef PSASIM
+tests: lib
+endif
+tests: mbedtls_test
$(MAKE) -C tests
mbedtls_test:
@@ -95,8 +98,9 @@
install: no_test
mkdir -p $(DESTDIR)/include/mbedtls
cp -rp include/mbedtls $(DESTDIR)/include
+ cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include
mkdir -p $(DESTDIR)/include/psa
- cp -rp include/psa $(DESTDIR)/include
+ cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include
mkdir -p $(DESTDIR)/lib
cp -RP library/libmbedtls.* $(DESTDIR)/lib
@@ -167,7 +171,10 @@
if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln
endif
-check: lib tests
+ifndef PSASIM
+check: lib
+endif
+check: tests
$(MAKE) -C tests check
test: check
@@ -197,6 +204,8 @@
3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \
include/*/*.h \
library/*.[hc] \
+ tf-psa-crypto/include/*/*.h \
+ tf-psa-crypto/drivers/builtin/include/*/*.h \
programs/*/*.[hc] \
tests/include/*/*.h tests/include/*/*/*.h \
tests/src/*.c tests/src/*/*.c \
@@ -213,5 +222,7 @@
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
- cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
+ cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \
+ -Itf-psa-crypto/drivers/builtin/include \
+ $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
.PHONY: cscope global
diff --git a/SECURITY.md b/SECURITY.md
index 7ed72de..9506eb9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -128,7 +128,7 @@
- Turn on hardware acceleration for AES. This is supported only on selected
architectures and currently only available for AES. See configuration options
- `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details.
+ `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details.
- Add a secure alternative implementation (typically hardware acceleration) for
the vulnerable cipher. See the [Alternative Implementations
Guide](docs/architecture/alternative-implementations.md) for more information.
diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h
index 19e09d9..be785b7 100644
--- a/configs/config-ccm-psk-dtls1_2.h
+++ b/configs/config-ccm-psk-dtls1_2.h
@@ -23,19 +23,20 @@
* See README.txt for usage instructions.
*/
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_USE_PSA_CRYPTO
+
/* System support */
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
/* Mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_SRV_C
@@ -81,11 +82,6 @@
*/
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
-/* These defines are present so that the config modifying scripts can enable
- * them during tests/scripts/test-ref-configs.pl */
-//#define MBEDTLS_USE_PSA_CRYPTO
-//#define MBEDTLS_PSA_CRYPTO_C
-
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index d49adfd..d8f4f9c 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -22,19 +22,20 @@
* See README.txt for usage instructions.
*/
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_USE_PSA_CRYPTO
+
/* System support */
//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
/* Mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
@@ -72,11 +73,6 @@
*/
#define MBEDTLS_ENTROPY_MAX_SOURCES 2
-/* These defines are present so that the config modifying scripts can enable
- * them during tests/scripts/test-ref-configs.pl */
-//#define MBEDTLS_USE_PSA_CRYPTO
-//#define MBEDTLS_PSA_CRYPTO_C
-
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
deleted file mode 100644
index ddb00b4..0000000
--- a/configs/config-no-entropy.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * \file config-no-entropy.h
- *
- * \brief Minimal configuration of features that do not require an entropy source
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-/*
- * Minimal configuration of features that do not require an entropy source
- * Distinguishing features:
- * - no entropy module
- * - no TLS protocol implementation available due to absence of an entropy
- * source
- *
- * See README.txt for usage instructions.
- */
-
-/* System support */
-#define MBEDTLS_HAVE_ASM
-#define MBEDTLS_HAVE_TIME
-
-/* Mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_SELF_TEST
-#define MBEDTLS_VERSION_FEATURES
-
-/* Mbed TLS modules */
-#define MBEDTLS_AES_C
-#define MBEDTLS_ASN1_PARSE_C
-#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BASE64_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_ERROR_C
-#define MBEDTLS_GCM_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PEM_PARSE_C
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_RSA_C
-/* The library does not currently support enabling SHA-224 without SHA-256.
- * A future version of the library will have this option disabled
- * by default. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
-#define MBEDTLS_VERSION_C
-#define MBEDTLS_X509_USE_C
-#define MBEDTLS_X509_CRT_PARSE_C
-#define MBEDTLS_X509_CRL_PARSE_C
-//#define MBEDTLS_CMAC_C
-
-/* Miscellaneous options */
-#define MBEDTLS_AES_ROM_TABLES
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 9bba6e6..cdea16e 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -21,36 +21,29 @@
* See README.txt for usage instructions.
*/
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_USE_PSA_CRYPTO
+
/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
/* Mbed TLS feature support */
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
/* Mbed TLS modules */
-#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_GCM_C
-#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
@@ -95,11 +88,6 @@
#define MBEDTLS_SSL_IN_CONTENT_LEN 1024
#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024
-/* These defines are present so that the config modifying scripts can enable
- * them during tests/scripts/test-ref-configs.pl */
-//#define MBEDTLS_USE_PSA_CRYPTO
-//#define MBEDTLS_PSA_CRYPTO_C
-
/* Error messages and TLS debugging traces
* (huge code size increase, needed for tests/ssl-opt.sh) */
//#define MBEDTLS_DEBUG_C
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index 512dd76..13e4d26 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -8,70 +8,43 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_USE_PSA_CRYPTO
+
/* System support */
//#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
/* Mbed TLS feature support */
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_CIPHER_MODE_CFB
-#define MBEDTLS_CIPHER_MODE_CTR
-#define MBEDTLS_CIPHER_MODE_OFB
-#define MBEDTLS_CIPHER_MODE_XTS
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
#define MBEDTLS_ERROR_STRERROR_DUMMY
#define MBEDTLS_FS_IO
#define MBEDTLS_ENTROPY_NV_SEED
#define MBEDTLS_SELF_TEST
-#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_VERSION_FEATURES
/* Mbed TLS modules */
-#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BASE64_C
-#define MBEDTLS_CAMELLIA_C
-#define MBEDTLS_ARIA_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CHACHA20_C
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_CMAC_C
#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_DES_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
-#define MBEDTLS_GCM_C
-#define MBEDTLS_HKDF_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_NIST_KW_C
-#define MBEDTLS_MD_C
-#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_PEM_WRITE_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PKCS12_C
#define MBEDTLS_PLATFORM_C
-#define MBEDTLS_POLY1305_C
-#define MBEDTLS_PSA_CRYPTO_C
#define MBEDTLS_PSA_CRYPTO_SE_C
#define MBEDTLS_PSA_CRYPTO_STORAGE_C
#define MBEDTLS_PSA_ITS_FILE_C
-#define MBEDTLS_RIPEMD160_C
-#define MBEDTLS_SHA1_C
-/* The library does not currently support enabling SHA-224 without SHA-256.
- * A future version of the library will have this option disabled
- * by default. */
-#define MBEDTLS_SHA224_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_SHA384_C
-#define MBEDTLS_SHA512_C
+
//#define MBEDTLS_THREADING_C
#define MBEDTLS_TIMING_C
#define MBEDTLS_VERSION_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index 2f81f90..160aded 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -17,15 +17,21 @@
* - no X.509
* - support for experimental EC J-PAKE key exchange
*
+ * To be used in conjunction with configs/crypto-config-thread.h.
* See README.txt for usage instructions.
*/
+#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h"
+
+#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_CRYPTO_CONFIG
+#define MBEDTLS_USE_PSA_CRYPTO
+
/* System support */
#define MBEDTLS_HAVE_ASM
/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@@ -35,23 +41,15 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
/* Mbed TLS modules */
-#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_CCM_C
-#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_CMAC_C
-#define MBEDTLS_ECJPAKE_C
-#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_HMAC_DRBG_C
#define MBEDTLS_MD_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
@@ -69,8 +67,3 @@
/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8
-
-/* These defines are present so that the config modifying scripts can enable
- * them during tests/scripts/test-ref-configs.pl */
-//#define MBEDTLS_USE_PSA_CRYPTO
-//#define MBEDTLS_PSA_CRYPTO_C
diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h
index 7f8d587..68a9c0a 100644
--- a/configs/crypto-config-ccm-aes-sha256.h
+++ b/configs/crypto-config-ccm-aes-sha256.h
@@ -2,7 +2,7 @@
* \file configs/crypto-config-ccm-aes-sha256.h
*
* \brief PSA crypto configuration with only symmetric cryptography: CCM-AES,
- * SHA-256, HMAC and key derivation
+ * SHA-256 and key derivation (uses HMAC).
*/
/*
* Copyright The Mbed TLS Contributors
@@ -13,12 +13,10 @@
#define PSA_CRYPTO_CONFIG_H
#define PSA_WANT_ALG_CCM 1
-#define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_SHA_256 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h
new file mode 100644
index 0000000..f4928e2
--- /dev/null
+++ b/configs/crypto-config-ccm-psk-tls1_2.h
@@ -0,0 +1,25 @@
+/**
+ * \file crypto-config-ccm-psk-tls1_2.h
+ *
+ * \brief Minimal crypto configuration for TLS 1.2 with
+ * PSK and AES-CCM ciphersuites
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * To be used in conjunction with configs/config-ccm-psk-tls1_2.h
+ * or configs/config-ccm-psk-dtls1_2.h. */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+
+#define PSA_WANT_KEY_TYPE_AES 1
+#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
new file mode 100644
index 0000000..ec20919
--- /dev/null
+++ b/configs/crypto-config-suite-b.h
@@ -0,0 +1,41 @@
+/**
+ * \file crypto-config-symmetric-only.h
+ *
+ * \brief \brief Minimal crypto configuration for
+ * TLS NSA Suite B Profile (RFC 6460).
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460)
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - optimized for low RAM usage
+ *
+ * Possible improvements:
+ * - if 128-bit security is enough, disable secp384r1 and SHA-512
+ *
+ * To be used in conjunction with configs/config-suite-b.h. */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_ECDH 1
+#define PSA_WANT_ALG_ECDSA 1
+#define PSA_WANT_ALG_GCM 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_SHA_384 1
+#define PSA_WANT_ALG_SHA_512 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+#define PSA_WANT_ECC_SECP_R1_384 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h
new file mode 100644
index 0000000..5d6bf85
--- /dev/null
+++ b/configs/crypto-config-symmetric-only.h
@@ -0,0 +1,58 @@
+/**
+ * \file crypto-config-symmetric-only.h
+ *
+ * \brief Crypto configuration without any asymmetric cryptography.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * To be used in conjunction with configs/config-symmetric-only.h. */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CBC_NO_PADDING 1
+#define PSA_WANT_ALG_CBC_PKCS7 1
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
+#define PSA_WANT_ALG_CFB 1
+#define PSA_WANT_ALG_CHACHA20_POLY1305 1
+#define PSA_WANT_ALG_CMAC 1
+#define PSA_WANT_ALG_CTR 1
+#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_ALG_GCM 1
+#define PSA_WANT_ALG_HKDF 1
+#define PSA_WANT_ALG_HKDF_EXTRACT 1
+#define PSA_WANT_ALG_HKDF_EXPAND 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_ALG_MD5 1
+#define PSA_WANT_ALG_OFB 1
+#define PSA_WANT_ALG_RIPEMD160 1
+#define PSA_WANT_ALG_SHA_1 1
+#define PSA_WANT_ALG_STREAM_CIPHER 1
+#define PSA_WANT_ALG_SHA_224 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_SHA_384 1
+#define PSA_WANT_ALG_SHA_512 1
+#define PSA_WANT_ALG_SHA3_224 1
+#define PSA_WANT_ALG_SHA3_256 1
+#define PSA_WANT_ALG_SHA3_384 1
+#define PSA_WANT_ALG_SHA3_512 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
+
+/* XTS is not yet supported via the PSA API in Mbed TLS. */
+//#define PSA_WANT_ALG_XTS 1
+
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_KEY_TYPE_ARIA 1
+#define PSA_WANT_KEY_TYPE_CAMELLIA 1
+#define PSA_WANT_KEY_TYPE_CHACHA20 1
+#define PSA_WANT_KEY_TYPE_DES 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+
+#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
new file mode 100644
index 0000000..3c5fe24
--- /dev/null
+++ b/configs/crypto-config-thread.h
@@ -0,0 +1,47 @@
+/**
+ * \file crypto-config-thread.h
+ *
+ * \brief Minimal crypto configuration for using TLS as part of Thread
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/**
+ * Minimal crypto configuration for using TLS as part of Thread
+ * http://threadgroup.org/
+ *
+ * Distinguishing features:
+ * - no RSA or classic DH, fully based on ECC
+ * - no X.509
+ * - support for experimental EC J-PAKE key exchange
+ * - support for PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching
+ * algorithm.
+ *
+ * To be used in conjunction with configs/config-thread.h.
+ * See README.txt for usage instructions.
+ */
+
+#ifndef PSA_CRYPTO_CONFIG_H
+#define PSA_CRYPTO_CONFIG_H
+
+#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_ECB_NO_PADDING 1
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_ALG_JPAKE 1
+#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1
+#define PSA_WANT_ALG_SHA_256 1
+#define PSA_WANT_ALG_TLS12_PRF 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ECC_SECP_R1_256 1
+
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
+#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
+
+#endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
index ecdecea..0e7bc68 100644
--- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h
+++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h
@@ -56,7 +56,6 @@
*
* Required by:
* MBEDTLS_AESNI_C
- * MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/
diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md
index eacdea7..549d47c 100644
--- a/docs/architecture/alternative-implementations.md
+++ b/docs/architecture/alternative-implementations.md
@@ -46,7 +46,7 @@
Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`.
-* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
+* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`.
* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`.
* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`.
* If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set.
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index d7e4f9c..0954602 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -86,7 +86,7 @@
* [ ] `tests/suites/test_suite_psa_crypto_metadata.data` — [New functions and macros](#new-functions-and-macros)
* (If adding `PSA_IS_xxx`) `tests/suites/test_suite_psa_crypto_metadata.function` — [New functions and macros](#new-functions-and-macros)
* [ ] `tests/suites/test_suite_psa_crypto*.data`, `tests/suites/test_suite_psa_crypto*.function` — [Unit tests](#unit-tests)
-* [ ] `scripts/mbedtls_dev/crypto_knowledge.py`, `scripts/mbedtls_dev/asymmetric_key_data.py` — [Unit tests](#unit-tests)
+* [ ] `framework/scripts/mbedtls_framework/crypto_knowledge.py`, `framework/scripts/mbedtls_framework/asymmetric_key_data.py` — [Unit tests](#unit-tests)
* [ ] `ChangeLog.d/*.txt` — changelog entry
Summary of files to modify when adding new API functions:
@@ -153,7 +153,7 @@
### Unit tests
-A number of unit tests are automatically generated by `tests/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`:
+A number of unit tests are automatically generated by `framework/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`:
* Attempt to create a key with a key type that is not supported.
* Attempt to perform an operation with a combination of key type and algorithm that is not valid or not supported.
@@ -161,8 +161,8 @@
When adding a new key type or algorithm:
-* `scripts/mbedtls_dev/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms.
-* `scripts/mbedtls_dev/asymmetric_key_data.py` contains valid key data for asymmetric key types.
+* `framework/scripts/mbedtls_framework/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms.
+* `framework/scripts/mbedtls_framework/asymmetric_key_data.py` contains valid key data for asymmetric key types.
Other things need to be tested manually, either in `tests/suites/test_sutie_psa_crypto.data` or in another file. For example (this is not an exhaustive list):
diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh
index 1805a3c..bbcdffd 100755
--- a/docs/architecture/psa-migration/outcome-analysis.sh
+++ b/docs/architecture/psa-migration/outcome-analysis.sh
@@ -27,7 +27,7 @@
cleanup() {
make clean
- git checkout -- include/mbedtls/mbedtls_config.h include/psa/crypto_config.h
+ git checkout -- include/mbedtls/mbedtls_config.h tf-psa-crypto/include/psa/crypto_config.h
}
record() {
diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md
index ef3a6b0..283ffc6 100644
--- a/docs/architecture/psa-shared-memory.md
+++ b/docs/architecture/psa-shared-memory.md
@@ -663,7 +663,7 @@
There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call.
-The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `tests/scripts/generate_psa_wrappers.py`.
+The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`.
Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoison the parameters to the functions.
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md
index 380fd39..5fc5e18 100644
--- a/docs/architecture/testing/driver-interface-test-strategy.md
+++ b/docs/architecture/testing/driver-interface-test-strategy.md
@@ -114,7 +114,7 @@
A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering.
-## Transparent driver interface testing
+## Unified driver interface testing
The [unified driver interface](../../proposed/psa-driver-interface.md) defines interfaces for accelerators.
@@ -128,6 +128,470 @@
The driver interface includes a fallback mechanism so that a driver can reject a request at runtime and let another driver handle the request. For each entry point, there must be at least three test runs with two or more drivers available with driver A configured to fall back to driver B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED` and B is invoked, and one where A returns a different error and B is not invoked.
-## Entropy and randomness interface testing
+### Test drivers
-TODO
+We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present
+in the usual config files, must be defined on the command line or in a custom
+config file). Those test drivers are implemented in `tests/src/drivers/*.c`
+and their API is declared in `tests/include/test/drivers/*.h`.
+
+We have two test driver registered: `mbedtls_test_opaque_driver` and
+`mbedtls_test_transparent_driver`. These are described in
+`scripts/data_files/driver_jsons/mbedtls_test_xxx_driver.json` (as much as our
+JSON support currently allows). Each of the drivers can potentially implement
+support for several mechanism; conversely, each of the file mentioned in the
+previous paragraph can potentially contribute to both the opaque and the
+transparent test driver.
+
+Each entry point is instrumented to record the number of hits for each part of
+the driver (same division as the files) and the status of the last call. It is
+also possible to force the next call to return a specified status, and
+sometimes more things can be forced: see the various
+`mbedtls_test_driver_XXX_hooks_t` structures declared by each driver (and
+subsections below).
+
+The drivers can use one of two back-ends:
+- internal: this requires the built-in implementation to be present.
+- libtestdriver1: this allows the built-in implementation to be omitted from
+ the build.
+
+Historical note: internal was initially the only back-end; then support for
+libtestdriver1 was added gradually. Support for libtestdriver1 is now complete
+(see following sub-sections), so we could remove internal now. Note it's
+useful to have builds with both a driver and the built-in, in order to test
+fallback to built-in, which is currently done only with internal, but this can
+be achieved with libtestdriver1 just as well.
+
+Note on instrumentation: originally, when only the internal backend was
+available, hits were how we knew that the driver was called, as opposed to
+directly calling the built-in code. With libtestdriver1, we can check that by
+ensuring that the built-in code is not present, so if the operation gives the
+correct result, only a driver call can have calculated that result. So,
+nowadays there is low value in checking the hit count. There is still some
+value for hit counts, e.g. checking that we don't call a multipart entry point
+when we intended to call the one-shot entry point, but it's limited.
+
+Note: our test drivers tend to provide all possible entry points (with a few
+exceptions that may not be intentional, see the next sections). However, in
+some cases, when an entry point is not available, the core is supposed to
+implement it using other entry points, for example:
+- `mac_verify` may use `mac_compute` if the driver does no provide verify;
+- for things that have both one-shot and multi-part API, the driver can
+ provide only the multi-part entry points, and the core is supposed to
+implement one-shot on top of it (but still call the one-shot entry points when
+they're available);
+- `sign/verify_message` can be implemented on top of `sign/verify_hash` for
+ some algorithms;
+- (not sure if the list is exhaustive).
+
+Ideally, we'd want build options for the test drivers so that we can test with
+different combinations of entry points present, and make sure the core behaves
+appropriately when some entry points are absent but other entry points allow
+implementing the operation. This will remain hard to test until we have proper
+support for JSON-defined drivers with auto-generation of dispatch code.
+(The `MBEDTLS_PSA_ACCEL_xxx` macros we currently use are not expressive enough
+to specify which entry points are supported for a given mechanism.)
+
+Our implementation of PSA Crypto is structured in a way that the built-in
+implementation of each operation follows the driver API, see
+[`../architecture/psa-crypto-implementation-structure.md`](../architecture/psa-crypto-implementation-structure.html).
+This makes implementing the test drivers very easy: each entry point has a
+corresponding `mbedtls_psa_xxx()` function that it can call as its
+implementation - with the `libtestdriver1` back-end the function is called
+`libtestdriver1_mbedtls_psa_xxx()` instead.
+
+A nice consequence of that strategy is that when an entry point has
+test-driver support, most of the time, it automatically works for all
+algorithms and key types supported by the library. (The exception being when
+the driver needs to call a different function for different key types, as is
+the case with some asymmetric key management operations.) (Note: it's still
+useful to test drivers in configurations with partial algorithm support, and
+that can still be done by configuring libtestdriver1 and the main library as
+desired.)
+
+The renaming process for `libtestdriver1` is implemented as a few Perl regexes
+applied to a copy of the library code, see the `libtestdriver1.a` target in
+`tests/Makefile`. Another modification that's done to this copy is appending
+`tests/include/test/drivers/crypto_config_test_driver_extension.h` to
+`psa/crypto_config.h`. This file reverses the `ACCEL`/`BUILTIN` macros so that
+`libtestdriver1` includes as built-in what the main `libmbedcrypto.a` will
+have accelerated; see that file's initial comment for details. See also
+`helper_libtestdriver1_` functions and the preceding comment in `all.sh` for
+how libtestdriver is used in practice.
+
+This general framework needs specific code for each family of operations. At a
+given point in time, not all operations have the same level of support. The
+following sub-sections describe the status of the test driver support, mostly
+following the structure and order of sections 9.6 and 10.2 to 10.10 of the
+[PSA Crypto standard](https://arm-software.github.io/psa-api/crypto/1.1/) as
+that is also a natural division for implementing test drivers (that's how the
+code is divided into files).
+
+#### Key management
+
+The following entry points are declared in `test/drivers/key_management.h`:
+
+- `"init"` (transparent and opaque)
+- `"generate_key"` (transparent and opaque)
+- `"export_public_key"` (transparent and opaque)
+- `"import_key"` (transparent and opaque)
+- `"export_key"` (opaque only)
+- `"get_builtin_key"` (opaque only)
+- `"copy_key"` (opaque only)
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque's driver implementation status is as follows:
+- `"generate_key"`: not implemented, always returns `NOT_SUPPORTED`.
+- `"export_public_key"`: implemented only for ECC and RSA keys, both backends.
+- `"import_key"`: implemented except for DH keys, both backends.
+- `"export_key"`: implemented for built-in keys (ECC and AES), and for
+ non-builtin keys except DH keys. (Backend not relevant.)
+- `"get_builtin_key"`: implemented - provisioned keys: AES-128 and ECC
+ secp2456r1. (Backend not relevant.)
+- `"copy_key"`: implemented - emulates a SE without storage. (Backend not
+ relevant.)
+
+Note: the `"init"` entry point is not part of the "key management" family, but
+listed here as it's declared and implemented in the same file. With the
+transparent driver and the libtestdriver1 backend, it calls
+`libtestdriver1_psa_crypto_init()`, which partially but not fully ensures
+that this entry point is called before other entry points in the test drivers.
+With the opaque driver, this entry point just does nothing an returns success.
+
+The following entry points are defined by the driver interface but missing
+from our test drivers:
+- `"allocate_key"`, `"destroy_key"`: this is for opaque drivers that store the
+ key material internally.
+
+Note: the instrumentation also allows forcing the output and its length.
+
+#### Message digests (Hashes)
+
+The following entry points are declared (transparent only):
+- `"hash_compute"`
+- `"hash_setup"`
+- `"hash_clone"`
+- `"hash_update"`
+- `"hash_finish"`
+- `"hash_abort"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+This familly is not part of the opaque driver as it doesn't use keys.
+
+#### Message authentication codes (MAC)
+
+The following entry points are declared (transparent and opaque):
+- `"mac_compute"`
+- `"mac_sign_setup"`
+- `"mac_verify_setup"`
+- `"mac_update"`
+- `"mac_sign_finish"`
+- `"mac_verify_finish"`
+- `"mac_abort"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver only implements the instrumentation but not the actual
+operations: entry points will always return `NOT_SUPPORTED`, unless another
+status is forced.
+
+The following entry points are not implemented:
+- `mac_verify`: this mostly makes sense for opaque drivers; the core will fall
+ back to using `"mac_compute"` if this is not implemented. So, perhaps
+ideally we should test both with `"mac_verify"` implemented and with it not
+implemented? Anyway, we have a test gap here.
+
+#### Unauthenticated ciphers
+
+The following entry points are declared (transparent and opaque):
+- `"cipher_encrypt"`
+- `"cipher_decrypt"`
+- `"cipher_encrypt_setup"`
+- `"cipher_decrypt_setup"`
+- `"cipher_set_iv"`
+- `"cipher_update"`
+- `"cipher_finish"`
+- `"cipher_abort"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver is not implemented at all, neither instumentation nor the
+operation: entry points always return `NOT_SUPPORTED`.
+
+Note: the instrumentation also allows forcing a specific output and output
+length.
+
+#### Authenticated encryption with associated data (AEAD)
+
+The following entry points are declared (transparent only):
+- `"aead_encrypt"`
+- `"aead_decrypt"`
+- `"aead_encrypt_setup"`
+- `"aead_decrypt_setup"`
+- `"aead_set_nonce"`
+- `"aead_set_lengths"`
+- `"aead_update_ad"`
+- `"aead_update"`
+- `"aead_finish"`
+- `"aead_verify"`
+- `"aead_abort"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver does not implement or even declare entry points for this
+family.
+
+Note: the instrumentation records the number of hits per entry point, not just
+the total number of hits for this family.
+
+#### Key derivation
+
+Not covered at all by the test drivers.
+
+That's a test gap which reflects a feature gap: the driver interface does
+define a key derivation family of entry points, but we don't currently
+implement that part of the driver interface, see #5488 and related issues.
+
+#### Asymmetric signature
+
+The following entry points are declared (transparent and opaque):
+
+- `"sign_message"`
+- `"verify_message"`
+- `"sign_hash"`
+- `"verify_hash"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver is not implemented at all, neither instumentation nor the
+operation: entry points always return `NOT_SUPPORTED`.
+
+Note: the instrumentation also allows forcing a specific output and output
+length, and has two instance of the hooks structure: one for sign, the other
+for verify.
+
+Note: when a driver implements only the `"xxx_hash"` entry points, the core is
+supposed to implement the `psa_xxx_message()` functions by computing the hash
+itself before calling the `"xxx_hash"` entry point. Since the test driver does
+implement the `"xxx_message"` entry point, it's not exercising that part of
+the core's expected behaviour.
+
+#### Asymmetric encryption
+
+The following entry points are declared (transparent and opaque):
+
+- `"asymmetric_encrypt"`
+- `"asymmetric_decrypt"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver implements the declared entry points, and can use any
+backend: internal or libtestdriver1. However it does not implement the
+instrumentation (hits, forced output/status), as this [was not an immediate
+priority](https://github.com/Mbed-TLS/mbedtls/pull/8700#issuecomment-1892466159).
+
+Note: the instrumentation also allows forcing a specific output and output
+length.
+
+#### Key agreement
+
+The following entry points are declared (transparent and opaque):
+
+- `"key_agreement"`
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver is not implemented at all, neither instumentation nor the
+operation: entry points always return `NOT_SUPPORTED`.
+
+Note: the instrumentation also allows forcing a specific output and output
+length.
+
+#### Other cryptographic services (Random number generation)
+
+Not covered at all by the test drivers.
+
+The driver interface defines a `"get_entropy"` entry point, as well as a
+"Random generation" family of entry points. None of those are currently
+implemented in the library. Part of it will be planned for 4.0, see #8150.
+
+#### PAKE extension
+
+The following entry points are declared (transparent only):
+- `"pake_setup"`
+- `"pake_output"`
+- `"pake_input"`
+- `"pake_get_implicit_key"`
+- `"pake_abort"`
+
+Note: the instrumentation records hits per entry point and allows forcing the
+output and its length, as well as forcing the status of setup independently
+from the others.
+
+The transparent driver fully implements the declared entry points, and can use
+any backend: internal or libtestdriver1.
+
+The opaque driver does not implement or even declare entry points for this
+family.
+
+### Driver wrapper test suite
+
+We have a test suite dedicated to driver dispatch, which takes advantage of the
+instrumentation in the test drivers described in the previous section, in
+order to check that drivers are called when they're supposed to, and that the
+core behaves as expected when they return errors (in particular, that we fall
+back to the built-in implementation when the driver returns `NOT_SUPPORTED`).
+
+This is `test_suite_psa_crypto_driver_wrappers`, which is maintained manually
+(that is, the test cases in the `.data` files are not auto-generated). The
+entire test suite depends on the test drivers being enabled
+(`PSA_CRYPTO_DRIVER_TEST`), which is not the case in the default or full
+config.
+
+The test suite is focused on driver usage (mostly by checking the expected
+number of hits) but also does some validation of the results: for
+deterministic algorithms, known-answers tests are used, and for the rest, some
+consistency checks are done (more or less detailled depending on the algorithm
+and build configuration).
+
+#### Configurations coverage
+
+The driver wrappers test suite has cases that expect both the driver and the
+built-in to be present, and also cases that expect the driver to be present
+but not the built-in. As such, it's impossible for a single configuration to
+run all test cases, and we need at least two: driver+built-in, and
+driver-only.
+
+- The driver+built-in case is covered by `test_psa_crypto_drivers` in `all.sh`.
+This covers all areas (key types and algs) at once.
+- The driver-only case is split into multiple `all.sh` components whose names
+ start with `test_psa_crypto_config_accel`; we have one or more component per
+area, see below.
+
+Here's a summary of driver-only coverage, grouped by families of key types.
+
+Hash (key types: none)
+- `test_psa_crypto_config_accel_hash`: all algs, default config, no parity
+ testing.
+- `test_psa_crypto_config_accel_hash_use_psa`: all algs, full config, with
+ parity testing.
+
+HMAC (key type: HMAC)
+- `test_psa_crypto_config_accel_hmac`: all algs, full config except a few
+ exclusions (PKCS5, PKCS7, HMAC-DRBG, legacy HKDF, deterministic ECDSA), with
+parity testing.
+
+Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA):
+- `test_psa_crypto_config_accel_cipher_aead_cmac`: all key types and algs, full
+ config with a few exclusions (NIST-KW), with parity testing.
+- `test_psa_crypto_config_accel_des`: only DES (with all algs), full
+ config, no parity testing.
+- `test_psa_crypto_config_accel_aead`: only AEAD algs (with all relevant key
+ types), full config, no parity testing.
+
+Key derivation (key types: `DERIVE`, `RAW_DATA`, `PASSWORD`, `PEPPER`,
+`PASSWORD_HASH`):
+- No testing as we don't have driver support yet (see previous section).
+
+RSA (key types: `RSA_KEY_PAIR_xxx`, `RSA_PUBLIC_KEY`):
+- `test_psa_crypto_config_accel_rsa_crypto`: all 4 algs (encryption &
+ signature, v1.5 & v2.1), config `crypto_full`, with parity testing excluding
+PK.
+
+DH (key types: `DH_KEY_PAIR_xxx`, `DH_PUBLIC_KEY`):
+- `test_psa_crypto_config_accel_ffdh`: all key types and algs, full config,
+ with parity testing.
+- `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: with also bignum removed.
+
+ECC (key types: `ECC_KEY_PAIR_xxx`, `ECC_PUBLIC_KEY`):
+- Single algorithm accelerated (both key types, all curves):
+ - `test_psa_crypto_config_accel_ecdh`: default config, no parity testing.
+ - `test_psa_crypto_config_accel_ecdsa`: default config, no parity testing.
+ - `test_psa_crypto_config_accel_pake`: full config, no parity testing.
+- All key types, algs and curves accelerated (full config with exceptions,
+ with parity testing):
+ - `test_psa_crypto_config_accel_ecc_ecp_light_only`: `ECP_C` mostly disabled
+ - `test_psa_crypto_config_accel_ecc_no_ecp_at_all`: `ECP_C` fully disabled
+ - `test_psa_crypto_config_accel_ecc_no_bignum`: `BIGNUM_C` disabled (DH disabled)
+ - `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: `BIGNUM_C` disabled (DH accelerated)
+- Other - all algs accelerated but only some algs/curves (full config with
+ exceptions, no parity testing):
+ - `test_psa_crypto_config_accel_ecc_some_key_types`
+ - `test_psa_crypto_config_accel_ecc_non_weierstrass_curves`
+ - `test_psa_crypto_config_accel_ecc_weierstrass_curves`
+
+Note: `analyze_outcomes.py` provides a list of test cases that are not
+executed in any configuration tested on the CI. We're missing driver-only HMAC
+testing, but no test is flagged as never executed there; this reveals we don't
+have "fallback not available" cases for MAC, see #8565.
+
+#### Test case coverage
+
+Since `test_suite_psa_crypto_driver_wrappers.data` is maintained manually,
+we need to make sure it exercises all the cases that need to be tested. In the
+future, this file should be generated in order to ensure exhaustiveness.
+
+In the meantime, one way to observe (lack of) completeness is to look at line
+coverage in test driver implementaitons - this doesn't reveal all gaps, but it
+does reveal cases where we thought about something when writing the test
+driver, but not when writing test functions/data.
+
+Key management:
+- `mbedtls_test_transparent_generate_key()` is not tested with RSA keys.
+- `mbedtls_test_transparent_import_key()` is not tested with DH keys.
+- `mbedtls_test_opaque_import_key()` is not tested with unstructured keys nor
+ with RSA keys (nor DH keys since that's not implemented).
+- `mbedtls_test_opaque_export_key()` is not tested with non-built-in keys.
+- `mbedtls_test_transparent_export_public_key()` is not tested with RSA or DH keys.
+- `mbedtls_test_opaque_export_public_key()` is not tested with non-built-in keys.
+- `mbedtls_test_opaque_copy_key()` is not tested at all.
+
+Hash:
+- `mbedtls_test_transparent_hash_finish()` is not tested with a forced status.
+
+MAC:
+- The following are not tested with a forced status:
+ - `mbedtls_test_transparent_mac_sign_setup()`
+ - `mbedtls_test_transparent_mac_verify_setup()`
+ - `mbedtls_test_transparent_mac_update()`
+ - `mbedtls_test_transparent_mac_verify_finish()`
+ - `mbedtls_test_transparent_mac_abort()`
+- No opaque entry point is tested (they're not implemented either).
+
+Cipher:
+- The following are not tested with a forced status nor with a forced output:
+ - `mbedtls_test_transparent_cipher_encrypt()`
+ - `mbedtls_test_transparent_cipher_finish()`
+- No opaque entry point is tested (they're not implemented either).
+
+AEAD:
+- The following are not tested with a forced status:
+ - `mbedtls_test_transparent_aead_set_nonce()`
+ - `mbedtls_test_transparent_aead_set_lengths()`
+ - `mbedtls_test_transparent_aead_update_ad()`
+ - `mbedtls_test_transparent_aead_update()`
+ - `mbedtls_test_transparent_aead_finish()`
+ - `mbedtls_test_transparent_aead_verify()`
+- `mbedtls_test_transparent_aead_verify()` is not tested with an invalid tag
+ (though it might be in another test suite).
+
+Signature:
+- `sign_hash()` is not tested with RSA-PSS
+- No opaque entry point is tested (they're not implemented either).
+
+Key agreement:
+- `mbedtls_test_transparent_key_agreement()` is not tested with FFDH.
+- No opaque entry point is tested (they're not implemented either).
+
+PAKE:
+- All lines are covered.
diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md
index 4095d8e..5d950b0 100644
--- a/docs/driver-only-builds.md
+++ b/docs/driver-only-builds.md
@@ -277,6 +277,11 @@
`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and
removing builtin support (i.e. `MBEDTLS_DHM_C`).
+Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the
+Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer
+of Mbed TLS only supports DHE cipher suites if built-in FFDH
+(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled.
+
RSA
---
diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md
index 92d0985..f2983bd 100644
--- a/docs/use-psa-crypto.md
+++ b/docs/use-psa-crypto.md
@@ -75,13 +75,8 @@
**Benefits:** isolation of long-term secrets, use of PSA Crypto drivers.
-**Limitations:** can only wrap a key pair, can only use it for private key
-operations. (That is, signature generation, and for RSA decryption too.)
-Note: for ECDSA, currently this uses randomized ECDSA while Mbed TLS uses
-deterministic ECDSA by default. The following operations are not supported
-with a context set this way, while they would be available with a normal
-context: `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`, all public key
-operations.
+**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()`
+for a full list of supported operations and limitations.
**Use in X.509 and TLS:** opt-in. The application needs to construct the PK context
using the new API in order to get the benefits; it can then pass the
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index c4505ac..1e494a0 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -6,7 +6,7 @@
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
CASE_SENSE_NAMES = NO
-INPUT = ../include input ../tests/include/alt-dummy
+INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy
FILE_PATTERNS = *.h
RECURSIVE = YES
EXCLUDE_SYMLINKS = YES
@@ -21,7 +21,7 @@
GENERATE_XML = YES
MACRO_EXPANSION = YES
EXPAND_ONLY_PREDEF = YES
-INCLUDE_PATH = ../include
+INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include
EXPAND_AS_DEFINED = MBEDTLS_PRIVATE
CLASS_DIAGRAMS = NO
HAVE_DOT = YES
diff --git a/framework b/framework
index 750634d..29e8dce 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 750634d3a51eb9d61b59fd5d801546927c946588
+Subproject commit 29e8dce54a1041e22489f713cc8c44f700fafcec
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index e11e271..755efed 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -3,20 +3,13 @@
if(INSTALL_MBEDTLS_HEADERS)
file(GLOB headers "mbedtls/*.h")
- file(GLOB psa_headers "psa/*.h")
install(FILES ${headers}
DESTINATION include/mbedtls
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-
- install(FILES ${psa_headers}
- DESTINATION include/psa
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
-
endif(INSTALL_MBEDTLS_HEADERS)
# Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it.
if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
- link_to_source(psa)
endif()
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index eab167f..cf38f90 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -101,6 +101,13 @@
#define inline __inline
#endif
+#if defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!"
+#endif
+#if defined(MBEDTLS_CONFIG_IS_FINALIZED)
+#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!"
+#endif
+
/* X.509, TLS and non-PSA crypto configuration */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/mbedtls_config.h"
@@ -135,6 +142,12 @@
#endif
#endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
+/* Indicate that all configuration files have been read.
+ * It is now time to adjust the configuration (follow through on dependencies,
+ * make PSA and legacy crypto consistent, etc.).
+ */
+#define MBEDTLS_CONFIG_FILES_READ
+
/* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined
* to ensure a 128-bit key size in CTR_DRBG.
@@ -169,8 +182,13 @@
#include "mbedtls/config_adjust_ssl.h"
-/* Make sure all configuration symbols are set before including check_config.h,
- * even the ones that are calculated programmatically. */
+/* Indicate that all configuration symbols are set,
+ * even the ones that are calculated programmatically.
+ * It is now safe to query the configuration (to check it, to size buffers,
+ * etc.).
+ */
+#define MBEDTLS_CONFIG_IS_FINALIZED
+
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index b3c038d..67a05f8 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -2,6 +2,13 @@
* \file check_config.h
*
* \brief Consistency checks for configuration options
+ *
+ * This is an internal header. Do not include it directly.
+ *
+ * This header is included automatically by all public Mbed TLS headers
+ * (via mbedtls/build_info.h). Do not include it directly in a configuration
+ * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE!
+ * It would run at the wrong time due to missing derived symbols.
*/
/*
* Copyright The Mbed TLS Contributors
@@ -12,6 +19,13 @@
#define MBEDTLS_CHECK_CONFIG_H
/* *INDENT-OFF* */
+
+#if !defined(MBEDTLS_CONFIG_IS_FINALIZED)
+#warning "Do not include mbedtls/check_config.h manually! " \
+ "This may cause spurious errors. " \
+ "It is included automatically at the right point since Mbed TLS 3.0."
+#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */
+
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 9b06041..7dafbae 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_crypto.h
* \brief Adjust legacy configuration configuration
*
+ * This is an internal header. Do not include it directly.
+ *
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@@ -22,6 +24,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
*
@@ -48,7 +58,8 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG))
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC))
#define MBEDTLS_CIPHER_C
#endif
@@ -293,6 +304,14 @@
#define MBEDTLS_ECP_LIGHT
#endif
+/* Backward compatibility: after #8740 the RSA module offers functions to parse
+ * and write RSA private/public keys without relying on the PK one. Of course
+ * this needs ASN1 support to do so, so we enable it here. */
+#if defined(MBEDTLS_RSA_C)
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#endif
+
/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while
* in previous version compressed points were automatically supported as long
* as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h
index 3456615..14ca146 100644
--- a/include/mbedtls/config_adjust_psa_from_legacy.h
+++ b/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_psa_from_legacy.h
* \brief Adjust PSA configuration: construct PSA configuration from legacy
*
+ * This is an internal header. Do not include it directly.
+ *
* When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable
* cryptographic mechanisms through the PSA interface when the corresponding
* legacy mechanism is enabled. In many cases, this just enables the PSA
@@ -18,6 +20,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/*
* Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
* is not defined
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 39c7b3b..309524a 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_ssl.h
* \brief Adjust TLS configuration
*
+ * This is an internal header. Do not include it directly.
+ *
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@@ -22,6 +24,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H
#define MBEDTLS_CONFIG_ADJUST_SSL_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/* The following blocks make it easier to disable all of TLS,
* or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all
* key exchanges, options and extensions related to them. */
diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h
index 346c8ae..c063251 100644
--- a/include/mbedtls/config_adjust_x509.h
+++ b/include/mbedtls/config_adjust_x509.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_x509.h
* \brief Adjust X.509 configuration
*
+ * This is an internal header. Do not include it directly.
+ *
* Automatically enable certain dependencies. Generally, MBEDLTS_xxx
* configurations need to be explicitly enabled by the user: enabling
* MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a
@@ -22,4 +24,12 @@
#ifndef MBEDTLS_CONFIG_ADJUST_X509_H
#define MBEDTLS_CONFIG_ADJUST_X509_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 871d54e..b55ad54 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -40,12 +40,10 @@
* library/aria.c
* library/bn_mul.h
* library/constant_time.c
- * library/padlock.h
*
* Required by:
* MBEDTLS_AESCE_C
* MBEDTLS_AESNI_C (on some platforms)
- * MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
*/
@@ -3011,20 +3009,6 @@
#define MBEDTLS_OID_C
/**
- * \def MBEDTLS_PADLOCK_C
- *
- * Enable VIA Padlock support on x86.
- *
- * Module: library/padlock.c
- * Caller: library/aes.c
- *
- * Requires: MBEDTLS_HAVE_ASM
- *
- * This modules adds support for the VIA PadLock on x86.
- */
-#define MBEDTLS_PADLOCK_C
-
-/**
* \def MBEDTLS_PEM_PARSE_C
*
* Enable PEM decoding / parsing.
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 172d469..3781b51 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -644,7 +644,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
defined(MBEDTLS_SSL_SESSION_TICKETS) && \
defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \
- defined(MBEDTLS_MD_CAN_SHA384)
+ defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */
#else
#define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
@@ -1156,7 +1156,7 @@
#if defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32
-#elif defined(MBEDTLS_MD_CAN_SHA384)
+#elif defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48
#elif defined(MBEDTLS_MD_CAN_SHA1)
@@ -2364,7 +2364,7 @@
*/
int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
int *enabled,
- unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX],
size_t *own_cid_len);
/**
@@ -3216,16 +3216,16 @@
* a full handshake.
*
* \note This function can handle a variety of mechanisms for session
- * resumption: For TLS 1.2, both session ID-based resumption and
- * ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and loading
- * one or more sessions via this call will lead to their
- * corresponding tickets being advertised as resumption PSKs
- * by the client.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
+ * resumption: For TLS 1.2, both session ID-based resumption
+ * and ticket-based resumption will be considered. For TLS 1.3,
+ * sessions equate to tickets, and loading one session by
+ * calling this function will lead to its corresponding ticket
+ * being advertised as resumption PSK by the client. This
+ * depends on session tickets being enabled (see
+ * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though.
+ * If session tickets are disabled, a call to this function
+ * with a TLS 1.3 session, will not have any effect on the next
+ * handshake for the SSL context \p ssl.
*
* \param ssl The SSL context representing the connection which should
* be attempted to be setup using session resumption. This
@@ -3240,9 +3240,10 @@
*
* \return \c 0 if successful.
* \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session
- * could not be loaded because of an implementation limitation.
- * This error is non-fatal, and has no observable effect on
- * the SSL context or the session that was attempted to be loaded.
+ * could not be loaded because one session has already been
+ * loaded. This error is non-fatal, and has no observable
+ * effect on the SSL context or the session that was attempted
+ * to be loaded.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_get_session()
@@ -3309,8 +3310,16 @@
* to determine the necessary size by calling this function
* with \p buf set to \c NULL and \p buf_len to \c 0.
*
+ * \note For TLS 1.3 sessions, this feature is supported only if the
+ * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled,
+ * as in TLS 1.3 session resumption is possible only with
+ * tickets.
+ *
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+ * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the
+ * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled
+ * and the session is a TLS 1.3 session.
*/
int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
unsigned char *buf,
@@ -4837,23 +4846,16 @@
* \note This function can handle a variety of mechanisms for session
* resumption: For TLS 1.2, both session ID-based resumption and
* ticket-based resumption will be considered. For TLS 1.3,
- * once implemented, sessions equate to tickets, and calling
- * this function multiple times will export the available
- * tickets one a time until no further tickets are available,
- * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will
- * be returned.
- *
- * \note Calling this function multiple times will only be useful
- * once TLS 1.3 is supported. For TLS 1.2 connections, this
- * function should be called at most once.
+ * sessions equate to tickets, and if session tickets are
+ * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration
+ * option), this function exports the last received ticket and
+ * the exported session may be used to resume the TLS 1.3
+ * session. If session tickets are disabled, exported sessions
+ * cannot be used to resume a TLS 1.3 session.
*
* \return \c 0 if successful. In this case, \p session can be used for
* session resumption by passing it to mbedtls_ssl_set_session(),
* and serialized for storage via mbedtls_ssl_session_save().
- * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session
- * is available for export.
- * This error is a non-fatal, and has no observable effect on
- * the SSL context or the destination session.
* \return Another negative error code on other kinds of failure.
*
* \sa mbedtls_ssl_set_session()
diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h
deleted file mode 100644
index 63fb29e..0000000
--- a/include/psa/crypto_adjust_auto_enabled.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * \file psa/crypto_adjust_auto_enabled.h
- * \brief Adjust PSA configuration: enable always-on features
- *
- * Always enable certain features which require a negligible amount of code
- * to implement, to avoid some edge cases in the configuration combinatorics.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
-#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
-
-#define PSA_WANT_KEY_TYPE_DERIVE 1
-#define PSA_WANT_KEY_TYPE_PASSWORD 1
-#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
-#define PSA_WANT_KEY_TYPE_RAW_DATA 1
-
-#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index e6705de..e2562df 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -53,7 +53,6 @@
memory_buffer_alloc.c
nist_kw.c
oid.c
- padlock.c
pem.c
pk.c
pk_ecc.c
@@ -130,19 +129,22 @@
if(GEN_FILES)
find_package(Perl REQUIRED)
- file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
+ file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls/*.h)
+ file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_BINARY_DIR}/error.c
COMMAND
${PERL_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files
${CMAKE_CURRENT_BINARY_DIR}/error.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl
- ${error_headers}
+ ${crypto_error_headers}
+ ${tls_error_headers}
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt
)
@@ -171,7 +173,7 @@
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
- ${error_headers}
+ ${tls_error_headers}
)
add_custom_command(
@@ -220,11 +222,13 @@
set(libs ${libs} ws2_32 bcrypt)
endif(WIN32)
-if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
- SET(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
- SET(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
- SET(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
- SET(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+if(CMAKE_C_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_C_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_C_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
+endif()
+if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang")
+ set(CMAKE_CXX_ARCHIVE_CREATE "<CMAKE_AR> Scr <TARGET> <LINK_FLAGS> <OBJECTS>")
+ set(CMAKE_CXX_ARCHIVE_FINISH "<CMAKE_RANLIB> -no_warning_for_no_symbols -c <TARGET>")
endif()
if(HAIKU)
@@ -327,6 +331,8 @@
# of /library (which currently means: under /3rdparty).
target_include_directories(${target}
PUBLIC $<BUILD_INTERFACE:${MBEDTLS_DIR}/include/>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/include/>
+ $<BUILD_INTERFACE:${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/include/>
$<INSTALL_INTERFACE:include/>
PRIVATE ${MBEDTLS_DIR}/library/
# Needed to include psa_crypto_driver_wrappers.h
diff --git a/library/Makefile b/library/Makefile
index 388fcea..e4fb643 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -28,11 +28,13 @@
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
-# Include ../include for public headers and . for private headers.
-# Note that . needs to be included explicitly for the sake of library
-# files that are not in the /library directory (which currently means
+# Include ../include, ../tf-psa-crypto/include and
+# ../tf-psa-crypto/drivers/builtin/include for public headers and . for
+# private headers. Note that . needs to be included explicitly for the sake of
+# library files that are not in the /library directory (which currently means
# under /3rdparty).
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \
+ -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS =
ifdef DEBUG
@@ -145,7 +147,6 @@
memory_buffer_alloc.o \
nist_kw.o \
oid.o \
- padlock.o \
pem.o \
pk.o \
pk_ecc.o \
diff --git a/library/aes.c b/library/aes.c
index b1a5c3e..72e2c57 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -30,21 +30,6 @@
#endif
#endif
-#if defined(MBEDTLS_ARCH_IS_X86)
-#if defined(MBEDTLS_PADLOCK_C)
-#if !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
-#endif
-#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
-#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \
- "MBEDTLS_PADLOCK_C is set"
-#endif
-#endif
-#endif
-
-#if defined(MBEDTLS_PADLOCK_C)
-#include "padlock.h"
-#endif
#if defined(MBEDTLS_AESNI_C)
#include "aesni.h"
#endif
@@ -67,10 +52,6 @@
#if !defined(MBEDTLS_AES_ALT)
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
-static int aes_padlock_ace = -1;
-#endif
-
#if defined(MBEDTLS_AES_ROM_TABLES)
/*
* Forward S-box
@@ -527,8 +508,7 @@
* Note that the offset is in units of elements of buf, i.e. 32-bit words,
* i.e. an offset of 1 means 4 bytes and so on.
*/
-#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \
- (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
+#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
#define MAY_NEED_TO_ALIGN
#endif
@@ -537,15 +517,6 @@
#if defined(MAY_NEED_TO_ALIGN)
int align_16_bytes = 0;
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace == -1) {
- aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
- }
- if (aes_padlock_ace) {
- align_16_bytes = 1;
- }
-#endif
-
#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
align_16_bytes = 1;
@@ -1000,13 +971,15 @@
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
-/* VIA Padlock and our intrinsics-based implementation of AESNI require
- * the round keys to be aligned on a 16-byte boundary. We take care of this
- * before creating them, but the AES context may have moved (this can happen
- * if the library is called from a language with managed memory), and in later
- * calls it might have a different alignment with respect to 16-byte memory.
- * So we may need to realign.
+/*
+ * Our intrinsics-based implementation of AESNI requires the round keys to be
+ * aligned on a 16-byte boundary. We take care of this before creating them,
+ * but the AES context may have moved (this can happen if the library is
+ * called from a language with managed memory), and in later calls it might
+ * have a different alignment with respect to 16-byte memory. So we may need
+ * to realign.
*/
+#if defined(MAY_NEED_TO_ALIGN)
MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx)
{
unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
@@ -1017,7 +990,7 @@
ctx->rk_offset = new_offset;
}
}
-
+#endif /* MAY_NEED_TO_ALIGN */
/*
* AES-ECB block encryption/decryption
*/
@@ -1046,12 +1019,6 @@
}
#endif
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace > 0) {
- return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
- }
-#endif
-
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_DECRYPT) {
@@ -1092,18 +1059,6 @@
return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
}
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (aes_padlock_ace > 0) {
- if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) {
- return 0;
- }
-
- // If padlock data misaligned, we just fall back to
- // unaccelerated mode
- //
- }
-#endif
-
const unsigned char *ivp = iv;
if (mode == MBEDTLS_AES_DECRYPT) {
@@ -1860,11 +1815,6 @@
mbedtls_printf(" AES note: using AESNI.\n");
} else
#endif
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
- if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
- mbedtls_printf(" AES note: using VIA Padlock.\n");
- } else
-#endif
#if defined(MBEDTLS_AESCE_HAVE_CODE)
if (MBEDTLS_AESCE_HAS_SUPPORT()) {
mbedtls_printf(" AES note: using AESCE.\n");
diff --git a/library/block_cipher.c b/library/block_cipher.c
index 04cd7fb..51cdcdf 100644
--- a/library/block_cipher.c
+++ b/library/block_cipher.c
@@ -51,6 +51,10 @@
void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) {
psa_destroy_key(ctx->psa_key_id);
diff --git a/library/cipher.c b/library/cipher.c
index 0683677..7f4c121 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -849,6 +849,9 @@
}
padding_len = input[input_len - 1];
+ if (padding_len == 0 || padding_len > input_len) {
+ return MBEDTLS_ERR_CIPHER_INVALID_PADDING;
+ }
*data_len = input_len - padding_len;
mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len);
diff --git a/library/entropy.c b/library/entropy.c
index e3bc851..7dcf067 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -61,6 +61,10 @@
void mbedtls_entropy_free(mbedtls_entropy_context *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
/* If the context was already free, don't call free() again.
* This is important for mutexes which don't allow double-free. */
if (ctx->accumulator_started == -1) {
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index 794ee03..611768c 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -5,10 +5,12 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
+#if defined(__linux__) || defined(__midipix__)
/* Ensure that syscall() is available even when compiling with -std=c99 */
+#if !defined(_GNU_SOURCE)
#define _GNU_SOURCE
#endif
+#endif
#include "common.h"
diff --git a/library/lmots.c b/library/lmots.c
index c7091b4..c51cb41 100644
--- a/library/lmots.c
+++ b/library/lmots.c
@@ -387,6 +387,10 @@
void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_platform_zeroize(ctx, sizeof(*ctx));
}
@@ -556,6 +560,10 @@
void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_platform_zeroize(ctx,
sizeof(*ctx));
}
diff --git a/library/lms.c b/library/lms.c
index 8d3cae0..7f7bec0 100644
--- a/library/lms.c
+++ b/library/lms.c
@@ -229,6 +229,10 @@
void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_platform_zeroize(ctx, sizeof(*ctx));
}
@@ -528,6 +532,10 @@
void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
unsigned int idx;
if (ctx->have_private_key) {
diff --git a/library/md.c b/library/md.c
index 12a3ea2..2586827 100644
--- a/library/md.c
+++ b/library/md.c
@@ -41,7 +41,7 @@
#include "mbedtls/sha512.h"
#include "mbedtls/sha3.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <psa/crypto.h>
#include "md_psa.h"
#include "psa_util_internal.h"
@@ -76,7 +76,7 @@
};
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
static const mbedtls_md_info_t mbedtls_ripemd160_info = {
MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64)
};
@@ -88,7 +88,7 @@
};
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
static const mbedtls_md_info_t mbedtls_sha224_info = {
MD_INFO(MBEDTLS_MD_SHA224, 28, 64)
};
@@ -100,7 +100,7 @@
};
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static const mbedtls_md_info_t mbedtls_sha384_info = {
MD_INFO(MBEDTLS_MD_SHA384, 48, 128)
};
@@ -130,7 +130,7 @@
};
#endif
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
static const mbedtls_md_info_t mbedtls_sha3_512_info = {
MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72)
};
@@ -143,7 +143,7 @@
case MBEDTLS_MD_MD5:
return &mbedtls_md5_info;
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
case MBEDTLS_MD_RIPEMD160:
return &mbedtls_ripemd160_info;
#endif
@@ -151,7 +151,7 @@
case MBEDTLS_MD_SHA1:
return &mbedtls_sha1_info;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return &mbedtls_sha224_info;
#endif
@@ -159,7 +159,7 @@
case MBEDTLS_MD_SHA256:
return &mbedtls_sha256_info;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return &mbedtls_sha384_info;
#endif
@@ -179,7 +179,7 @@
case MBEDTLS_MD_SHA3_384:
return &mbedtls_sha3_384_info;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
case MBEDTLS_MD_SHA3_512:
return &mbedtls_sha3_512_info;
#endif
@@ -761,13 +761,13 @@
return md_info->type;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
int mbedtls_md_error_from_psa(psa_status_t status)
{
return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
psa_generic_status_to_mbedtls);
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/************************************************************************
@@ -785,14 +785,14 @@
MBEDTLS_MD_SHA512,
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_MD_SHA384,
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_MD_SHA256,
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
MBEDTLS_MD_SHA224,
#endif
@@ -800,7 +800,7 @@
MBEDTLS_MD_SHA1,
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
MBEDTLS_MD_RIPEMD160,
#endif
@@ -820,7 +820,7 @@
MBEDTLS_MD_SHA3_384,
#endif
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
MBEDTLS_MD_SHA3_512,
#endif
@@ -841,20 +841,20 @@
#if defined(MBEDTLS_MD_CAN_MD5)
{ "MD5", MBEDTLS_MD_MD5 },
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
{ "RIPEMD160", MBEDTLS_MD_RIPEMD160 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA1)
{ "SHA1", MBEDTLS_MD_SHA1 },
{ "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
{ "SHA224", MBEDTLS_MD_SHA224 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
{ "SHA256", MBEDTLS_MD_SHA256 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ "SHA384", MBEDTLS_MD_SHA384 },
#endif
#if defined(MBEDTLS_MD_CAN_SHA512)
@@ -869,7 +869,7 @@
#if defined(MBEDTLS_MD_CAN_SHA3_384)
{ "SHA3-384", MBEDTLS_MD_SHA3_384 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
{ "SHA3-512", MBEDTLS_MD_SHA3_512 },
#endif
{ NULL, MBEDTLS_MD_NONE },
diff --git a/library/net_sockets.c b/library/net_sockets.c
index edec587..ef89a88 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -683,7 +683,7 @@
*/
void mbedtls_net_free(mbedtls_net_context *ctx)
{
- if (ctx->fd == -1) {
+ if (ctx == NULL || ctx->fd == -1) {
return;
}
diff --git a/library/nist_kw.c b/library/nist_kw.c
index f15425b..8faafe4 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -102,6 +102,10 @@
*/
void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_cipher_free(&ctx->cipher_ctx);
mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context));
}
diff --git a/library/oid.c b/library/oid.c
index 1d6b1eb..825fcee 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -391,13 +391,13 @@
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption",
"RSA with SHA-224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
},
-#endif /* MBEDTLS_MD_CAN_SHA224 */
+#endif /* PSA_WANT_ALG_SHA_224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption",
@@ -405,13 +405,13 @@
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption",
"RSA with SHA-384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
},
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption",
@@ -433,7 +433,7 @@
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"),
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
@@ -445,12 +445,12 @@
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"),
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
},
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"),
@@ -731,7 +731,7 @@
MBEDTLS_MD_SHA1,
},
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"),
MBEDTLS_MD_SHA224,
@@ -743,7 +743,7 @@
MBEDTLS_MD_SHA256,
},
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"),
MBEDTLS_MD_SHA384,
@@ -755,7 +755,7 @@
MBEDTLS_MD_SHA512,
},
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"),
MBEDTLS_MD_RIPEMD160,
@@ -779,7 +779,7 @@
MBEDTLS_MD_SHA3_384,
},
#endif
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"),
MBEDTLS_MD_SHA3_512,
@@ -815,24 +815,24 @@
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_MD_CAN_SHA1 */
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"),
MBEDTLS_MD_SHA224,
},
-#endif /* MBEDTLS_MD_CAN_SHA224 */
+#endif /* PSA_WANT_ALG_SHA_224 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"),
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"),
MBEDTLS_MD_SHA384,
},
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"),
@@ -857,18 +857,18 @@
MBEDTLS_MD_SHA3_384,
},
#endif /* MBEDTLS_MD_CAN_SHA3_384 */
-#if defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(PSA_WANT_ALG_SHA3_512)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"),
MBEDTLS_MD_SHA3_512,
},
-#endif /* MBEDTLS_MD_CAN_SHA3_512 */
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#endif /* PSA_WANT_ALG_SHA3_512 */
+#if defined(PSA_WANT_ALG_RIPEMD160)
{
OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"),
MBEDTLS_MD_RIPEMD160,
},
-#endif /* MBEDTLS_MD_CAN_RIPEMD160 */
+#endif /* PSA_WANT_ALG_RIPEMD160 */
{
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
diff --git a/library/padlock.c b/library/padlock.c
deleted file mode 100644
index 1f00691..0000000
--- a/library/padlock.c
+++ /dev/null
@@ -1,157 +0,0 @@
-/*
- * VIA PadLock support functions
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-/*
- * This implementation is based on the VIA PadLock Programming Guide:
- *
- * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/
- * programming_guide.pdf
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_PADLOCK_C)
-
-#include "padlock.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)
-
-/*
- * PadLock detection routine
- */
-int mbedtls_padlock_has_support(int feature)
-{
- static int flags = -1;
- int ebx = 0, edx = 0;
-
- if (flags == -1) {
- asm ("movl %%ebx, %0 \n\t"
- "movl $0xC0000000, %%eax \n\t"
- "cpuid \n\t"
- "cmpl $0xC0000001, %%eax \n\t"
- "movl $0, %%edx \n\t"
- "jb 1f \n\t"
- "movl $0xC0000001, %%eax \n\t"
- "cpuid \n\t"
- "1: \n\t"
- "movl %%edx, %1 \n\t"
- "movl %2, %%ebx \n\t"
- : "=m" (ebx), "=m" (edx)
- : "m" (ebx)
- : "eax", "ecx", "edx");
-
- flags = edx;
- }
-
- return flags & feature;
-}
-
-/*
- * PadLock AES-ECB block en(de)cryption
- */
-int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16])
-{
- int ebx = 0;
- uint32_t *rk;
- uint32_t *blk;
- uint32_t *ctrl;
- unsigned char buf[256];
-
- rk = ctx->buf + ctx->rk_offset;
-
- if (((long) rk & 15) != 0) {
- return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
- }
-
- blk = MBEDTLS_PADLOCK_ALIGN16(buf);
- memcpy(blk, input, 16);
-
- ctrl = blk + 4;
- *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9);
-
- asm ("pushfl \n\t"
- "popfl \n\t"
- "movl %%ebx, %0 \n\t"
- "movl $1, %%ecx \n\t"
- "movl %2, %%edx \n\t"
- "movl %3, %%ebx \n\t"
- "movl %4, %%esi \n\t"
- "movl %4, %%edi \n\t"
- ".byte 0xf3,0x0f,0xa7,0xc8 \n\t"
- "movl %1, %%ebx \n\t"
- : "=m" (ebx)
- : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk)
- : "memory", "ecx", "edx", "esi", "edi");
-
- memcpy(output, blk, 16);
-
- return 0;
-}
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-/*
- * PadLock AES-CBC buffer en(de)cryption
- */
-int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output)
-{
- int ebx = 0;
- size_t count;
- uint32_t *rk;
- uint32_t *iw;
- uint32_t *ctrl;
- unsigned char buf[256];
-
- rk = ctx->buf + ctx->rk_offset;
-
- if (((long) input & 15) != 0 ||
- ((long) output & 15) != 0 ||
- ((long) rk & 15) != 0) {
- return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED;
- }
-
- iw = MBEDTLS_PADLOCK_ALIGN16(buf);
- memcpy(iw, iv, 16);
-
- ctrl = iw + 4;
- *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9);
-
- count = (length + 15) >> 4;
-
- asm ("pushfl \n\t"
- "popfl \n\t"
- "movl %%ebx, %0 \n\t"
- "movl %2, %%ecx \n\t"
- "movl %3, %%edx \n\t"
- "movl %4, %%ebx \n\t"
- "movl %5, %%esi \n\t"
- "movl %6, %%edi \n\t"
- "movl %7, %%eax \n\t"
- ".byte 0xf3,0x0f,0xa7,0xd0 \n\t"
- "movl %1, %%ebx \n\t"
- : "=m" (ebx)
- : "m" (ebx), "m" (count), "m" (ctrl),
- "m" (rk), "m" (input), "m" (output), "m" (iw)
- : "memory", "eax", "ecx", "edx", "esi", "edi");
-
- memcpy(iv, iw, 16);
-
- return 0;
-}
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */
-
-#endif /* MBEDTLS_PADLOCK_C */
diff --git a/library/padlock.h b/library/padlock.h
deleted file mode 100644
index 92d72af..0000000
--- a/library/padlock.h
+++ /dev/null
@@ -1,111 +0,0 @@
-/**
- * \file padlock.h
- *
- * \brief VIA PadLock ACE for HW encryption/decryption supported by some
- * processors
- *
- * \warning These functions are only for internal use by other library
- * functions; you must not call them directly.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#ifndef MBEDTLS_PADLOCK_H
-#define MBEDTLS_PADLOCK_H
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/aes.h"
-
-#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */
-
-#if defined(__has_feature)
-#if __has_feature(address_sanitizer)
-#define MBEDTLS_HAVE_ASAN
-#endif
-#endif
-
-/*
- * - `padlock` is implements with GNUC assembly for x86 target.
- * - Some versions of ASan result in errors about not enough registers.
- */
-#if defined(MBEDTLS_PADLOCK_C) && \
- defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \
- defined(MBEDTLS_HAVE_ASM) && \
- !defined(MBEDTLS_HAVE_ASAN)
-
-#define MBEDTLS_VIA_PADLOCK_HAVE_CODE
-
-#include <stdint.h>
-
-#define MBEDTLS_PADLOCK_RNG 0x000C
-#define MBEDTLS_PADLOCK_ACE 0x00C0
-#define MBEDTLS_PADLOCK_PHE 0x0C00
-#define MBEDTLS_PADLOCK_PMM 0x3000
-
-#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15))
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * \brief Internal PadLock detection routine
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param feature The feature to detect
- *
- * \return non-zero if CPU has support for the feature, 0 otherwise
- */
-int mbedtls_padlock_has_support(int feature);
-
-/**
- * \brief Internal PadLock AES-ECB block en(de)cryption
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param ctx AES context
- * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param input 16-byte input block
- * \param output 16-byte output block
- *
- * \return 0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx,
- int mode,
- const unsigned char input[16],
- unsigned char output[16]);
-
-/**
- * \brief Internal PadLock AES-CBC buffer en(de)cryption
- *
- * \note This function is only for internal use by other library
- * functions; you must not call it directly.
- *
- * \param ctx AES context
- * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
- * \param length length of the input data
- * \param iv initialization vector (updated after use)
- * \param input buffer holding the input data
- * \param output buffer holding the output data
- *
- * \return 0 if success, 1 if operation failed
- */
-int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx,
- int mode,
- size_t length,
- unsigned char iv[16],
- const unsigned char *input,
- unsigned char *output);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* HAVE_X86 */
-
-#endif /* padlock.h */
diff --git a/library/pem.c b/library/pem.c
index 0fee5df..0207601 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -481,6 +481,10 @@
void mbedtls_pem_free(mbedtls_pem_context *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
if (ctx->buf != NULL) {
mbedtls_zeroize_and_free(ctx->buf, ctx->buflen);
}
diff --git a/library/pk.c b/library/pk.c
index 097777f..3fe51ea 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -868,7 +868,6 @@
psa_status_t status;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type;
- psa_algorithm_t alg_type;
size_t key_bits;
/* Use a buffer size large enough to contain either a key pair or public key. */
unsigned char exp_key[PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE];
@@ -899,7 +898,6 @@
key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type);
}
key_bits = psa_get_key_bits(&key_attr);
- alg_type = psa_get_key_algorithm(&key_attr);
#if defined(MBEDTLS_RSA_C)
if ((key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) ||
@@ -919,6 +917,7 @@
goto exit;
}
+ psa_algorithm_t alg_type = psa_get_key_algorithm(&key_attr);
mbedtls_md_type_t md_type = MBEDTLS_MD_NONE;
if (PSA_ALG_GET_HASH(alg_type) != PSA_ALG_ANY_HASH) {
md_type = mbedtls_md_type_from_psa_alg(alg_type);
@@ -968,6 +967,7 @@
} else
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
{
+ (void) key_bits;
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -1327,43 +1327,19 @@
}
if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t psa_alg, sign_alg;
-#if defined(MBEDTLS_PSA_CRYPTO_C)
- psa_algorithm_t psa_enrollment_alg;
-#endif /* MBEDTLS_PSA_CRYPTO_C */
psa_status_t status;
- status = psa_get_key_attributes(ctx->priv_id, &key_attr);
- if (status != PSA_SUCCESS) {
- return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
- }
- psa_alg = psa_get_key_algorithm(&key_attr);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
- psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
- psa_reset_key_attributes(&key_attr);
-
- /* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between
- * alg and enrollment alg should be of type RSA_PSS. */
- if (PSA_ALG_IS_RSA_PSS(psa_alg)) {
- sign_alg = psa_alg;
- }
-#if defined(MBEDTLS_PSA_CRYPTO_C)
- else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) {
- sign_alg = psa_enrollment_alg;
- }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
- else {
- /* The opaque key has no RSA PSS algorithm associated. */
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
- /* Adjust the hashing algorithm. */
- sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg);
-
- status = psa_sign_hash(ctx->priv_id, sign_alg,
+ /* PSA_ALG_RSA_PSS() behaves the same as PSA_ALG_RSA_PSS_ANY_SALT() when
+ * performing a signature, but they are encoded differently. Instead of
+ * extracting the proper one from the wrapped key policy, just try both. */
+ status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg),
hash, hash_len,
sig, sig_size, sig_len);
+ if (status == PSA_ERROR_NOT_PERMITTED) {
+ status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg),
+ hash, hash_len,
+ sig, sig_size, sig_len);
+ }
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 969c695..8100afc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1835,6 +1835,9 @@
status = psa_copy_key_material_into_slot(
slot, (uint8_t *) (&slot_number), sizeof(slot_number));
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
}
if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) {
@@ -4628,11 +4631,7 @@
goto exit;
}
- if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
- input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
+ if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
@@ -5194,6 +5193,12 @@
goto exit;
}
+ /* No input to add (zero length), nothing to do. */
+ if (input_length == 0) {
+ status = PSA_SUCCESS;
+ goto exit;
+ }
+
if (operation->lengths_set) {
if (operation->ad_remaining < input_length) {
status = PSA_ERROR_INVALID_ARGUMENT;
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 881d673..3216c94 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -263,7 +263,7 @@
{
mbedtls_cipher_mode_t mode;
psa_status_t status;
- mbedtls_cipher_id_t cipher_id_tmp;
+ mbedtls_cipher_id_t cipher_id_tmp = MBEDTLS_CIPHER_ID_NONE;
status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
if (status != PSA_SUCCESS) {
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index b184ed0..9986a44 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -424,6 +424,8 @@
if (status != PSA_SUCCESS) {
psa_wipe_key_slot(*p_slot);
+ /* If the key does not exist, we need to return
+ * PSA_ERROR_INVALID_HANDLE. */
if (status == PSA_ERROR_DOES_NOT_EXIST) {
status = PSA_ERROR_INVALID_HANDLE;
}
@@ -440,6 +442,9 @@
status = PSA_ERROR_INVALID_HANDLE;
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+ if (status != PSA_SUCCESS) {
+ *p_slot = NULL;
+ }
#if defined(MBEDTLS_THREADING_C)
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
&mbedtls_threading_key_slot_mutex));
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index bcfc9d8..a84be7d 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -58,6 +58,9 @@
* It is the responsibility of the caller to call psa_unregister_read(slot)
* when they have finished reading the contents of the slot.
*
+ * On failure, `*p_slot` is set to NULL. This ensures that it is always valid
+ * to call psa_unregister_read on the returned slot.
+ *
* \param key Key identifier to query.
* \param[out] p_slot On success, `*p_slot` contains a pointer to the
* key slot containing the description of the key
diff --git a/library/psa_util.c b/library/psa_util.c
index 4ccc5b0..679d00e 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -443,6 +443,9 @@
if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
+ if (coordinate_len > sizeof(r)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
/* Since raw and der buffers might overlap, dump r and s before starting
* the conversion. */
@@ -561,6 +564,9 @@
if (raw_size < coordinate_size * 2) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
}
+ if (2 * coordinate_size > sizeof(raw_tmp)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
/* Check that the provided input DER buffer has the right header. */
ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len,
diff --git a/library/sha256.c b/library/sha256.c
index 8788981..8b2c345 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -44,7 +44,9 @@
#endif /* defined(__clang__) && (__clang_major__ >= 4) */
/* Ensure that SIG_SETMASK is defined when -std=c99 is used. */
+#if !defined(_GNU_SOURCE)
#define _GNU_SOURCE
+#endif
#include "common.h"
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 23619a2..5fc9000 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -282,13 +282,13 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_SSL_HAVE_GCM)
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384,
MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */
0,
MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
{ MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256",
MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256,
@@ -410,7 +410,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -423,7 +423,7 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_SSL_HAVE_CCM)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -453,13 +453,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -470,13 +470,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -518,7 +518,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -531,7 +531,7 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@@ -543,13 +543,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -560,13 +560,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -582,13 +582,13 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
#if defined(MBEDTLS_SSL_HAVE_AES)
-#if defined(MBEDTLS_MD_CAN_SHA384) && \
+#if defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
+#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -678,12 +678,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -691,13 +691,13 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
#if defined(MBEDTLS_SSL_HAVE_AES)
-#if defined(MBEDTLS_MD_CAN_SHA384) && \
+#if defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_SSL_HAVE_GCM)
{ MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */
+#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -788,12 +788,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -827,7 +827,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -840,7 +840,7 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@@ -852,13 +852,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -869,13 +869,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -917,7 +917,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_SSL_HAVE_CBC)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -930,7 +930,7 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_SSL_HAVE_GCM */
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_AES */
#if defined(MBEDTLS_SSL_HAVE_CAMELLIA)
@@ -942,13 +942,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -959,13 +959,13 @@
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -989,12 +989,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@@ -1005,12 +1005,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA",
@@ -1053,12 +1053,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -1069,12 +1069,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -1090,12 +1090,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@@ -1106,12 +1106,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA",
@@ -1154,12 +1154,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -1170,12 +1170,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -1192,12 +1192,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA",
@@ -1223,13 +1223,13 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -1245,12 +1245,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384",
MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#if defined(MBEDTLS_SSL_HAVE_CBC)
@@ -1261,12 +1261,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384",
MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA1)
{ MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
@@ -1291,12 +1291,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_CBC */
#if defined(MBEDTLS_SSL_HAVE_GCM)
@@ -1307,12 +1307,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384",
MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
0,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_SSL_HAVE_GCM */
#endif /* MBEDTLS_SSL_HAVE_CAMELLIA */
@@ -1368,12 +1368,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
@@ -1391,12 +1391,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -1414,12 +1414,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
@@ -1437,12 +1437,12 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
{ MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384",
MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
MBEDTLS_CIPHERSUITE_WEAK,
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
@@ -1450,7 +1450,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -1458,7 +1458,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA,
@@ -1485,7 +1485,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1493,7 +1493,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK,
@@ -1520,7 +1520,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1528,7 +1528,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK,
@@ -1555,7 +1555,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -1563,7 +1563,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
@@ -1590,7 +1590,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -1598,7 +1598,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA,
@@ -1626,7 +1626,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
@@ -1646,7 +1646,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -1654,7 +1654,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
@@ -1681,7 +1681,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -1689,7 +1689,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
@@ -1716,7 +1716,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -1724,7 +1724,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -1751,7 +1751,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384))
+#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384",
MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
@@ -1759,7 +1759,7 @@
MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
#endif
#if (defined(MBEDTLS_SSL_HAVE_CBC) && \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
{ MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384",
MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK,
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 2772cac..be55963 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -44,7 +44,7 @@
#define COOKIE_MD MBEDTLS_MD_SHA256
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
-#elif defined(MBEDTLS_MD_CAN_SHA384)
+#elif defined(PSA_WANT_ALG_SHA_384)
#define COOKIE_MD MBEDTLS_MD_SHA384
#define COOKIE_MD_OUTLEN 48
#define COOKIE_HMAC_LEN 28
@@ -84,6 +84,10 @@
void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->psa_hmac_key);
#else
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a8807f6..a11feb8 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -288,7 +288,7 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
/* Ciphersuites using HMAC */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */
#elif defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */
@@ -929,7 +929,7 @@
mbedtls_md_context_t fin_sha256;
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_operation_t fin_sha384_psa;
#else
@@ -2433,10 +2433,10 @@
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256:
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384:
break;
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512:
break;
@@ -2489,12 +2489,12 @@
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
*md_alg = MBEDTLS_MD_SHA384;
*pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA512)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
*md_alg = MBEDTLS_MD_SHA512;
@@ -2527,7 +2527,7 @@
break;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_SSL_HASH_SHA224:
break;
#endif
@@ -2537,7 +2537,7 @@
break;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
break;
#endif
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index b07cd96..2bdad84 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5570,9 +5570,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C)
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl)
+static int ssl_tls13_is_new_session_ticket(mbedtls_ssl_context *ssl)
{
if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) ||
@@ -5580,15 +5580,9 @@
return 0;
}
- ssl->keep_current_message = 1;
-
- MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
- mbedtls_ssl_handshake_set_state(ssl,
- MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
-
- return MBEDTLS_ERR_SSL_WANT_READ;
+ return 1;
}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C */
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
@@ -5596,14 +5590,23 @@
MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message"));
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
- int ret = ssl_tls13_check_new_session_ticket(ssl);
- if (ret != 0) {
- return ret;
+ if (ssl_tls13_is_new_session_ticket(ssl)) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received"));
+ ssl->keep_current_message = 1;
+
+ mbedtls_ssl_handshake_set_state(ssl,
+ MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+ return MBEDTLS_ERR_SSL_WANT_READ;
+#else
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Ignore NewSessionTicket, not supported."));
+ return 0;
+#endif
}
}
-#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#endif /* MBEDTLS_SSL_CLI_C */
/* Fail in all other cases. */
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 6a31b0b..bfb656c 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -534,6 +534,10 @@
*/
void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(ctx->keys[0].key);
psa_destroy_key(ctx->keys[1].key);
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c5e0649..a2fd227 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -132,7 +132,7 @@
int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl,
int *enabled,
- unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+ unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX],
size_t *own_cid_len)
{
*enabled = MBEDTLS_SSL_CID_DISABLED;
@@ -436,7 +436,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@@ -445,7 +445,7 @@
static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *);
static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls12_session_load(mbedtls_ssl_session *session,
@@ -459,9 +459,9 @@
static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t);
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
const unsigned char *secret, size_t slen,
@@ -473,11 +473,11 @@
switch (prf) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_TLS_PRF_SHA384:
tls_prf = tls_prf_sha384;
break;
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_SSL_TLS_PRF_SHA256:
tls_prf = tls_prf_sha256;
@@ -784,7 +784,7 @@
{
((void) ciphersuite_info);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
ssl->handshake->update_checksum = ssl_update_checksum_sha384;
} else
@@ -831,7 +831,7 @@
int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384)
+ defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@@ -865,7 +865,7 @@
}
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
@@ -896,7 +896,7 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384)
+ defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status;
#else
@@ -920,7 +920,7 @@
}
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
@@ -949,7 +949,7 @@
}
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len)
{
@@ -973,7 +973,7 @@
mbedtls_md_init(&handshake->fin_sha256);
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
handshake->fin_sha384_psa = psa_hash_operation_init();
#else
@@ -1760,6 +1760,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id(session->ciphersuite);
@@ -1770,6 +1771,14 @@
session->ciphersuite));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
+#else
+ /*
+ * If session tickets are not enabled, it is not possible to resume a
+ * TLS 1.3 session, thus do not make any change to the SSL context in
+ * the first place.
+ */
+ return 0;
+#endif
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -2234,6 +2243,7 @@
mbedtls_zeroize_and_free(ssl->handshake->psk,
ssl->handshake->psk_len);
ssl->handshake->psk_len = 0;
+ ssl->handshake->psk = NULL;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
@@ -4049,7 +4059,7 @@
}
static int ssl_tls13_session_load(const mbedtls_ssl_session *session,
- unsigned char *buf,
+ const unsigned char *buf,
size_t buf_len)
{
((void) session);
@@ -4792,7 +4802,7 @@
mbedtls_md_free(&handshake->fin_sha256);
#endif
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&handshake->fin_sha384_psa);
#else
@@ -5661,7 +5671,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
- defined(MBEDTLS_MD_CAN_SHA384) && \
+ defined(PSA_WANT_ALG_SHA_384) && \
defined(PSA_WANT_ECC_SECP_R1_384)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@@ -5678,7 +5688,7 @@
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512,
#endif
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384,
#endif
@@ -5690,9 +5700,9 @@
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512,
#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384,
-#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */
+#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256,
@@ -5717,7 +5727,7 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA512 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
@@ -5727,7 +5737,7 @@
#if defined(MBEDTLS_RSA_C)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384),
#endif
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
@@ -5756,7 +5766,7 @@
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
- defined(MBEDTLS_MD_CAN_SHA384) && \
+ defined(PSA_WANT_ALG_SHA_384) && \
defined(MBEDTLS_ECP_HAVE_SECP384R1)
MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384,
// == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384)
@@ -5775,11 +5785,11 @@
#endif
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384),
#endif
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
MBEDTLS_TLS_SIG_NONE
};
@@ -6030,6 +6040,10 @@
*/
void mbedtls_ssl_config_free(mbedtls_ssl_config *conf)
{
+ if (conf == NULL) {
+ return;
+ }
+
#if defined(MBEDTLS_DHM_C)
mbedtls_mpi_free(&conf->dhm_P);
mbedtls_mpi_free(&conf->dhm_G);
@@ -6126,7 +6140,7 @@
case MBEDTLS_SSL_HASH_SHA1:
return MBEDTLS_MD_SHA1;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_SSL_HASH_SHA224:
return MBEDTLS_MD_SHA224;
#endif
@@ -6134,7 +6148,7 @@
case MBEDTLS_SSL_HASH_SHA256:
return MBEDTLS_MD_SHA256;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
return MBEDTLS_MD_SHA384;
#endif
@@ -6161,7 +6175,7 @@
case MBEDTLS_MD_SHA1:
return MBEDTLS_SSL_HASH_SHA1;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return MBEDTLS_SSL_HASH_SHA224;
#endif
@@ -6169,7 +6183,7 @@
case MBEDTLS_MD_SHA256:
return MBEDTLS_SSL_HASH_SHA256;
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return MBEDTLS_SSL_HASH_SHA384;
#endif
@@ -6423,7 +6437,7 @@
*olen = 0;
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
hash_operation_to_clone = &ssl->handshake->fin_sha384_psa;
break;
@@ -6450,7 +6464,7 @@
}
exit:
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@@ -6458,7 +6472,7 @@
}
#else /* MBEDTLS_USE_PSA_CRYPTO */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl,
unsigned char *dst,
@@ -6494,7 +6508,7 @@
mbedtls_md_free(&sha384);
return ret;
}
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_CHECK_RETURN_CRITICAL
@@ -6542,10 +6556,10 @@
{
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen);
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
#if defined(MBEDTLS_MD_CAN_SHA256)
case MBEDTLS_MD_SHA256:
@@ -6553,7 +6567,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
default:
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
(void) dst;
@@ -6821,7 +6835,7 @@
#if defined(MBEDTLS_MD_C) && \
(defined(MBEDTLS_MD_CAN_SHA256) || \
- defined(MBEDTLS_MD_CAN_SHA384))
+ defined(PSA_WANT_ALG_SHA_384))
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_generic(mbedtls_md_type_t md_type,
const unsigned char *secret, size_t slen,
@@ -6925,7 +6939,7 @@
return ret;
}
-#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || MBEDTLS_MD_CAN_SHA384 ) */
+#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || PSA_WANT_ALG_SHA_384 ) */
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_MD_CAN_SHA256)
@@ -6940,7 +6954,7 @@
}
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_CHECK_RETURN_CRITICAL
static int tls_prf_sha384(const unsigned char *secret, size_t slen,
const char *label,
@@ -6950,7 +6964,7 @@
return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen,
label, random, rlen, dstbuf, dlen);
}
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
/*
* Set appropriate PRF function and other SSL / TLS1.2 functions
@@ -6965,7 +6979,7 @@
static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake,
mbedtls_md_type_t hash)
{
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (hash == MBEDTLS_MD_SHA384) {
handshake->tls_prf = tls_prf_sha384;
handshake->calc_verify = ssl_calc_verify_tls_sha384;
@@ -7262,7 +7276,7 @@
int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md)
{
switch (md) {
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_SSL_HASH_SHA384:
ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384;
break;
@@ -7275,7 +7289,7 @@
default:
return -1;
}
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ssl;
#endif
@@ -7369,7 +7383,7 @@
}
#endif /* MBEDTLS_MD_CAN_SHA256 */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
unsigned char *hash,
size_t *hlen)
@@ -7382,7 +7396,7 @@
hash, hlen);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
}
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
#if !defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -8421,7 +8435,7 @@
#endif /* MBEDTLS_MD_CAN_SHA256*/
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
static int ssl_calc_finished_tls_sha384(
mbedtls_ssl_context *ssl, unsigned char *buf, int from)
{
@@ -8435,7 +8449,7 @@
padbuf, sizeof(padbuf),
buf, from);
}
-#endif /* MBEDTLS_MD_CAN_SHA384*/
+#endif /* PSA_WANT_ALG_SHA_384*/
void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl)
{
@@ -8728,7 +8742,7 @@
{
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
return tls_prf_sha384;
} else
@@ -8740,7 +8754,7 @@
}
}
#endif
-#if !defined(MBEDTLS_MD_CAN_SHA384) && \
+#if !defined(PSA_WANT_ALG_SHA_384) && \
!defined(MBEDTLS_MD_CAN_SHA256)
(void) ciphersuite_info;
#endif
@@ -8752,7 +8766,7 @@
static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf)
{
((void) tls_prf);
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (tls_prf == tls_prf_sha384) {
return MBEDTLS_SSL_TLS_PRF_SHA384;
} else
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index b49a8ae..b5b975f 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2631,13 +2631,8 @@
ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
- if (pk_type == MBEDTLS_PK_OPAQUE) {
- /* Opaque key is created by the user (externally from Mbed TLS)
- * so we assume it already has the right algorithm and flags
- * set. Just copy its ID as reference. */
- ssl->handshake->xxdh_psa_privkey = pk->priv_id;
- ssl->handshake->xxdh_psa_privkey_is_external = 1;
- } else {
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+ if (pk_type != MBEDTLS_PK_OPAQUE) {
/* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK
* module and only have ECDSA capabilities. Since we need
* them for ECDH later, we export and then re-import them with
@@ -2665,10 +2660,20 @@
/* Set this key as owned by the TLS library: it will be its duty
* to clear it exit. */
ssl->handshake->xxdh_psa_privkey_is_external = 0;
- }
+ ret = 0;
+ break;
+ }
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
+
+ /* Opaque key is created by the user (externally from Mbed TLS)
+ * so we assume it already has the right algorithm and flags
+ * set. Just copy its ID as reference. */
+ ssl->handshake->xxdh_psa_privkey = pk->priv_id;
+ ssl->handshake->xxdh_psa_privkey_is_external = 1;
ret = 0;
break;
+
#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
case MBEDTLS_PK_ECKEY:
case MBEDTLS_PK_ECKEY_DH:
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 7fcc394..162e3a3 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -666,6 +666,7 @@
return 0;
}
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite)
{
const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
@@ -678,7 +679,6 @@
return PSA_ALG_NONE;
}
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl)
{
mbedtls_ssl_session *session = ssl->session_negotiate;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index d448a05..8ac6579 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -193,10 +193,12 @@
idx = 64;
if (from == MBEDTLS_SSL_IS_CLIENT) {
- memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(client_cv));
+ memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.client_cv,
+ MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv));
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv);
} else { /* from == MBEDTLS_SSL_IS_SERVER */
- memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(server_cv));
+ memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.server_cv,
+ MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv));
idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv);
}
@@ -1482,9 +1484,11 @@
ssl->total_early_data_size)) {
MBEDTLS_SSL_DEBUG_MSG(
- 2, ("EarlyData: Too much early data received, %u + %" MBEDTLS_PRINTF_SIZET " > %u",
- ssl->total_early_data_size, early_data_len,
- ssl->session_negotiate->max_early_data_size));
+ 2, ("EarlyData: Too much early data received, "
+ "%lu + %" MBEDTLS_PRINTF_SIZET " > %lu",
+ (unsigned long) ssl->total_early_data_size,
+ early_data_len,
+ (unsigned long) ssl->session_negotiate->max_early_data_size));
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2760d76..f5ef920 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -92,8 +92,9 @@
return;
}
- MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x",
- (unsigned) psk_ciphersuite_id, psk_hash_alg));
+ MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx",
+ (unsigned) psk_ciphersuite_id,
+ (unsigned long) psk_hash_alg));
}
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
@@ -172,12 +173,12 @@
#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1
#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
mbedtls_ssl_context *ssl,
@@ -575,10 +576,8 @@
psa_algorithm_t psk_hash_alg;
int allowed_key_exchange_modes;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_session session;
mbedtls_ssl_session_init(&session);
-#endif
MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4);
identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0);
@@ -3109,6 +3108,7 @@
return 0;
}
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
/*
* Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET
*/
@@ -3138,7 +3138,6 @@
return SSL_NEW_SESSION_TICKET_WRITE;
}
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
unsigned char *ticket_nonce,
diff --git a/library/x509.c b/library/x509.c
index f97fb44..3560490 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -137,7 +137,7 @@
case MBEDTLS_MD_SHA1:
return "SHA1";
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
case MBEDTLS_MD_SHA224:
return "SHA224";
#endif
@@ -145,7 +145,7 @@
case MBEDTLS_MD_SHA256:
return "SHA256";
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
case MBEDTLS_MD_SHA384:
return "SHA384";
#endif
@@ -153,7 +153,7 @@
case MBEDTLS_MD_SHA512:
return "SHA512";
#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+#if defined(PSA_WANT_ALG_RIPEMD160)
case MBEDTLS_MD_RIPEMD160:
return "RIPEMD160";
#endif
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 72f5a10..56f23c9 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -46,6 +46,10 @@
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_asn1_free_named_data_list(&ctx->subject);
mbedtls_asn1_free_named_data_list(&ctx->issuer);
mbedtls_asn1_free_named_data_list(&ctx->extensions);
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index d3ddbcc..0d6f6bb 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -43,6 +43,10 @@
void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx)
{
+ if (ctx == NULL) {
+ return;
+ }
+
mbedtls_asn1_free_named_data_list(&ctx->subject);
mbedtls_asn1_free_named_data_list(&ctx->extensions);
diff --git a/pkgconfig/.gitignore b/pkgconfig/.gitignore
new file mode 100644
index 0000000..5460c20
--- /dev/null
+++ b/pkgconfig/.gitignore
@@ -0,0 +1,2 @@
+Makefile
+*.pc
diff --git a/programs/Makefile b/programs/Makefile
index 8d1da6d..9b48cc0 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -127,8 +127,8 @@
generated_files: $(GENERATED_FILES)
psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
-psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h
psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
psa/psa_constant_names_generated.c:
echo " Gen $@"
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index fd3e0aa..4343e81 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -14,7 +14,7 @@
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
- (defined(MBEDTLS_MD_CAN_SHA384) || \
+ (defined(PSA_WANT_ALG_SHA_384) || \
defined(MBEDTLS_MD_CAN_SHA256))
const char *pers = "fuzz_dtlsserver";
const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
@@ -33,7 +33,7 @@
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C) && \
defined(MBEDTLS_TIMING_C) && \
- (defined(MBEDTLS_MD_CAN_SHA384) || \
+ (defined(PSA_WANT_ALG_SHA_384) || \
defined(MBEDTLS_MD_CAN_SHA256))
int ret;
size_t len;
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index a8e4b0e..c0843e1 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -19,8 +19,8 @@
${CMAKE_CURRENT_SOURCE_DIR}/../..
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_values.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_extra.h
)
else()
link_to_source(psa_constant_names_generated.c)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 43133d9..fef5c46 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1527,11 +1527,11 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
} else
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index febb881..e3ed697 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -727,7 +727,11 @@
mbedtls_printf(" > Write MAIL FROM to server:");
fflush(stdout);
- len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
+ len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from);
+ if (len < 0 || (size_t) len >= sizeof(buf)) {
+ mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
+ goto exit;
+ }
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@@ -739,7 +743,11 @@
mbedtls_printf(" > Write RCPT TO to server:");
fflush(stdout);
- len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
+ len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to);
+ if (len < 0 || (size_t) len >= sizeof(buf)) {
+ mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
+ goto exit;
+ }
ret = write_ssl_and_get_response(&ssl, buf, len);
if (ret < 200 || ret > 299) {
mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
@@ -763,11 +771,16 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
- "This is a simple test mail from the "
- "Mbed TLS mail client example.\r\n"
- "\r\n"
- "Enjoy!", opt.mail_from);
+ len = mbedtls_snprintf((char *) buf, sizeof(buf),
+ "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
+ "This is a simple test mail from the "
+ "Mbed TLS mail client example.\r\n"
+ "\r\n"
+ "Enjoy!", opt.mail_from);
+ if (len < 0 || (size_t) len >= sizeof(buf)) {
+ mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n");
+ goto exit;
+ }
ret = write_ssl_data(&ssl, buf, len);
len = sprintf((char *) buf, "\r\n.\r\n");
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index a5d2ed1..81b1256 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -2403,11 +2403,11 @@
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
/* Determine KDF algorithm the opaque PSK will be used in. */
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
} else
-#endif /* MBEDTLS_MD_CAN_SHA384 */
+#endif /* PSA_WANT_ALG_SHA_384 */
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
}
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 1ff2077..03c835b 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c
@@ -295,13 +295,13 @@
#if defined(MBEDTLS_MD_CAN_SHA512)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512)
#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384)
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256)
#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
+#if defined(PSA_WANT_ALG_SHA_224)
MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224)
#endif
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 0d43ffd..20cdf41 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -25,14 +25,20 @@
WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
)
add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
- target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+ target_include_directories(cpp_dummy_build
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
endif()
if(USE_SHARED_MBEDTLS_LIBRARY AND
NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]")
add_executable(dlopen "dlopen.c")
- target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+ target_include_directories(dlopen
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
target_link_libraries(dlopen ${CMAKE_DL_LIBS})
endif()
@@ -46,13 +52,13 @@
${PERL}
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
${CMAKE_CURRENT_BINARY_DIR}/query_config.c
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
)
# this file will also be used in another directory, so create a target, see
diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore
index 9ae6b59..89d8c2b 100644
--- a/programs/test/cmake_package/.gitignore
+++ b/programs/test/cmake_package/.gitignore
@@ -1,3 +1,4 @@
build
Makefile
cmake_package
+mbedtls
diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore
index b9b8282..aaa5942 100644
--- a/programs/test/cmake_package_install/.gitignore
+++ b/programs/test/cmake_package_install/.gitignore
@@ -1,3 +1,4 @@
build
Makefile
cmake_package_install
+mbedtls
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
index 0b4bd0b..d27c7ae 100755
--- a/programs/test/generate_cpp_dummy_build.sh
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -37,10 +37,23 @@
EOF
- for header in include/mbedtls/*.h include/psa/*.h; do
+ for header in include/mbedtls/*.h; do
case ${header#include/} in
mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
mbedtls/config_*.h) :;; # not meant for direct inclusion
+ *) echo "#include \"${header#include/}\"";;
+ esac
+ done
+
+ for header in tf-psa-crypto/drivers/builtin/include/mbedtls/*.h; do
+ case ${header#tf-psa-crypto/drivers/builtin/include/} in
+ mbedtls/config_*.h) :;; # not meant for direct inclusion
+ *) echo "#include \"${header#tf-psa-crypto/drivers/builtin/include/}\"";;
+ esac
+ done
+
+ for header in tf-psa-crypto/include/psa/*.h; do
+ case ${header#tf-psa-crypto/include/} in
psa/crypto_config.h) :;; # not meant for direct inclusion
psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
# Some of the psa/crypto_*.h headers are not meant to be included
@@ -48,7 +61,7 @@
# psa/crypto.h has been included before. Since psa/crypto.h comes
# before psa/crypto_*.h in the wildcard enumeration, we don't need
# to skip those headers.
- *) echo "#include \"${header#include/}\"";;
+ *) echo "#include \"${header#tf-psa-crypto/include/}\"";;
esac
done
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index 8a604c4..f91d80e 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -101,7 +101,8 @@
import xml.etree.ElementTree as ET
-from mbedtls_dev import build_tree
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import build_tree
class AbiChecker:
@@ -325,8 +326,14 @@
@staticmethod
def _list_generated_test_data_files(git_worktree_path):
"""List the generated test data files."""
+ generate_psa_tests = 'framework/scripts/generate_psa_tests.py'
+ if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests):
+ # The checked-out revision is from before generate_psa_tests.py
+ # was moved to the framework submodule. Use the old location.
+ generate_psa_tests = 'tests/scripts/generate_psa_tests.py'
+
output = subprocess.check_output(
- ['tests/scripts/generate_psa_tests.py', '--list'],
+ [generate_psa_tests, '--list'],
cwd=git_worktree_path,
).decode('ascii')
return [line for line in output.split('\n') if line]
@@ -352,8 +359,14 @@
if 'storage_format' in filename:
storage_data_files.add(filename)
to_be_generated.add(filename)
+
+ generate_psa_tests = 'framework/scripts/generate_psa_tests.py'
+ if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests):
+ # The checked-out revision is from before generate_psa_tests.py
+ # was moved to the framework submodule. Use the old location.
+ generate_psa_tests = 'tests/scripts/generate_psa_tests.py'
subprocess.check_call(
- ['tests/scripts/generate_psa_tests.py'] + sorted(to_be_generated),
+ [generate_psa_tests] + sorted(to_be_generated),
cwd=git_worktree_path,
)
for test_file in sorted(storage_data_files):
diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py
index abd13df..ce752e4 100755
--- a/scripts/code_size_compare.py
+++ b/scripts/code_size_compare.py
@@ -21,9 +21,10 @@
import typing
from enum import Enum
-from mbedtls_dev import build_tree
-from mbedtls_dev import logging_util
-from mbedtls_dev import typing_util
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import build_tree
+from mbedtls_framework import logging_util
+from mbedtls_framework import typing_util
class SupportedArch(Enum):
"""Supported architecture for code size measurement."""
@@ -148,7 +149,7 @@
TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h'
CONFIG_H = 'include/mbedtls/mbedtls_config.h'
-CRYPTO_CONFIG_H = 'include/psa/crypto_config.h'
+CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h'
BACKUP_SUFFIX = '.code_size.bak'
class CodeSizeBuildInfo: # pylint: disable=too-few-public-methods
diff --git a/scripts/code_style.py b/scripts/code_style.py
index 07952b6..d3f89d9 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -75,16 +75,55 @@
output = subprocess.check_output(["git", "ls-files"] + file_patterns,
universal_newlines=True)
src_files = output.split()
+
+ # When this script is called from a git hook, some environment variables
+ # are set by default which force all git commands to use the main repository
+ # (i.e. prevent us from performing commands on the framework repo).
+ # Create an environment without these variables for running commands on the
+ # framework repo.
+ framework_env = os.environ.copy()
+ # Get a list of environment vars that git sets
+ git_env_vars = subprocess.check_output(["git", "rev-parse", "--local-env-vars"],
+ universal_newlines=True)
+ # Remove the vars from the environment
+ for var in git_env_vars.split():
+ framework_env.pop(var, None)
+
+ output = subprocess.check_output(["git", "-C", "framework", "ls-files"]
+ + file_patterns,
+ universal_newlines=True,
+ env=framework_env)
+ framework_src_files = output.split()
+
if since:
- # get all files changed in commits since the starting point
- cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + src_files
+ # get all files changed in commits since the starting point in ...
+ # ... the main repository
+ cmd = ["git", "log", since + "..HEAD", "--ignore-submodules",
+ "--name-only", "--pretty=", "--"] + src_files
output = subprocess.check_output(cmd, universal_newlines=True)
committed_changed_files = output.split()
- # and also get all files with uncommitted changes
+ # ... the framework submodule
+ cmd = ["git", "-C", "framework", "log", since + "..HEAD",
+ "--name-only", "--pretty=", "--"] + framework_src_files
+ output = subprocess.check_output(cmd, universal_newlines=True,
+ env=framework_env)
+ committed_changed_files += ["framework/" + s for s in output.split()]
+
+ # and also get all files with uncommitted changes in ...
+ # ... the main repository
cmd = ["git", "diff", "--name-only", "--"] + src_files
output = subprocess.check_output(cmd, universal_newlines=True)
uncommitted_changed_files = output.split()
- src_files = list(set(committed_changed_files + uncommitted_changed_files))
+ # ... the framework submodule
+ cmd = ["git", "-C", "framework", "diff", "--name-only", "--"] + \
+ framework_src_files
+ output = subprocess.check_output(cmd, universal_newlines=True,
+ env=framework_env)
+ uncommitted_changed_files += ["framework/" + s for s in output.split()]
+
+ src_files = committed_changed_files + uncommitted_changed_files
+ else:
+ src_files += ["framework/" + s for s in framework_src_files]
generated_files = list_generated_files()
# Don't correct style for third-party files (and, for simplicity,
diff --git a/scripts/common.make b/scripts/common.make
index 9908a3c..077ac6f 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -4,6 +4,8 @@
MBEDTLS_PATH := ..
endif
+PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim
+
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
@@ -21,21 +23,43 @@
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
+ -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \
+ -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
+ -D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
+
+ifdef PSASIM
+LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
+ -L$(PSASIM_PATH)/client_libs \
+ -lpsaclient \
+ -lmbedtls$(SHARED_SUFFIX) \
+ -lmbedx509$(SHARED_SUFFIX) \
+ -lmbedcrypto$(SHARED_SUFFIX)
+else
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
+endif
include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
-ifndef SHARED
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a
+ifdef PSASIM
+MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \
+ $(PSASIM_PATH)/client_libs/libmbedx509.a \
+ $(PSASIM_PATH)/client_libs/libmbedtls.a \
+ $(PSASIM_PATH)/client_libs/libpsaclient.a
+else ifndef SHARED
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \
+ $(MBEDTLS_PATH)/library/libmbedx509.a \
+ $(MBEDTLS_PATH)/library/libmbedtls.a
else
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -123,10 +147,17 @@
endif
# Auxiliary modules used by tests and some sample programs
-MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
+MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/drivers/*.c \
))
+# Ignore PSA stubs when building for the client side of PSASIM (i.e.
+# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates.
+ifdef PSASIM
+MBEDTLS_CORE_TEST_OBJS := $(filter-out \
+ ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
+ )
+endif
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \
diff --git a/scripts/config.py b/scripts/config.py
index c53f9e7..8704bdb 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -396,6 +396,7 @@
self.default_path)
super().__init__()
self.filename = filename
+ self.inclusion_guard = None
self.current_section = 'header'
with open(filename, 'r', encoding='utf-8') as file:
self.templates = [self._parse_line(line) for line in file]
@@ -413,9 +414,11 @@
r'(?P<arguments>(?:\((?:\w|\s|,)*\))?)' +
r'(?P<separator>\s*)' +
r'(?P<value>.*)')
+ _ifndef_line_regexp = r'#ifndef (?P<inclusion_guard>\w+)'
_section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' +
r'(?P<section>.*)[ */]*')
_config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
+ _ifndef_line_regexp,
_section_line_regexp]))
def _parse_line(self, line):
"""Parse a line in mbedtls_config.h and return the corresponding template."""
@@ -426,10 +429,16 @@
elif m.group('section'):
self.current_section = m.group('section')
return line
+ elif m.group('inclusion_guard') and self.inclusion_guard is None:
+ self.inclusion_guard = m.group('inclusion_guard')
+ return line
else:
active = not m.group('commented_out')
name = m.group('name')
value = m.group('value')
+ if name == self.inclusion_guard and value == '':
+ # The file double-inclusion guard is not an option.
+ return line
template = (name,
m.group('indentation'),
m.group('define') + name +
diff --git a/scripts/framework_scripts_path.py b/scripts/framework_scripts_path.py
new file mode 100644
index 0000000..4d4a440
--- /dev/null
+++ b/scripts/framework_scripts_path.py
@@ -0,0 +1,17 @@
+"""Add our Python library directory to the module search path.
+
+Usage:
+
+ import framework_scripts_path # pylint: disable=unused-import
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+
+import os
+import sys
+
+sys.path.append(os.path.join(os.path.dirname(__file__),
+ os.path.pardir,
+ 'framework', 'scripts'))
diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py
index 624ab81..0f0c8c7 100755
--- a/scripts/generate_driver_wrappers.py
+++ b/scripts/generate_driver_wrappers.py
@@ -17,7 +17,9 @@
import argparse
import jsonschema
import jinja2
-from mbedtls_dev import build_tree
+
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import build_tree
JSONSchema = NewType('JSONSchema', object)
# The Driver is an Object, but practically it's indexable and can called a dictionary to
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 0134c94..fb95c0d 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -3,7 +3,7 @@
# Generate error.c
#
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
-# or generate_errors.pl include_dir data_dir error_file
+# or generate_errors.pl crypto_include_dir tls_include_dir data_dir error_file
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
@@ -11,22 +11,24 @@
use strict;
use warnings;
-my ($include_dir, $data_dir, $error_file);
+my ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file);
if( @ARGV ) {
- die "Invalid number of arguments" if scalar @ARGV != 3;
- ($include_dir, $data_dir, $error_file) = @ARGV;
+ die "Invalid number of arguments" if scalar @ARGV != 4;
+ ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file) = @ARGV;
- -d $include_dir or die "No such directory: $include_dir\n";
+ -d $crypto_include_dir or die "No such directory: $crypto_include_dir\n";
+ -d $tls_include_dir or die "No such directory: $tls_include_dir\n";
-d $data_dir or die "No such directory: $data_dir\n";
} else {
- $include_dir = 'include/mbedtls';
+ $crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
+ $tls_include_dir = 'include/mbedtls';
$data_dir = 'scripts/data_files';
$error_file = 'library/error.c';
- unless( -d $include_dir && -d $data_dir ) {
+ unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) {
chdir '..' or die;
- -d $include_dir && -d $data_dir
+ -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir
or die "Without arguments, must be run from root or scripts\n"
}
}
@@ -36,7 +38,7 @@
my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5
- NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
+ NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160
SHA1 SHA256 SHA512 SHA3 THREADING );
my @high_level_modules = qw( CIPHER DHM ECP MD
PEM PK PKCS12 PKCS5
@@ -48,7 +50,8 @@
my $error_format = <FORMAT_FILE>;
close(FORMAT_FILE);
-my @files = glob qq("$include_dir/*.h");
+my @files = glob qq("$crypto_include_dir/*.h");
+push(@files, glob qq("$tls_include_dir/*.h"));
my @necessary_include_files;
my @matches;
foreach my $file (@files) {
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index f13b507..d472c6d 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -17,8 +17,9 @@
import os
import sys
-from mbedtls_dev import build_tree
-from mbedtls_dev import macro_collector
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import build_tree
+from mbedtls_framework import macro_collector
OUTPUT_TEMPLATE = '''\
/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */
@@ -327,6 +328,7 @@
build_tree.chdir_to_root()
# Allow to change the directory where psa_constant_names_generated.c is written to.
OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa"
- generate_psa_constants(['include/psa/crypto_values.h',
- 'include/psa/crypto_extra.h'],
+
+ generate_psa_constants(['tf-psa-crypto/include/psa/crypto_values.h',
+ 'tf-psa-crypto/include/psa/crypto_extra.h'],
OUTPUT_FILE_DIR + '/psa_constant_names_generated.c')
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 39743da..6a2f9cb 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -26,7 +26,7 @@
my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file);
my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h";
-my $default_psa_crypto_config_file = "./include/psa/crypto_config.h";
+my $default_psa_crypto_config_file = "./tf-psa-crypto/include/psa/crypto_config.h";
my $default_query_config_format_file = "./scripts/data_files/query_config.fmt";
my $default_query_config_file = "./programs/test/query_config.c";
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
index a0544f1..600d160 100755
--- a/scripts/generate_ssl_debug_helpers.py
+++ b/scripts/generate_ssl_debug_helpers.py
@@ -14,7 +14,9 @@
import os
import textwrap
import argparse
-from mbedtls_dev import build_tree
+
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import build_tree
def remove_c_comments(string):
@@ -328,7 +330,7 @@
{translation_table}
}};
- return "UNKOWN";
+ return "UNKNOWN";
}}''')
body = body.format(translation_table='\n'.join(translation_table))
return body
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index a0dfc57..e9267eb 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -23,7 +23,8 @@
my $programs_dir = 'programs';
my $mbedtls_header_dir = 'include/mbedtls';
-my $psa_header_dir = 'include/psa';
+my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls';
+my $psa_header_dir = 'tf-psa-crypto/include/psa';
my $source_dir = 'library';
my $test_source_dir = 'tests/src';
my $test_header_dir = 'tests/include/test';
@@ -44,6 +45,8 @@
# one directory: the compiler will use the first match.
my @include_directories = qw(
include
+ tf-psa-crypto/include
+ tf-psa-crypto/drivers/builtin/include
3rdparty/everest/include/
3rdparty/everest/include/everest
3rdparty/everest/include/everest/vs2013
@@ -101,6 +104,7 @@
}
return -d $vsx_dir
&& -d $mbedtls_header_dir
+ && -d $drivers_builtin_header_dir
&& -d $psa_header_dir
&& -d $source_dir
&& -d $test_source_dir
@@ -257,6 +261,7 @@
my @app_list = get_app_list();
my @header_dirs = (
$mbedtls_header_dir,
+ $drivers_builtin_header_dir,
$psa_header_dir,
$test_header_dir,
$test_drivers_header_dir,
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index abcfc39..b03bce2 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -10,6 +10,9 @@
python scripts\generate_ssl_debug_helpers.py || exit /b 1
perl scripts\generate_visualc_files.pl || exit /b 1
python scripts\generate_psa_constants.py || exit /b 1
-python tests\scripts\generate_bignum_tests.py || exit /b 1
-python tests\scripts\generate_ecp_tests.py || exit /b 1
-python tests\scripts\generate_psa_tests.py || exit /b 1
+python framework\scripts\generate_bignum_tests.py || exit /b 1
+python framework\scripts\generate_config_tests.py || exit /b 1
+python framework\scripts\generate_ecp_tests.py || exit /b 1
+python framework\scripts\generate_psa_tests.py || exit /b 1
+python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
+python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
diff --git a/scripts/mbedtls_dev/__init__.py b/scripts/mbedtls_dev/__init__.py
deleted file mode 100644
index 15b0d60..0000000
--- a/scripts/mbedtls_dev/__init__.py
+++ /dev/null
@@ -1,3 +0,0 @@
-# This file needs to exist to make mbedtls_dev a package.
-# Among other things, this allows modules in this directory to make
-# relative imports.
diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py
deleted file mode 100644
index 8ca6758..0000000
--- a/scripts/mbedtls_dev/asymmetric_key_data.py
+++ /dev/null
@@ -1,157 +0,0 @@
-"""Sample key material for asymmetric key types.
-
-Meant for use in crypto_knowledge.py.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import binascii
-import re
-from typing import Dict
-
-STR_TRANS_REMOVE_BLANKS = str.maketrans('', '', ' \t\n\r')
-
-def unhexlify(text: str) -> bytes:
- return binascii.unhexlify(text.translate(STR_TRANS_REMOVE_BLANKS))
-
-def construct_asymmetric_key_data(src) -> Dict[str, Dict[int, bytes]]:
- """Split key pairs into separate table entries and convert hex to bytes.
-
- Input format: src[abbreviated_type][size] = (private_key_hex, public_key_hex)
- Output format: dst['PSA_KEY_TYPE_xxx'][size] = key_bytes
- """
- dst = {} #type: Dict[str, Dict[int, bytes]]
- for typ in src:
- private = 'PSA_KEY_TYPE_' + re.sub(r'(\(|\Z)', r'_KEY_PAIR\1', typ, 1)
- public = 'PSA_KEY_TYPE_' + re.sub(r'(\(|\Z)', r'_PUBLIC_KEY\1', typ, 1)
- dst[private] = {}
- dst[public] = {}
- for size in src[typ]:
- dst[private][size] = unhexlify(src[typ][size][0])
- dst[public][size] = unhexlify(src[typ][size][1])
- return dst
-
-## These are valid keys that don't try to exercise any edge cases. They're
-## either test vectors from some specification, or randomly generated. All
-## pairs consist of a private key and its public key.
-#pylint: disable=line-too-long
-ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({
- 'ECC(PSA_ECC_FAMILY_SECP_K1)': {
- 192: ("297ac1722ccac7589ecb240dc719842538ca974beb79f228",
- "0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5"),
- 225: ("0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8",
- "042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d"),
- 256: ("7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9",
- "045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d"),
- },
- 'ECC(PSA_ECC_FAMILY_SECP_R1)': {
- 192: ("d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190",
- "04e35fcbee11cec3154f80a1a61df7d7612de4f2fd70c5608d0ee3a4a1a5719471adb33966dd9b035fdb774feeba94b04c"),
- 224: ("872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995",
- "046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160"),
- 256: ("49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee",
- "047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"),
- 384: ("3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a",
- "04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"),
- 521: ("01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae",
- "04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"),
- },
- 'ECC(PSA_ECC_FAMILY_SECP_R2)': {
- 160: ("00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e",
- "049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b"),
- },
- 'ECC(PSA_ECC_FAMILY_SECT_K1)': {
- 163: ("03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71",
- "0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9"),
- 233: ("41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8",
- "0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f"),
- 239: ("1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61",
- "04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d"),
- 283: ("006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0",
- "0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3"),
- 409: ("3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8",
- "04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b"),
- 571: ("005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51",
- "04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a"),
- },
- 'ECC(PSA_ECC_FAMILY_SECT_R1)': {
- 163: ("009b05dc82d46d64a04a22e6e5ca70ca1231e68c50",
- "0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb"),
- 233: ("00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f",
- "0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d"),
- 283: ("004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad",
- "04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765"),
- 409: ("00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64",
- "0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22"),
- 571: ("026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1",
- "040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74"),
- },
- 'ECC(PSA_ECC_FAMILY_SECT_R2)': {
- 163: ("0210b482a458b4822d0cb21daa96819a67c8062d34",
- "0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f"),
- },
- 'ECC(PSA_ECC_FAMILY_BRAINPOOL_P_R1)': {
- 160: ("69502c4fdaf48d4fa617bdd24498b0406d0eeaac",
- "04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c"),
- 192: ("1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f",
- "043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88"),
- 224: ("a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c",
- "045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc"),
- 256: ("2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff",
- "04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"),
- 320: ("61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead",
- "049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd"),
- 384: ("3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb",
- "04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"),
- 512: ("372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2",
- "0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"),
- },
- 'ECC(PSA_ECC_FAMILY_MONTGOMERY)': {
- 255: ("70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a",
- "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"),
- 448: ("e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1",
- "c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e"),
- },
- 'ECC(PSA_ECC_FAMILY_TWISTED_EDWARDS)': {
- 255: ("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
- "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"),
- 448: ("6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b",
- "5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180"),
- },
- 'RSA': {
- 1024: ("""
-3082025e
- 020100
- 02818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3
- 0203010001
- 02818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1
- 024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113
- 024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091
- 024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d
- 024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1
- 024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24
-""", """
- 308189
- 02818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3
- 0203010001
-"""),
- 1536: ("""
-3082037b
- 020100
- 0281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc35
- 0203010001
- 0281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1
- 026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9
- 026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd
- 026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b1
- 0260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751
- 026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf
-""", """
-3081c9
- 0281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc35
- 0203010001
-"""),
- },
-})
diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py
deleted file mode 100644
index eebc858..0000000
--- a/scripts/mbedtls_dev/bignum_common.py
+++ /dev/null
@@ -1,406 +0,0 @@
-"""Common features for bignum in test generation framework."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-from abc import abstractmethod
-import enum
-from typing import Iterator, List, Tuple, TypeVar, Any
-from copy import deepcopy
-from itertools import chain
-from math import ceil
-
-from . import test_case
-from . import test_data_generation
-from .bignum_data import INPUTS_DEFAULT, MODULI_DEFAULT
-
-T = TypeVar('T') #pylint: disable=invalid-name
-
-def invmod(a: int, n: int) -> int:
- """Return inverse of a to modulo n.
-
- Equivalent to pow(a, -1, n) in Python 3.8+. Implementation is equivalent
- to long_invmod() in CPython.
- """
- b, c = 1, 0
- while n:
- q, r = divmod(a, n)
- a, b, c, n = n, c, b - q*c, r
- # at this point a is the gcd of the original inputs
- if a == 1:
- return b
- raise ValueError("Not invertible")
-
-def invmod_positive(a: int, n: int) -> int:
- """Return a non-negative inverse of a to modulo n."""
- inv = invmod(a, n)
- return inv if inv >= 0 else inv + n
-
-def hex_to_int(val: str) -> int:
- """Implement the syntax accepted by mbedtls_test_read_mpi().
-
- This is a superset of what is accepted by mbedtls_test_read_mpi_core().
- """
- if val in ['', '-']:
- return 0
- return int(val, 16)
-
-def quote_str(val: str) -> str:
- return "\"{}\"".format(val)
-
-def bound_mpi(val: int, bits_in_limb: int) -> int:
- """First number exceeding number of limbs needed for given input value."""
- return bound_mpi_limbs(limbs_mpi(val, bits_in_limb), bits_in_limb)
-
-def bound_mpi_limbs(limbs: int, bits_in_limb: int) -> int:
- """First number exceeding maximum of given number of limbs."""
- bits = bits_in_limb * limbs
- return 1 << bits
-
-def limbs_mpi(val: int, bits_in_limb: int) -> int:
- """Return the number of limbs required to store value."""
- bit_length = max(val.bit_length(), 1)
- return (bit_length + bits_in_limb - 1) // bits_in_limb
-
-def combination_pairs(values: List[T]) -> List[Tuple[T, T]]:
- """Return all pair combinations from input values."""
- return [(x, y) for x in values for y in values]
-
-def bits_to_limbs(bits: int, bits_in_limb: int) -> int:
- """ Return the appropriate ammount of limbs needed to store
- a number contained in input bits"""
- return ceil(bits / bits_in_limb)
-
-def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int:
- """ Return the hex digits need for a number of limbs. """
- return 2 * ((limbs * bits_in_limb) // 8)
-
-def hex_digits_max_int(val: str, bits_in_limb: int) -> int:
- """ Return the first number exceeding maximum the limb space
- required to store the input hex-string value. This method
- weights on the input str_len rather than numerical value
- and works with zero-padded inputs"""
- n = ((1 << (len(val) * 4)) - 1)
- l = limbs_mpi(n, bits_in_limb)
- return bound_mpi_limbs(l, bits_in_limb)
-
-def zfill_match(reference: str, target: str) -> str:
- """ Zero pad target hex-string to match the limb size of
- the reference input """
- lt = len(target)
- lr = len(reference)
- target_len = lr if lt < lr else lt
- return "{:x}".format(int(target, 16)).zfill(target_len)
-
-class OperationCommon(test_data_generation.BaseTest):
- """Common features for bignum binary operations.
-
- This adds functionality common in binary operation tests.
-
- Attributes:
- symbol: Symbol to use for the operation in case description.
- input_values: List of values to use as test case inputs. These are
- combined to produce pairs of values.
- input_cases: List of tuples containing pairs of test case inputs. This
- can be used to implement specific pairs of inputs.
- unique_combinations_only: Boolean to select if test case combinations
- must be unique. If True, only A,B or B,A would be included as a test
- case. If False, both A,B and B,A would be included.
- input_style: Controls the way how test data is passed to the functions
- in the generated test cases. "variable" passes them as they are
- defined in the python source. "arch_split" pads the values with
- zeroes depending on the architecture/limb size. If this is set,
- test cases are generated for all architectures.
- arity: the number of operands for the operation. Currently supported
- values are 1 and 2.
- """
- symbol = ""
- input_values = INPUTS_DEFAULT # type: List[str]
- input_cases = [] # type: List[Any]
- dependencies = [] # type: List[Any]
- unique_combinations_only = False
- input_styles = ["variable", "fixed", "arch_split"] # type: List[str]
- input_style = "variable" # type: str
- limb_sizes = [32, 64] # type: List[int]
- arities = [1, 2]
- arity = 2
- suffix = False # for arity = 1, symbol can be prefix (default) or suffix
-
- def __init__(self, val_a: str, val_b: str = "0", bits_in_limb: int = 32) -> None:
- self.val_a = val_a
- self.val_b = val_b
- # Setting the int versions here as opposed to making them @properties
- # provides earlier/more robust input validation.
- self.int_a = hex_to_int(val_a)
- self.int_b = hex_to_int(val_b)
- self.dependencies = deepcopy(self.dependencies)
- if bits_in_limb not in self.limb_sizes:
- raise ValueError("Invalid number of bits in limb!")
- if self.input_style == "arch_split":
- self.dependencies.append("MBEDTLS_HAVE_INT{:d}".format(bits_in_limb))
- self.bits_in_limb = bits_in_limb
-
- @property
- def boundary(self) -> int:
- if self.arity == 1:
- return self.int_a
- elif self.arity == 2:
- return max(self.int_a, self.int_b)
- raise ValueError("Unsupported number of operands!")
-
- @property
- def limb_boundary(self) -> int:
- return bound_mpi(self.boundary, self.bits_in_limb)
-
- @property
- def limbs(self) -> int:
- return limbs_mpi(self.boundary, self.bits_in_limb)
-
- @property
- def hex_digits(self) -> int:
- return hex_digits_for_limb(self.limbs, self.bits_in_limb)
-
- def format_arg(self, val: str) -> str:
- if self.input_style not in self.input_styles:
- raise ValueError("Unknown input style!")
- if self.input_style == "variable":
- return val
- else:
- return val.zfill(self.hex_digits)
-
- def format_result(self, res: int) -> str:
- res_str = '{:x}'.format(res)
- return quote_str(self.format_arg(res_str))
-
- @property
- def arg_a(self) -> str:
- return self.format_arg(self.val_a)
-
- @property
- def arg_b(self) -> str:
- if self.arity == 1:
- raise AttributeError("Operation is unary and doesn't have arg_b!")
- return self.format_arg(self.val_b)
-
- def arguments(self) -> List[str]:
- args = [quote_str(self.arg_a)]
- if self.arity == 2:
- args.append(quote_str(self.arg_b))
- return args + self.result()
-
- def description(self) -> str:
- """Generate a description for the test case.
-
- If not set, case_description uses the form A `symbol` B, where symbol
- is used to represent the operation. Descriptions of each value are
- generated to provide some context to the test case.
- """
- if not self.case_description:
- if self.arity == 1:
- format_string = "{1:x} {0}" if self.suffix else "{0} {1:x}"
- self.case_description = format_string.format(
- self.symbol, self.int_a
- )
- elif self.arity == 2:
- self.case_description = "{:x} {} {:x}".format(
- self.int_a, self.symbol, self.int_b
- )
- return super().description()
-
- @property
- def is_valid(self) -> bool:
- return True
-
- @abstractmethod
- def result(self) -> List[str]:
- """Get the result of the operation.
-
- This could be calculated during initialization and stored as `_result`
- and then returned, or calculated when the method is called.
- """
- raise NotImplementedError
-
- @classmethod
- def get_value_pairs(cls) -> Iterator[Tuple[str, str]]:
- """Generator to yield pairs of inputs.
-
- Combinations are first generated from all input values, and then
- specific cases provided.
- """
- if cls.arity == 1:
- yield from ((a, "0") for a in cls.input_values)
- elif cls.arity == 2:
- if cls.unique_combinations_only:
- yield from combination_pairs(cls.input_values)
- else:
- yield from (
- (a, b)
- for a in cls.input_values
- for b in cls.input_values
- )
- else:
- raise ValueError("Unsupported number of operands!")
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- if cls.input_style not in cls.input_styles:
- raise ValueError("Unknown input style!")
- if cls.arity not in cls.arities:
- raise ValueError("Unsupported number of operands!")
- if cls.input_style == "arch_split":
- test_objects = (cls(a, b, bits_in_limb=bil)
- for a, b in cls.get_value_pairs()
- for bil in cls.limb_sizes)
- special_cases = (cls(*args, bits_in_limb=bil) # type: ignore
- for args in cls.input_cases
- for bil in cls.limb_sizes)
- else:
- test_objects = (cls(a, b)
- for a, b in cls.get_value_pairs())
- special_cases = (cls(*args) for args in cls.input_cases)
- yield from (valid_test_object.create_test_case()
- for valid_test_object in filter(
- lambda test_object: test_object.is_valid,
- chain(test_objects, special_cases)
- )
- )
-
-
-class ModulusRepresentation(enum.Enum):
- """Representation selector of a modulus."""
- # Numerical values aligned with the type mbedtls_mpi_mod_rep_selector
- INVALID = 0
- MONTGOMERY = 2
- OPT_RED = 3
-
- def symbol(self) -> str:
- """The C symbol for this representation selector."""
- return 'MBEDTLS_MPI_MOD_REP_' + self.name
-
- @classmethod
- def supported_representations(cls) -> List['ModulusRepresentation']:
- """Return all representations that are supported in positive test cases."""
- return [cls.MONTGOMERY, cls.OPT_RED]
-
-
-class ModOperationCommon(OperationCommon):
- #pylint: disable=abstract-method
- """Target for bignum mod_raw test case generation."""
- moduli = MODULI_DEFAULT # type: List[str]
- montgomery_form_a = False
- disallow_zero_a = False
-
- def __init__(self, val_n: str, val_a: str, val_b: str = "0",
- bits_in_limb: int = 64) -> None:
- super().__init__(val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb)
- self.val_n = val_n
- # Setting the int versions here as opposed to making them @properties
- # provides earlier/more robust input validation.
- self.int_n = hex_to_int(val_n)
-
- def to_montgomery(self, val: int) -> int:
- return (val * self.r) % self.int_n
-
- def from_montgomery(self, val: int) -> int:
- return (val * self.r_inv) % self.int_n
-
- def convert_from_canonical(self, canonical: int,
- rep: ModulusRepresentation) -> int:
- """Convert values from canonical representation to the given representation."""
- if rep is ModulusRepresentation.MONTGOMERY:
- return self.to_montgomery(canonical)
- elif rep is ModulusRepresentation.OPT_RED:
- return canonical
- else:
- raise ValueError('Modulus representation not supported: {}'
- .format(rep.name))
-
- @property
- def boundary(self) -> int:
- return self.int_n
-
- @property
- def arg_a(self) -> str:
- if self.montgomery_form_a:
- value_a = self.to_montgomery(self.int_a)
- else:
- value_a = self.int_a
- return self.format_arg('{:x}'.format(value_a))
-
- @property
- def arg_n(self) -> str:
- return self.format_arg(self.val_n)
-
- def format_arg(self, val: str) -> str:
- return super().format_arg(val).zfill(self.hex_digits)
-
- def arguments(self) -> List[str]:
- return [quote_str(self.arg_n)] + super().arguments()
-
- @property
- def r(self) -> int: # pylint: disable=invalid-name
- l = limbs_mpi(self.int_n, self.bits_in_limb)
- return bound_mpi_limbs(l, self.bits_in_limb)
-
- @property
- def r_inv(self) -> int:
- return invmod(self.r, self.int_n)
-
- @property
- def r2(self) -> int: # pylint: disable=invalid-name
- return pow(self.r, 2)
-
- @property
- def is_valid(self) -> bool:
- if self.int_a >= self.int_n:
- return False
- if self.disallow_zero_a and self.int_a == 0:
- return False
- if self.arity == 2 and self.int_b >= self.int_n:
- return False
- return True
-
- def description(self) -> str:
- """Generate a description for the test case.
-
- It uses the form A `symbol` B mod N, where symbol is used to represent
- the operation.
- """
-
- if not self.case_description:
- return super().description() + " mod {:x}".format(self.int_n)
- return super().description()
-
- @classmethod
- def input_cases_args(cls) -> Iterator[Tuple[Any, Any, Any]]:
- if cls.arity == 1:
- yield from ((n, a, "0") for a, n in cls.input_cases)
- elif cls.arity == 2:
- yield from ((n, a, b) for a, b, n in cls.input_cases)
- else:
- raise ValueError("Unsupported number of operands!")
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- if cls.input_style not in cls.input_styles:
- raise ValueError("Unknown input style!")
- if cls.arity not in cls.arities:
- raise ValueError("Unsupported number of operands!")
- if cls.input_style == "arch_split":
- test_objects = (cls(n, a, b, bits_in_limb=bil)
- for n in cls.moduli
- for a, b in cls.get_value_pairs()
- for bil in cls.limb_sizes)
- special_cases = (cls(*args, bits_in_limb=bil)
- for args in cls.input_cases_args()
- for bil in cls.limb_sizes)
- else:
- test_objects = (cls(n, a, b)
- for n in cls.moduli
- for a, b in cls.get_value_pairs())
- special_cases = (cls(*args) for args in cls.input_cases_args())
- yield from (valid_test_object.create_test_case()
- for valid_test_object in filter(
- lambda test_object: test_object.is_valid,
- chain(test_objects, special_cases)
- ))
diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py
deleted file mode 100644
index 909f6a3..0000000
--- a/scripts/mbedtls_dev/bignum_core.py
+++ /dev/null
@@ -1,896 +0,0 @@
-"""Framework classes for generation of bignum core test cases."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import random
-
-from typing import Dict, Iterator, List, Tuple
-
-from . import test_case
-from . import test_data_generation
-from . import bignum_common
-from .bignum_data import ADD_SUB_DATA
-
-class BignumCoreTarget(test_data_generation.BaseTarget):
- #pylint: disable=abstract-method, too-few-public-methods
- """Target for bignum core test case generation."""
- target_basename = 'test_suite_bignum_core.generated'
-
-
-class BignumCoreShiftR(BignumCoreTarget, test_data_generation.BaseTest):
- """Test cases for mbedtls_bignum_core_shift_r()."""
- count = 0
- test_function = "mpi_core_shift_r"
- test_name = "Core shift right"
-
- DATA = [
- ('00', '0', [0, 1, 8]),
- ('01', '1', [0, 1, 2, 8, 64]),
- ('dee5ca1a7ef10a75', '64-bit',
- list(range(11)) + [31, 32, 33, 63, 64, 65, 71, 72]),
- ('002e7ab0070ad57001', '[leading 0 limb]',
- [0, 1, 8, 63, 64]),
- ('a1055eb0bb1efa1150ff', '80-bit',
- [0, 1, 8, 63, 64, 65, 72, 79, 80, 81, 88, 128, 129, 136]),
- ('020100000000000000001011121314151617', '138-bit',
- [0, 1, 8, 9, 16, 72, 73, 136, 137, 138, 144]),
- ]
-
- def __init__(self, input_hex: str, descr: str, count: int) -> None:
- self.input_hex = input_hex
- self.number_description = descr
- self.shift_count = count
- self.result = bignum_common.hex_to_int(input_hex) >> count
-
- def arguments(self) -> List[str]:
- return ['"{}"'.format(self.input_hex),
- str(self.shift_count),
- '"{:0{}x}"'.format(self.result, len(self.input_hex))]
-
- def description(self) -> str:
- return 'Core shift {} >> {}'.format(self.number_description,
- self.shift_count)
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- for input_hex, descr, counts in cls.DATA:
- for count in counts:
- yield cls(input_hex, descr, count).create_test_case()
-
-
-class BignumCoreShiftL(BignumCoreTarget, bignum_common.ModOperationCommon):
- """Test cases for mbedtls_bignum_core_shift_l()."""
-
- BIT_SHIFT_VALUES = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a',
- '1f', '20', '21', '3f', '40', '41', '47', '48', '4f',
- '50', '51', '58', '80', '81', '88']
- DATA = ["0", "1", "40", "dee5ca1a7ef10a75", "a1055eb0bb1efa1150ff",
- "002e7ab0070ad57001", "020100000000000000001011121314151617",
- "1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a222"
- "7a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe"
- "9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a51"
- "1698b5dad0416305db7fcf"]
- arity = 1
- test_function = "mpi_core_shift_l"
- test_name = "Core shift(L)"
- input_style = "arch_split"
- symbol = "<<"
- input_values = BIT_SHIFT_VALUES
- moduli = DATA
-
- @property
- def val_n_max_limbs(self) -> int:
- """ Return the limb count required to store the maximum number that can
- fit in a the number of digits used by val_n """
- m = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) - 1
- return bignum_common.limbs_mpi(m, self.bits_in_limb)
-
- def arguments(self) -> List[str]:
- return [bignum_common.quote_str(self.val_n),
- str(self.int_a)
- ] + self.result()
-
- def description(self) -> str:
- """ Format the output as:
- #{count} {hex input} ({input bits} {limbs capacity}) << {bit shift} """
- bits = "({} bits in {} limbs)".format(self.int_n.bit_length(), self.val_n_max_limbs)
- return "{} #{} {} {} {} {}".format(self.test_name,
- self.count,
- self.val_n,
- bits,
- self.symbol,
- self.int_a)
-
- def format_result(self, res: int) -> str:
- # Override to match zero-pading for leading digits between the output and input.
- res_str = bignum_common.zfill_match(self.val_n, "{:x}".format(res))
- return bignum_common.quote_str(res_str)
-
- def result(self) -> List[str]:
- result = (self.int_n << self.int_a)
- # Calculate if there is space for shifting to the left(leading zero limbs)
- mx = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb)
- # If there are empty limbs ahead, adjust the bitmask accordingly
- result = result & (mx - 1)
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
-
-class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest):
- """Test cases for mbedtls_mpi_core_ct_uint_table_lookup()."""
- test_function = "mpi_core_ct_uint_table_lookup"
- test_name = "Constant time MPI table lookup"
-
- bitsizes = [
- (32, "One limb"),
- (192, "Smallest curve sized"),
- (512, "Largest curve sized"),
- (2048, "Small FF/RSA sized"),
- (4096, "Large FF/RSA sized"),
- ]
-
- window_sizes = [0, 1, 2, 3, 4, 5, 6]
-
- def __init__(self,
- bitsize: int, descr: str, window_size: int) -> None:
- self.bitsize = bitsize
- self.bitsize_description = descr
- self.window_size = window_size
-
- def arguments(self) -> List[str]:
- return [str(self.bitsize), str(self.window_size)]
-
- def description(self) -> str:
- return '{} - {} MPI with {} bit window'.format(
- BignumCoreCTLookup.test_name,
- self.bitsize_description,
- self.window_size
- )
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- for bitsize, bitsize_description in cls.bitsizes:
- for window_size in cls.window_sizes:
- yield (cls(bitsize, bitsize_description, window_size)
- .create_test_case())
-
-
-class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for bignum core add and add-if."""
- count = 0
- symbol = "+"
- test_function = "mpi_core_add_and_add_if"
- test_name = "mpi_core_add_and_add_if"
- input_style = "arch_split"
- input_values = ADD_SUB_DATA
- unique_combinations_only = True
-
- def result(self) -> List[str]:
- result = self.int_a + self.int_b
-
- carry, result = divmod(result, self.limb_boundary)
-
- return [
- self.format_result(result),
- str(carry)
- ]
-
-
-class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for bignum core sub."""
- count = 0
- input_style = "arch_split"
- symbol = "-"
- test_function = "mpi_core_sub"
- test_name = "mbedtls_mpi_core_sub"
- input_values = ADD_SUB_DATA
-
- def result(self) -> List[str]:
- if self.int_a >= self.int_b:
- result = self.int_a - self.int_b
- carry = 0
- else:
- result = self.limb_boundary + self.int_a - self.int_b
- carry = 1
- return [
- self.format_result(result),
- str(carry)
- ]
-
-
-class BignumCoreMLA(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for fixed-size multiply accumulate."""
- count = 0
- test_function = "mpi_core_mla"
- test_name = "mbedtls_mpi_core_mla"
-
- input_values = [
- "0", "1", "fffe", "ffffffff", "100000000", "20000000000000",
- "ffffffffffffffff", "10000000000000000", "1234567890abcdef0",
- "fffffffffffffffffefefefefefefefe",
- "100000000000000000000000000000000",
- "1234567890abcdef01234567890abcdef0",
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0",
- (
- "4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f"
- "34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf17"
- "9298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38"
- "edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec02507"
- "6b12b"
- )
- ] # type: List[str]
- input_scalars = [
- "0", "3", "fe", "ff", "ffff", "10000", "ffffffff", "100000000",
- "7f7f7f7f7f7f7f7f", "8000000000000000", "fffffffffffffffe"
- ] # type: List[str]
-
- def __init__(self, val_a: str, val_b: str, val_s: str) -> None:
- super().__init__(val_a, val_b)
- self.arg_scalar = val_s
- self.int_scalar = bignum_common.hex_to_int(val_s)
- if bignum_common.limbs_mpi(self.int_scalar, 32) > 1:
- self.dependencies = ["MBEDTLS_HAVE_INT64"]
-
- def arguments(self) -> List[str]:
- return [
- bignum_common.quote_str(self.arg_a),
- bignum_common.quote_str(self.arg_b),
- bignum_common.quote_str(self.arg_scalar)
- ] + self.result()
-
- def description(self) -> str:
- """Override and add the additional scalar."""
- if not self.case_description:
- self.case_description = "0x{} + 0x{} * 0x{}".format(
- self.arg_a, self.arg_b, self.arg_scalar
- )
- return super().description()
-
- def result(self) -> List[str]:
- result = self.int_a + (self.int_b * self.int_scalar)
- bound_val = max(self.int_a, self.int_b)
- bound_4 = bignum_common.bound_mpi(bound_val, 32)
- bound_8 = bignum_common.bound_mpi(bound_val, 64)
- carry_4, remainder_4 = divmod(result, bound_4)
- carry_8, remainder_8 = divmod(result, bound_8)
- return [
- "\"{:x}\"".format(remainder_4),
- "\"{:x}\"".format(carry_4),
- "\"{:x}\"".format(remainder_8),
- "\"{:x}\"".format(carry_8)
- ]
-
- @classmethod
- def get_value_pairs(cls) -> Iterator[Tuple[str, str]]:
- """Generator to yield pairs of inputs.
-
- Combinations are first generated from all input values, and then
- specific cases provided.
- """
- yield from super().get_value_pairs()
- yield from cls.input_cases
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- """Override for additional scalar input."""
- for a_value, b_value in cls.get_value_pairs():
- for s_value in cls.input_scalars:
- cur_op = cls(a_value, b_value, s_value)
- yield cur_op.create_test_case()
-
-
-class BignumCoreMul(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for bignum core multiplication."""
- count = 0
- input_style = "arch_split"
- symbol = "*"
- test_function = "mpi_core_mul"
- test_name = "mbedtls_mpi_core_mul"
- arity = 2
- unique_combinations_only = True
-
- def format_arg(self, val: str) -> str:
- return val
-
- def format_result(self, res: int) -> str:
- res_str = '{:x}'.format(res)
- a_limbs = bignum_common.limbs_mpi(self.int_a, self.bits_in_limb)
- b_limbs = bignum_common.limbs_mpi(self.int_b, self.bits_in_limb)
- hex_digits = bignum_common.hex_digits_for_limb(a_limbs + b_limbs, self.bits_in_limb)
- return bignum_common.quote_str(self.format_arg(res_str).zfill(hex_digits))
-
- def result(self) -> List[str]:
- result = self.int_a * self.int_b
- return [self.format_result(result)]
-
-
-class BignumCoreMontmul(BignumCoreTarget, test_data_generation.BaseTest):
- """Test cases for Montgomery multiplication."""
- count = 0
- test_function = "mpi_core_montmul"
- test_name = "mbedtls_mpi_core_montmul"
-
- start_2_mpi4 = False
- start_2_mpi8 = False
-
- replay_test_cases = [
- (2, 1, 1, 1, "19", "1", "1D"), (2, 1, 1, 1, "7", "1", "9"),
- (2, 1, 1, 1, "4", "1", "9"),
- (
- 12, 1, 6, 1, (
- "3C246D0E059A93A266288A7718419EC741661B474C58C032C5EDAF92709402"
- "B07CC8C7CE0B781C641A1EA8DB2F4343"
- ), "1", (
- "66A198186C18C10B2F5ED9B522752A9830B69916E535C8F047518A889A43A5"
- "94B6BED27A168D31D4A52F88925AA8F5"
- )
- ), (
- 8, 1, 4, 1,
- "1E442976B0E63D64FCCE74B999E470CA9888165CB75BFA1F340E918CE03C6211",
- "1", "B3A119602EE213CDE28581ECD892E0F592A338655DCE4CA88054B3D124D0E561"
- ), (
- 22, 1, 11, 1, (
- "7CF5AC97304E0B63C65413F57249F59994B0FED1D2A8D3D83ED5FA38560FFB"
- "82392870D6D08F87D711917FD7537E13B7E125BE407E74157776839B0AC9DB"
- "23CBDFC696104353E4D2780B2B4968F8D8542306BCA7A2366E"
- ), "1", (
- "284139EA19C139EBE09A8111926AAA39A2C2BE12ED487A809D3CB5BC558547"
- "25B4CDCB5734C58F90B2F60D99CC1950CDBC8D651793E93C9C6F0EAD752500"
- "A32C56C62082912B66132B2A6AA42ADA923E1AD22CEB7BA0123"
- )
- )
- ] # type: List[Tuple[int, int, int, int, str, str, str]]
-
- random_test_cases = [
- ("2", "2", "3", ""), ("1", "2", "3", ""), ("2", "1", "3", ""),
- ("6", "5", "7", ""), ("3", "4", "7", ""), ("1", "6", "7", ""), ("5", "6", "7", ""),
- ("3", "4", "B", ""), ("7", "4", "B", ""), ("9", "7", "B", ""), ("2", "a", "B", ""),
- ("25", "16", "29", "(0x29 is prime)"), ("8", "28", "29", ""),
- ("18", "21", "29", ""), ("15", "f", "29", ""),
- ("e2", "ea", "FF", ""), ("43", "72", "FF", ""),
- ("d8", "70", "FF", ""), ("3c", "7c", "FF", ""),
- ("99", "b9", "101", "(0x101 is prime)"), ("65", "b2", "101", ""),
- ("81", "32", "101", ""), ("51", "dd", "101", ""),
- ("d5", "143", "38B", "(0x38B is prime)"), ("3d", "387", "38B", ""),
- ("160", "2e5", "38B", ""), ("10f", "137", "38B", ""),
- ("7dac", "25a", "8003", "(0x8003 is prime)"), ("6f1c", "3286", "8003", ""),
- ("59ed", "2f3f", "8003", ""), ("6893", "736d", "8003", ""),
- ("d199", "2832", "10001", "(0x10001 is prime)"), ("c3b2", "3e5b", "10001", ""),
- ("abe4", "214e", "10001", ""), ("4360", "a05d", "10001", ""),
- ("3f5a1", "165b2", "7F7F7", ""), ("3bd29", "37863", "7F7F7", ""),
- ("60c47", "64819", "7F7F7", ""), ("16584", "12c49", "7F7F7", ""),
- ("1ff03f", "610347", "800009", "(0x800009 is prime)"), ("340fd5", "19812e", "800009", ""),
- ("3fe2e8", "4d0dc7", "800009", ""), ("40356", "e6392", "800009", ""),
- ("dd8a1d", "266c0e", "100002B", "(0x100002B is prime)"),
- ("3fa1cb", "847fd6", "100002B", ""), ("5f439d", "5c3196", "100002B", ""),
- ("18d645", "f72dc6", "100002B", ""),
- ("20051ad", "37def6e", "37EEE9D", "(0x37EEE9D is prime)"),
- ("2ec140b", "3580dbf", "37EEE9D", ""), ("1d91b46", "190d4fc", "37EEE9D", ""),
- ("34e488d", "1224d24", "37EEE9D", ""),
- ("2a4fe2cb", "263466a9", "8000000B", "(0x8000000B is prime)"),
- ("5643fe94", "29a1aefa", "8000000B", ""), ("29633513", "7b007ac4", "8000000B", ""),
- ("2439cef5", "5c9d5a47", "8000000B", ""),
- ("4de3cfaa", "50dea178", "8CD626B9", "(0x8CD626B9 is prime)"),
- ("b8b8563", "10dbbbac", "8CD626B9", ""), ("4e8a6151", "5574ec19", "8CD626B9", ""),
- ("69224878", "309cfc23", "8CD626B9", ""),
- ("fb6f7fb6", "afb05423", "10000000F", "(0x10000000F is prime)"),
- ("8391a243", "26034dcd", "10000000F", ""), ("d26b98c", "14b2d6aa", "10000000F", ""),
- ("6b9f1371", "a21daf1d", "10000000F", ""),
- (
- "9f49435ad", "c8264ade8", "174876E7E9",
- "0x174876E7E9 is prime (dec) 99999999977"
- ),
- ("c402da434", "1fb427acf", "174876E7E9", ""),
- ("f6ebc2bb1", "1096d39f2a", "174876E7E9", ""),
- ("153b7f7b6b", "878fda8ff", "174876E7E9", ""),
- ("2c1adbb8d6", "4384d2d3c6", "8000000017", "(0x8000000017 is prime)"),
- ("2e4f9cf5fb", "794f3443d9", "8000000017", ""),
- ("149e495582", "3802b8f7b7", "8000000017", ""),
- ("7b9d49df82", "69c68a442a", "8000000017", ""),
- ("683a134600", "6dd80ea9f6", "864CB9076D", "(0x864CB9076D is prime)"),
- ("13a870ff0d", "59b099694a", "864CB9076D", ""),
- ("37d06b0e63", "4d2147e46f", "864CB9076D", ""),
- ("661714f8f4", "22e55df507", "864CB9076D", ""),
- ("2f0a96363", "52693307b4", "F7F7F7F7F7", ""),
- ("3c85078e64", "f2275ecb6d", "F7F7F7F7F7", ""),
- ("352dae68d1", "707775b4c6", "F7F7F7F7F7", ""),
- ("37ae0f3e0b", "912113040f", "F7F7F7F7F7", ""),
- ("6dada15e31", "f58ed9eff7", "1000000000F", "(0x1000000000F is prime)"),
- ("69627a7c89", "cfb5ebd13d", "1000000000F", ""),
- ("a5e1ad239b", "afc030c731", "1000000000F", ""),
- ("f1cc45f4c5", "c64ad607c8", "1000000000F", ""),
- ("2ebad87d2e31", "4c72d90bca78", "800000000005", "(0x800000000005 is prime)"),
- ("a30b3cc50d", "29ac4fe59490", "800000000005", ""),
- ("33674e9647b4", "5ec7ee7e72d3", "800000000005", ""),
- ("3d956f474f61", "74070040257d", "800000000005", ""),
- ("48348e3717d6", "43fcb4399571", "800795D9BA47", "(0x800795D9BA47 is prime)"),
- ("5234c03cc99b", "2f3cccb87803", "800795D9BA47", ""),
- ("3ed13db194ab", "44b8f4ba7030", "800795D9BA47", ""),
- ("1c11e843bfdb", "95bd1b47b08", "800795D9BA47", ""),
- ("a81d11cb81fd", "1e5753a3f33d", "1000000000015", "(0x1000000000015 is prime)"),
- ("688c4db99232", "36fc0cf7ed", "1000000000015", ""),
- ("f0720cc07e07", "fc76140ed903", "1000000000015", ""),
- ("2ec61f8d17d1", "d270c85e36d2", "1000000000015", ""),
- (
- "6a24cd3ab63820", "ed4aad55e5e348", "100000000000051",
- "(0x100000000000051 is prime)"
- ),
- ("e680c160d3b248", "31e0d8840ed510", "100000000000051", ""),
- ("a80637e9aebc38", "bb81decc4e1738", "100000000000051", ""),
- ("9afa5a59e9d630", "be9e65a6d42938", "100000000000051", ""),
- ("ab5e104eeb71c000", "2cffbd639e9fea00", "ABCDEF0123456789", ""),
- ("197b867547f68a00", "44b796cf94654800", "ABCDEF0123456789", ""),
- ("329f9483a04f2c00", "9892f76961d0f000", "ABCDEF0123456789", ""),
- ("4a2e12dfb4545000", "1aa3e89a69794500", "ABCDEF0123456789", ""),
- (
- "8b9acdf013d140f000", "12e4ceaefabdf2b2f00", "25A55A46E5DA99C71C7",
- "0x25A55A46E5DA99C71C7 is the 3rd repunit prime(dec) 11111111111111111111111"
- ),
- ("1b8d960ea277e3f5500", "14418aa980e37dd000", "25A55A46E5DA99C71C7", ""),
- ("7314524977e8075980", "8172fa45618ccd0d80", "25A55A46E5DA99C71C7", ""),
- ("ca14f031769be63580", "147a2f3cf2964ca9400", "25A55A46E5DA99C71C7", ""),
- (
- "18532ba119d5cd0cf39735c0000", "25f9838e31634844924733000000",
- "314DC643FB763F2B8C0E2DE00879",
- "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3"
- ),
- (
- "a56e2d2517519e3970e70c40000", "ec27428d4bb380458588fa80000",
- "314DC643FB763F2B8C0E2DE00879", ""
- ),
- (
- "1cb5e8257710e8653fff33a00000", "15fdd42fe440fd3a1d121380000",
- "314DC643FB763F2B8C0E2DE00879", ""
- ),
- (
- "e50d07a65fc6f93e538ce040000", "1f4b059ca609f3ce597f61240000",
- "314DC643FB763F2B8C0E2DE00879", ""
- ),
- (
- "1ea3ade786a095d978d387f30df9f20000000",
- "127c448575f04af5a367a7be06c7da0000000",
- "47BF19662275FA2F6845C74942ED1D852E521",
- "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4"
- ),
- (
- "16e15b0ca82764e72e38357b1f10a20000000",
- "43e2355d8514bbe22b0838fdc3983a0000000",
- "47BF19662275FA2F6845C74942ED1D852E521", ""
- ),
- (
- "be39332529d93f25c3d116c004c620000000",
- "5cccec42370a0a2c89c6772da801a0000000",
- "47BF19662275FA2F6845C74942ED1D852E521", ""
- ),
- (
- "ecaa468d90de0eeda474d39b3e1fc0000000",
- "1e714554018de6dc0fe576bfd3b5660000000",
- "47BF19662275FA2F6845C74942ED1D852E521", ""
- ),
- (
- "32298816711c5dce46f9ba06e775c4bedfc770e6700000000000000",
- "8ee751fd5fb24f0b4a653cb3a0c8b7d9e724574d168000000000000",
- "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931",
- (
- "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931"
- " is (dec) 99999999977^6"
- )
- ),
- (
- "29213b9df3cfd15f4b428645b67b677c29d1378d810000000000000",
- "6cbb732c65e10a28872394dfdd1936d5171c3c3aac0000000000000",
- "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", ""
- ),
- (
- "6f18db06ad4abc52c0c50643dd13098abccd4a232f0000000000000",
- "7e6bf41f2a86098ad51f98dfc10490ba3e8081bc830000000000000",
- "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", ""
- ),
- (
- "62d3286cd706ad9d73caff63f1722775d7e8c731208000000000000",
- "530f7ba02ae2b04c2fe3e3d27ec095925631a6c2528000000000000",
- "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", ""
- ),
- (
- "a6c6503e3c031fdbf6009a89ed60582b7233c5a85de28b16000000000000000",
- "75c8ed18270b583f16d442a467d32bf95c5e491e9b8523798000000000000000",
- "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499",
- (
- "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499"
- " is (dec) 99999999977^7"
- )
- ),
- (
- "bf84d1f85cf6b51e04d2c8f4ffd03532d852053cf99b387d4000000000000000",
- "397ba5a743c349f4f28bc583ecd5f06e0a25f9c6d98f09134000000000000000",
- "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", ""
- ),
- (
- "6db11c3a4152ed1a2aa6fa34b0903ec82ea1b88908dcb482000000000000000",
- "ac8ac576a74ad6ca48f201bf89f77350ce86e821358d85920000000000000000",
- "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", ""
- ),
- (
- "3001d96d7fe8b733f33687646fc3017e3ac417eb32e0ec708000000000000000",
- "925ddbdac4174e8321a48a32f79640e8cf7ec6f46ea235a80000000000000000",
- "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", ""
- ),
- (
- "1029048755f2e60dd98c8de6d9989226b6bb4f0db8e46bd1939de560000000000000000000",
- "51bb7270b2e25cec0301a03e8275213bb6c2f6e6ec93d4d46d36ca0000000000000000000",
- "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41",
- (
- "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146"
- "380E41 is 99999999977^8"
- )
- ),
- (
- "1c5337ff982b3ad6611257dbff5bbd7a9920ba2d4f5838a0cc681ce000000000000000000",
- "520c5d049ca4702031ba728591b665c4d4ccd3b2b86864d4c160fd2000000000000000000",
- "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41",
- ""
- ),
- (
- "57074dfa00e42f6555bae624b7f0209f218adf57f73ed34ab0ff90c000000000000000000",
- "41eb14b6c07bfd3d1fe4f4a610c17cc44fcfcda695db040e011065000000000000000000",
- "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41",
- ""
- ),
- (
- "d8ed7feed2fe855e6997ad6397f776158573d425031bf085a615784000000000000000000",
- "6f121dcd18c578ab5e229881006007bb6d319b179f11015fe958b9c000000000000000000",
- "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41",
- ""
- ),
- (
- (
- "2a462b156180ea5fe550d3758c764e06fae54e626b5f503265a09df76edbdfbf"
- "a1e6000000000000000000000000"
- ), (
- "1136f41d1879fd4fb9e49e0943a46b6704d77c068ee237c3121f9071cfd3e6a0"
- "0315800000000000000000000000"
- ), (
- "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90"
- "2713E40F51E3B3C214EDFABC451"
- ), (
- "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC"
- "902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10"
- )
- ),
- (
- (
- "c1ac3800dfb3c6954dea391d206200cf3c47f795bf4a5603b4cb88ae7e574de47"
- "40800000000000000000000000"
- ), (
- "c0d16eda0549ede42fa0deb4635f7b7ce061fadea02ee4d85cba4c4f709603419"
- "3c800000000000000000000000"
- ), (
- "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90"
- "2713E40F51E3B3C214EDFABC451"
- ), ""
- ),
- (
- (
- "19e45bb7633094d272588ad2e43bcb3ee341991c6731b6fa9d47c4018d7ce7bba"
- "5ee800000000000000000000000"
- ), (
- "1e4f83166ae59f6b9cc8fd3e7677ed8bfc01bb99c98bd3eb084246b64c1e18c33"
- "65b800000000000000000000000"
- ), (
- "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90"
- "2713E40F51E3B3C214EDFABC451"
- ), ""
- ),
- (
- (
- "1aa93395fad5f9b7f20b8f9028a054c0bb7c11bb8520e6a95e5a34f06cb70bcdd"
- "01a800000000000000000000000"
- ), (
- "54b45afa5d4310192f8d224634242dd7dcfb342318df3d9bd37b4c614788ba13b"
- "8b000000000000000000000000"
- ), (
- "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90"
- "2713E40F51E3B3C214EDFABC451"
- ), ""
- ),
- (
- (
- "544f2628a28cfb5ce0a1b7180ee66b49716f1d9476c466c57f0c4b23089917843"
- "06d48f78686115ee19e25400000000000000000000000000000000"
- ), (
- "677eb31ef8d66c120fa872a60cd47f6e10cbfdf94f90501bd7883cba03d185be0"
- "a0148d1625745e9c4c827300000000000000000000000000000000"
- ), (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1"
- "1DABD6E6144BEF37C6800000000000000000000000000000000051"
- ), (
- "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBF"
- "A11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime,"
- " (dec) 10^143 + 3^4"
- )
- ),
- (
- (
- "76bb3470985174915e9993522aec989666908f9e8cf5cb9f037bf4aee33d8865c"
- "b6464174795d07e30015b80000000000000000000000000000000"
- ), (
- "6aaaf60d5784dcef612d133613b179a317532ecca0eed40b8ad0c01e6d4a6d8c7"
- "9a52af190abd51739009a900000000000000000000000000000000"
- ), (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1"
- "1DABD6E6144BEF37C6800000000000000000000000000000000051"
- ), ""
- ),
- (
- (
- "6cfdd6e60912e441d2d1fc88f421b533f0103a5322ccd3f4db84861643ad63fd6"
- "3d1d8cfbc1d498162786ba00000000000000000000000000000000"
- ), (
- "1177246ec5e93814816465e7f8f248b350d954439d35b2b5d75d917218e7fd5fb"
- "4c2f6d0667f9467fdcf33400000000000000000000000000000000"
- ), (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1"
- "1DABD6E6144BEF37C6800000000000000000000000000000000051"
- ), ""
- ),
- (
- (
- "7a09a0b0f8bbf8057116fb0277a9bdf3a91b5eaa8830d448081510d8973888be5"
- "a9f0ad04facb69aa3715f00000000000000000000000000000000"
- ), (
- "764dec6c05a1c0d87b649efa5fd94c91ea28bffb4725d4ab4b33f1a3e8e3b314d"
- "799020e244a835a145ec9800000000000000000000000000000000"
- ), (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1"
- "1DABD6E6144BEF37C6800000000000000000000000000000000051"
- ), ""
- )
- ] # type: List[Tuple[str, str, str, str]]
-
- def __init__(
- self, val_a: str, val_b: str, val_n: str, case_description: str = ""
- ):
- self.case_description = case_description
- self.arg_a = val_a
- self.int_a = bignum_common.hex_to_int(val_a)
- self.arg_b = val_b
- self.int_b = bignum_common.hex_to_int(val_b)
- self.arg_n = val_n
- self.int_n = bignum_common.hex_to_int(val_n)
-
- limbs_a4 = bignum_common.limbs_mpi(self.int_a, 32)
- limbs_a8 = bignum_common.limbs_mpi(self.int_a, 64)
- self.limbs_b4 = bignum_common.limbs_mpi(self.int_b, 32)
- self.limbs_b8 = bignum_common.limbs_mpi(self.int_b, 64)
- self.limbs_an4 = bignum_common.limbs_mpi(self.int_n, 32)
- self.limbs_an8 = bignum_common.limbs_mpi(self.int_n, 64)
-
- if limbs_a4 > self.limbs_an4 or limbs_a8 > self.limbs_an8:
- raise Exception("Limbs of input A ({}) exceeds N ({})".format(
- self.arg_a, self.arg_n
- ))
-
- def arguments(self) -> List[str]:
- return [
- str(self.limbs_an4), str(self.limbs_b4),
- str(self.limbs_an8), str(self.limbs_b8),
- bignum_common.quote_str(self.arg_a),
- bignum_common.quote_str(self.arg_b),
- bignum_common.quote_str(self.arg_n)
- ] + self.result()
-
- def description(self) -> str:
- if self.case_description != "replay":
- if not self.start_2_mpi4 and self.limbs_an4 > 1:
- tmp = "(start of 2-MPI 4-byte bignums) "
- self.__class__.start_2_mpi4 = True
- elif not self.start_2_mpi8 and self.limbs_an8 > 1:
- tmp = "(start of 2-MPI 8-byte bignums) "
- self.__class__.start_2_mpi8 = True
- else:
- tmp = "(gen) "
- self.case_description = tmp + self.case_description
- return super().description()
-
- def result(self) -> List[str]:
- """Get the result of the operation."""
- r4 = bignum_common.bound_mpi_limbs(self.limbs_an4, 32)
- i4 = bignum_common.invmod(r4, self.int_n)
- x4 = self.int_a * self.int_b * i4
- x4 = x4 % self.int_n
-
- r8 = bignum_common.bound_mpi_limbs(self.limbs_an8, 64)
- i8 = bignum_common.invmod(r8, self.int_n)
- x8 = self.int_a * self.int_b * i8
- x8 = x8 % self.int_n
- return [
- "\"{:x}\"".format(x4),
- "\"{:x}\"".format(x8)
- ]
-
- def set_limbs(
- self, limbs_an4: int, limbs_b4: int, limbs_an8: int, limbs_b8: int
- ) -> None:
- """Set number of limbs for each input.
-
- Replaces default values set during initialization.
- """
- self.limbs_an4 = limbs_an4
- self.limbs_b4 = limbs_b4
- self.limbs_an8 = limbs_an8
- self.limbs_b8 = limbs_b8
-
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- """Generate replay and randomly generated test cases."""
- # Test cases which replay captured invocations during unit test runs.
- for limbs_an4, limbs_b4, limbs_an8, limbs_b8, a, b, n in cls.replay_test_cases:
- cur_op = cls(a, b, n, case_description="replay")
- cur_op.set_limbs(limbs_an4, limbs_b4, limbs_an8, limbs_b8)
- yield cur_op.create_test_case()
- # Random test cases can be generated using mpi_modmul_case_generate()
- # Uses a mixture of primes and odd numbers as N, with four randomly
- # generated cases for each N.
- for a, b, n, description in cls.random_test_cases:
- cur_op = cls(a, b, n, case_description=description)
- yield cur_op.create_test_case()
-
-
-def mpi_modmul_case_generate() -> None:
- """Generate valid inputs for montmul tests using moduli.
-
- For each modulus, generates random values for A and B and simple descriptions
- for the test case.
- """
- moduli = [
- ("3", ""), ("7", ""), ("B", ""), ("29", ""), ("FF", ""),
- ("101", ""), ("38B", ""), ("8003", ""), ("10001", ""),
- ("7F7F7", ""), ("800009", ""), ("100002B", ""), ("37EEE9D", ""),
- ("8000000B", ""), ("8CD626B9", ""), ("10000000F", ""),
- ("174876E7E9", "is prime (dec) 99999999977"),
- ("8000000017", ""), ("864CB9076D", ""), ("F7F7F7F7F7", ""),
- ("1000000000F", ""), ("800000000005", ""), ("800795D9BA47", ""),
- ("1000000000015", ""), ("100000000000051", ""), ("ABCDEF0123456789", ""),
- (
- "25A55A46E5DA99C71C7",
- "is the 3rd repunit prime (dec) 11111111111111111111111"
- ),
- ("314DC643FB763F2B8C0E2DE00879", "is (dec)99999999977^3"),
- ("47BF19662275FA2F6845C74942ED1D852E521", "is (dec) 99999999977^4"),
- (
- "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931",
- "is (dec) 99999999977^6"
- ),
- (
- "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499",
- "is (dec) 99999999977^7"
- ),
- (
- "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41",
- "is (dec) 99999999977^8"
- ),
- (
- (
- "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E283"
- "3EC902713E40F51E3B3C214EDFABC451"
- ),
- "is (dec) 99999999977^10"
- ),
- (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11"
- "DABD6E6144BEF37C6800000000000000000000000000000000051",
- "is prime, (dec) 10^143 + 3^4"
- )
- ] # type: List[Tuple[str, str]]
- primes = [
- "3", "7", "B", "29", "101", "38B", "8003", "10001", "800009",
- "100002B", "37EEE9D", "8000000B", "8CD626B9",
- # From here they require > 1 4-byte MPI
- "10000000F", "174876E7E9", "8000000017", "864CB9076D", "1000000000F",
- "800000000005", "800795D9BA47", "1000000000015", "100000000000051",
- # From here they require > 1 8-byte MPI
- "25A55A46E5DA99C71C7", # this is 11111111111111111111111 decimal
- # 10^143 + 3^4: (which is prime)
- # 100000000000000000000000000000000000000000000000000000000000000000000000000000
- # 000000000000000000000000000000000000000000000000000000000000000081
- (
- "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11"
- "DABD6E6144BEF37C6800000000000000000000000000000000051"
- )
- ] # type: List[str]
- generated_inputs = []
- for mod, description in moduli:
- n = bignum_common.hex_to_int(mod)
- mod_read = "{:x}".format(n)
- case_count = 3 if n < 5 else 4
- cases = {} # type: Dict[int, int]
- i = 0
- while i < case_count:
- a = random.randint(1, n)
- b = random.randint(1, n)
- if cases.get(a) == b:
- continue
- cases[a] = b
- if description:
- out_description = "0x{} {}".format(mod_read, description)
- elif i == 0 and len(mod) > 1 and mod in primes:
- out_description = "(0x{} is prime)"
- else:
- out_description = ""
- generated_inputs.append(
- ("{:x}".format(a), "{:x}".format(b), mod, out_description)
- )
- i += 1
- print(generated_inputs)
-
-
-class BignumCoreExpMod(BignumCoreTarget, bignum_common.ModOperationCommon):
- """Test cases for bignum core exponentiation."""
- symbol = "^"
- test_function = "mpi_core_exp_mod"
- test_name = "Core modular exponentiation (Mongtomery form only)"
- input_style = "fixed"
- montgomery_form_a = True
-
- def result(self) -> List[str]:
- # Result has to be given in Montgomery form too
- result = pow(self.int_a, self.int_b, self.int_n)
- mont_result = self.to_montgomery(result)
- return [self.format_result(mont_result)]
-
- @property
- def is_valid(self) -> bool:
- # The base needs to be canonical, but the exponent can be larger than
- # the modulus (see for example exponent blinding)
- return bool(self.int_a < self.int_n)
-
-
-class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for bignum core sub int."""
- count = 0
- symbol = "-"
- test_function = "mpi_core_sub_int"
- test_name = "mpi_core_sub_int"
- input_style = "arch_split"
-
- @property
- def is_valid(self) -> bool:
- # This is "sub int", so b is only one limb
- if bignum_common.limbs_mpi(self.int_b, self.bits_in_limb) > 1:
- return False
- return True
-
- # Overriding because we don't want leading zeros on b
- @property
- def arg_b(self) -> str:
- return self.val_b
-
- def result(self) -> List[str]:
- result = self.int_a - self.int_b
-
- borrow, result = divmod(result, self.limb_boundary)
-
- # Borrow will be -1 if non-zero, but we want it to be 1 in the test data
- return [
- self.format_result(result),
- str(-borrow)
- ]
-
-class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon):
- """Test cases for bignum core zero check (constant flow)."""
- count = 0
- symbol = "== 0"
- test_function = "mpi_core_check_zero_ct"
- test_name = "mpi_core_check_zero_ct"
- input_style = "variable"
- arity = 1
- suffix = True
-
- def result(self) -> List[str]:
- result = 1 if self.int_a == 0 else 0
- return [str(result)]
diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py
deleted file mode 100644
index 5c6c2c8..0000000
--- a/scripts/mbedtls_dev/bignum_data.py
+++ /dev/null
@@ -1,159 +0,0 @@
-"""Base values and datasets for bignum generated tests and helper functions that
-produced them."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import random
-
-# Functions calling these were used to produce test data and are here only for
-# reproducibility, they are not used by the test generation framework/classes
-try:
- from Cryptodome.Util.number import isPrime, getPrime #type: ignore #pylint: disable=import-error
-except ImportError:
- pass
-
-# Generated by bignum_common.gen_safe_prime(192,1)
-SAFE_PRIME_192_BIT_SEED_1 = "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b"
-
-# First number generated by random.getrandbits(192) - seed(2,2), not a prime
-RANDOM_192_BIT_SEED_2_NO1 = "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"
-
-# Second number generated by random.getrandbits(192) - seed(2,2), not a prime
-RANDOM_192_BIT_SEED_2_NO2 = "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
-
-# Third number generated by random.getrandbits(192) - seed(2,2), not a prime
-RANDOM_192_BIT_SEED_2_NO3 = "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"
-
-# Fourth number generated by random.getrandbits(192) - seed(2,2), not a prime
-RANDOM_192_BIT_SEED_2_NO4 = "ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
-
-# Ninth number generated by random.getrandbits(192) - seed(2,2), not a prime
-RANDOM_192_BIT_SEED_2_NO9 = "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"
-
-# Generated by bignum_common.gen_safe_prime(1024,3)
-SAFE_PRIME_1024_BIT_SEED_3 = ("c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b"
- "2c9d156f8e4e18abf5e052cb01f47d0d1925a77f60991577"
- "e128fb6f52f34a27950a594baadd3d8057abeb222cf3cca9"
- "62db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130"
- "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c82"
- "87b3996cf6ad5223")
-
-# First number generated by random.getrandbits(1024) - seed(4,2), not a prime
-RANDOM_1024_BIT_SEED_4_NO1 = ("6905269ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed"
- "3addccb2c33be0ac79d679346d4ac7a5c3902b38963dc6e8"
- "534f45738d048ec0f1099c6c3e1b258fd724452ccea71ff4"
- "a14876aeaff1a098ca5996666ceab360512bd13110722311"
- "710cf5327ac435a7a97c643656412a9b8a1abcd1a6916c74"
- "da4f9fc3c6da5d7")
-
-# Second number generated by random.getrandbits(1024) - seed(4,2), not a prime
-RANDOM_1024_BIT_SEED_4_NO2 = ("f1cfd99216df648647adec26793d0e453f5082492d83a823"
- "3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4"
- "d8441b5616332aca5f552773e14b0190d93936e1daca3c06"
- "f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0"
- "2a3187853184ff27459142deccea264542a00403ce80c4b0"
- "a4042bb3d4341aad")
-
-# Third number generated by random.getrandbits(1024) - seed(4,2), not a prime
-RANDOM_1024_BIT_SEED_4_NO3 = ("14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38"
- "3bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd"
- "6c79a3de69f85e3131f3b9238224b122c3e4a892d9196ada"
- "4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f"
- "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecf"
- "d160c5d0ef412ed6")
-
-# Fourth number generated by random.getrandbits(1024) - seed(4,2), not a prime
-RANDOM_1024_BIT_SEED_4_NO4 = ("32decd6b8efbc170a26a25c852175b7a96b98b5fbf37a2be"
- "6f98bca35b17b9662f0733c846bbe9e870ef55b1a1f65507"
- "a2909cb633e238b4e9dd38b869ace91311021c9e32111ac1"
- "ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1"
- "a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac"
- "7671863c0bdbc23a")
-
-# Fifth number generated by random.getrandbits(1024) - seed(4,2), not a prime
-RANDOM_1024_BIT_SEED_4_NO5 = ("53be4721f5b9e1f5acdac615bc20f6264922b9ccf469aef8"
- "f6e7d078e55b85dd1525f363b281b8885b69dc230af5ac87"
- "0692b534758240df4a7a03052d733dcdef40af2e54c0ce68"
- "1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b"
- "4708d9893a973000b54a23020fc5b043d6e4a51519d9c9cc"
- "52d32377e78131c1")
-
-# Adding 192 bit and 1024 bit numbers because these are the shortest required
-# for ECC and RSA respectively.
-INPUTS_DEFAULT = [
- "0", "1", # corner cases
- "2", "3", # small primes
- "4", # non-prime even
- "38", # small random
- SAFE_PRIME_192_BIT_SEED_1, # prime
- RANDOM_192_BIT_SEED_2_NO1, # not a prime
- RANDOM_192_BIT_SEED_2_NO2, # not a prime
- SAFE_PRIME_1024_BIT_SEED_3, # prime
- RANDOM_1024_BIT_SEED_4_NO1, # not a prime
- RANDOM_1024_BIT_SEED_4_NO3, # not a prime
- RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime)
- ]
-
-ADD_SUB_DATA = [
- "0", "1", "3", "f", "fe", "ff", "100", "ff00",
- "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1
- "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1
- "1f7f7f7f7f7f7f",
- "8000000000000000", "fefefefefefefefe",
- "fffffffffffffffe", "ffffffffffffffff", "10000000000000000", # 2^64 - 1, 2^64, 2^64 + 1
- "1234567890abcdef0",
- "fffffffffffffffffffffffe",
- "ffffffffffffffffffffffff",
- "1000000000000000000000000",
- "fffffffffffffffffefefefefefefefe",
- "fffffffffffffffffffffffffffffffe",
- "ffffffffffffffffffffffffffffffff",
- "100000000000000000000000000000000",
- "1234567890abcdef01234567890abcdef0",
- "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe",
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe",
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
- "10000000000000000000000000000000000000000000000000000000000000000",
- "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0",
- ]
-
-# Only odd moduli are present as in the new bignum code only odd moduli are
-# supported for now.
-MODULI_DEFAULT = [
- "53", # safe prime
- "45", # non-prime
- SAFE_PRIME_192_BIT_SEED_1, # safe prime
- RANDOM_192_BIT_SEED_2_NO4, # not a prime
- SAFE_PRIME_1024_BIT_SEED_3, # safe prime
- RANDOM_1024_BIT_SEED_4_NO5, # not a prime
- ]
-
-# Some functions, e.g. mbedtls_mpi_mod_raw_inv_prime(), only support prime moduli.
-ONLY_PRIME_MODULI = [
- "53", # safe prime
- "8ac72304057392b5", # 9999999997777777333 (longer, not safe, prime)
- # The next prime has a different R in Montgomery form depending on
- # whether 32- or 64-bit MPIs are used.
- "152d02c7e14af67fe0bf", # 99999999999999999991999
- SAFE_PRIME_192_BIT_SEED_1, # safe prime
- SAFE_PRIME_1024_BIT_SEED_3, # safe prime
- ]
-
-def __gen_safe_prime(bits, seed):
- '''
- Generate a safe prime.
-
- This function is intended for generating constants offline and shouldn't be
- used in test generation classes.
-
- Requires pycryptodomex for getPrime and isPrime and python 3.9 or later for
- randbytes.
- '''
- rng = random.Random()
- # We want reproducibility across python versions
- rng.seed(seed, version=2)
- while True:
- prime = 2*getPrime(bits-1, rng.randbytes)+1 #pylint: disable=no-member
- if isPrime(prime, 1e-30):
- return prime
diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py
deleted file mode 100644
index f554001..0000000
--- a/scripts/mbedtls_dev/bignum_mod.py
+++ /dev/null
@@ -1,102 +0,0 @@
-"""Framework classes for generation of bignum mod test cases."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-from typing import Dict, List
-
-from . import test_data_generation
-from . import bignum_common
-from .bignum_data import ONLY_PRIME_MODULI
-
-class BignumModTarget(test_data_generation.BaseTarget):
- #pylint: disable=abstract-method, too-few-public-methods
- """Target for bignum mod test case generation."""
- target_basename = 'test_suite_bignum_mod.generated'
-
-
-class BignumModMul(bignum_common.ModOperationCommon,
- BignumModTarget):
- # pylint:disable=duplicate-code
- """Test cases for bignum mpi_mod_mul()."""
- symbol = "*"
- test_function = "mpi_mod_mul"
- test_name = "mbedtls_mpi_mod_mul"
- input_style = "arch_split"
- arity = 2
-
- def arguments(self) -> List[str]:
- return [self.format_result(self.to_montgomery(self.int_a)),
- self.format_result(self.to_montgomery(self.int_b)),
- bignum_common.quote_str(self.arg_n)
- ] + self.result()
-
- def result(self) -> List[str]:
- result = (self.int_a * self.int_b) % self.int_n
- return [self.format_result(self.to_montgomery(result))]
-
-
-class BignumModSub(bignum_common.ModOperationCommon, BignumModTarget):
- """Test cases for bignum mpi_mod_sub()."""
- symbol = "-"
- test_function = "mpi_mod_sub"
- test_name = "mbedtls_mpi_mod_sub"
- input_style = "fixed"
- arity = 2
-
- def result(self) -> List[str]:
- result = (self.int_a - self.int_b) % self.int_n
- # To make negative tests easier, append 0 for success to the
- # generated cases
- return [self.format_result(result), "0"]
-
-class BignumModInvNonMont(bignum_common.ModOperationCommon, BignumModTarget):
- """Test cases for bignum mpi_mod_inv() - not in Montgomery form."""
- moduli = ONLY_PRIME_MODULI # for now only prime moduli supported
- symbol = "^ -1"
- test_function = "mpi_mod_inv_non_mont"
- test_name = "mbedtls_mpi_mod_inv non-Mont. form"
- input_style = "fixed"
- arity = 1
- suffix = True
- disallow_zero_a = True
-
- def result(self) -> List[str]:
- result = bignum_common.invmod_positive(self.int_a, self.int_n)
- # To make negative tests easier, append 0 for success to the
- # generated cases
- return [self.format_result(result), "0"]
-
-class BignumModInvMont(bignum_common.ModOperationCommon, BignumModTarget):
- """Test cases for bignum mpi_mod_inv() - Montgomery form."""
- moduli = ONLY_PRIME_MODULI # for now only prime moduli supported
- symbol = "^ -1"
- test_function = "mpi_mod_inv_mont"
- test_name = "mbedtls_mpi_mod_inv Mont. form"
- input_style = "arch_split" # Mont. form requires arch_split
- arity = 1
- suffix = True
- disallow_zero_a = True
- montgomery_form_a = True
-
- def result(self) -> List[str]:
- result = bignum_common.invmod_positive(self.int_a, self.int_n)
- mont_result = self.to_montgomery(result)
- # To make negative tests easier, append 0 for success to the
- # generated cases
- return [self.format_result(mont_result), "0"]
-
-
-class BignumModAdd(bignum_common.ModOperationCommon, BignumModTarget):
- """Test cases for bignum mpi_mod_add()."""
- count = 0
- symbol = "+"
- test_function = "mpi_mod_add"
- test_name = "mbedtls_mpi_mod_add"
- input_style = "fixed"
-
- def result(self) -> List[str]:
- result = (self.int_a + self.int_b) % self.int_n
- # To make negative tests easier, append "0" for success to the
- # generated cases
- return [self.format_result(result), "0"]
diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py
deleted file mode 100644
index 37ad27a..0000000
--- a/scripts/mbedtls_dev/bignum_mod_raw.py
+++ /dev/null
@@ -1,242 +0,0 @@
-"""Framework classes for generation of bignum mod_raw test cases."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-from typing import Iterator, List
-
-from . import test_case
-from . import test_data_generation
-from . import bignum_common
-from .bignum_data import ONLY_PRIME_MODULI
-
-class BignumModRawTarget(test_data_generation.BaseTarget):
- #pylint: disable=abstract-method, too-few-public-methods
- """Target for bignum mod_raw test case generation."""
- target_basename = 'test_suite_bignum_mod_raw.generated'
-
-
-class BignumModRawSub(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """Test cases for bignum mpi_mod_raw_sub()."""
- symbol = "-"
- test_function = "mpi_mod_raw_sub"
- test_name = "mbedtls_mpi_mod_raw_sub"
- input_style = "fixed"
- arity = 2
-
- def arguments(self) -> List[str]:
- return [bignum_common.quote_str(n) for n in [self.arg_a,
- self.arg_b,
- self.arg_n]
- ] + self.result()
-
- def result(self) -> List[str]:
- result = (self.int_a - self.int_b) % self.int_n
- return [self.format_result(result)]
-
-class BignumModRawFixQuasiReduction(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """Test cases for ecp quasi_reduction()."""
- symbol = "-"
- test_function = "mpi_mod_raw_fix_quasi_reduction"
- test_name = "fix_quasi_reduction"
- input_style = "fixed"
- arity = 1
-
- # Extend the default values with n < x < 2n
- input_values = bignum_common.ModOperationCommon.input_values + [
- "73",
-
- # First number generated by random.getrandbits(1024) - seed(3,2)
- "ea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd",
-
- # First number generated by random.getrandbits(1024) - seed(1,2)
- ("cd447e35b8b6d8fe442e3d437204e52db2221a58008a05a6c4647159c324c985"
- "9b810e766ec9d28663ca828dd5f4b3b2e4b06ce60741c7a87ce42c8218072e8c"
- "35bf992dc9e9c616612e7696a6cecc1b78e510617311d8a3c2ce6f447ed4d57b"
- "1e2feb89414c343c1027c4d1c386bbc4cd613e30d8f16adf91b7584a2265b1f5")
- ] # type: List[str]
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return bool(self.int_a < 2 * self.int_n)
-
-class BignumModRawMul(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """Test cases for bignum mpi_mod_raw_mul()."""
- symbol = "*"
- test_function = "mpi_mod_raw_mul"
- test_name = "mbedtls_mpi_mod_raw_mul"
- input_style = "arch_split"
- arity = 2
-
- def arguments(self) -> List[str]:
- return [self.format_result(self.to_montgomery(self.int_a)),
- self.format_result(self.to_montgomery(self.int_b)),
- bignum_common.quote_str(self.arg_n)
- ] + self.result()
-
- def result(self) -> List[str]:
- result = (self.int_a * self.int_b) % self.int_n
- return [self.format_result(self.to_montgomery(result))]
-
-
-class BignumModRawInvPrime(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """Test cases for bignum mpi_mod_raw_inv_prime()."""
- moduli = ONLY_PRIME_MODULI
- symbol = "^ -1"
- test_function = "mpi_mod_raw_inv_prime"
- test_name = "mbedtls_mpi_mod_raw_inv_prime (Montgomery form only)"
- input_style = "arch_split"
- arity = 1
- suffix = True
- montgomery_form_a = True
- disallow_zero_a = True
-
- def result(self) -> List[str]:
- result = bignum_common.invmod_positive(self.int_a, self.int_n)
- mont_result = self.to_montgomery(result)
- return [self.format_result(mont_result)]
-
-
-class BignumModRawAdd(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """Test cases for bignum mpi_mod_raw_add()."""
- symbol = "+"
- test_function = "mpi_mod_raw_add"
- test_name = "mbedtls_mpi_mod_raw_add"
- input_style = "fixed"
- arity = 2
-
- def result(self) -> List[str]:
- result = (self.int_a + self.int_b) % self.int_n
- return [self.format_result(result)]
-
-
-class BignumModRawConvertRep(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- # This is an abstract class, it's ok to have unimplemented methods.
- #pylint: disable=abstract-method
- """Test cases for representation conversion."""
- symbol = ""
- input_style = "arch_split"
- arity = 1
- rep = bignum_common.ModulusRepresentation.INVALID
-
- def set_representation(self, r: bignum_common.ModulusRepresentation) -> None:
- self.rep = r
-
- def arguments(self) -> List[str]:
- return ([bignum_common.quote_str(self.arg_n), self.rep.symbol(),
- bignum_common.quote_str(self.arg_a)] +
- self.result())
-
- def description(self) -> str:
- base = super().description()
- mod_with_rep = 'mod({})'.format(self.rep.name)
- return base.replace('mod', mod_with_rep, 1)
-
- @classmethod
- def test_cases_for_values(cls, rep: bignum_common.ModulusRepresentation,
- n: str, a: str) -> Iterator[test_case.TestCase]:
- """Emit test cases for the given values (if any).
-
- This may emit no test cases if a isn't valid for the modulus n,
- or multiple test cases if rep requires different data depending
- on the limb size.
- """
- for bil in cls.limb_sizes:
- test_object = cls(n, a, bits_in_limb=bil)
- test_object.set_representation(rep)
- # The class is set to having separate test cases for each limb
- # size, because the Montgomery representation requires it.
- # But other representations don't require it. So for other
- # representations, emit a single test case with no dependency
- # on the limb size.
- if rep is not bignum_common.ModulusRepresentation.MONTGOMERY:
- test_object.dependencies = \
- [dep for dep in test_object.dependencies
- if not dep.startswith('MBEDTLS_HAVE_INT')]
- if test_object.is_valid:
- yield test_object.create_test_case()
- if rep is not bignum_common.ModulusRepresentation.MONTGOMERY:
- # A single test case (emitted, or skipped due to invalidity)
- # is enough, since this test case doesn't depend on the
- # limb size.
- break
-
- # The parent class doesn't support non-bignum parameters. So we override
- # test generation, in order to have the representation as a parameter.
- @classmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
-
- for rep in bignum_common.ModulusRepresentation.supported_representations():
- for n in cls.moduli:
- for a in cls.input_values:
- yield from cls.test_cases_for_values(rep, n, a)
-
-class BignumModRawCanonicalToModulusRep(BignumModRawConvertRep):
- """Test cases for mpi_mod_raw_canonical_to_modulus_rep."""
- test_function = "mpi_mod_raw_canonical_to_modulus_rep"
- test_name = "Rep canon->mod"
-
- def result(self) -> List[str]:
- return [self.format_result(self.convert_from_canonical(self.int_a, self.rep))]
-
-class BignumModRawModulusToCanonicalRep(BignumModRawConvertRep):
- """Test cases for mpi_mod_raw_modulus_to_canonical_rep."""
- test_function = "mpi_mod_raw_modulus_to_canonical_rep"
- test_name = "Rep mod->canon"
-
- @property
- def arg_a(self) -> str:
- return self.format_arg("{:x}".format(self.convert_from_canonical(self.int_a, self.rep)))
-
- def result(self) -> List[str]:
- return [self.format_result(self.int_a)]
-
-
-class BignumModRawConvertToMont(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """ Test cases for mpi_mod_raw_to_mont_rep(). """
- test_function = "mpi_mod_raw_to_mont_rep"
- test_name = "Convert into Mont: "
- symbol = "R *"
- input_style = "arch_split"
- arity = 1
-
- def result(self) -> List[str]:
- result = self.to_montgomery(self.int_a)
- return [self.format_result(result)]
-
-class BignumModRawConvertFromMont(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """ Test cases for mpi_mod_raw_from_mont_rep(). """
- test_function = "mpi_mod_raw_from_mont_rep"
- test_name = "Convert from Mont: "
- symbol = "1/R *"
- input_style = "arch_split"
- arity = 1
-
- def result(self) -> List[str]:
- result = self.from_montgomery(self.int_a)
- return [self.format_result(result)]
-
-class BignumModRawModNegate(bignum_common.ModOperationCommon,
- BignumModRawTarget):
- """ Test cases for mpi_mod_raw_neg(). """
- test_function = "mpi_mod_raw_neg"
- test_name = "Modular negation: "
- symbol = "-"
- input_style = "arch_split"
- arity = 1
-
- def result(self) -> List[str]:
- result = (self.int_n - self.int_a) % self.int_n
- return [self.format_result(result)]
diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py
deleted file mode 100644
index ec67e4c..0000000
--- a/scripts/mbedtls_dev/build_tree.py
+++ /dev/null
@@ -1,120 +0,0 @@
-"""Mbed TLS build tree information and manipulation.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import os
-import inspect
-from typing import Optional
-
-def looks_like_tf_psa_crypto_root(path: str) -> bool:
- """Whether the given directory looks like the root of the PSA Crypto source tree."""
- return all(os.path.isdir(os.path.join(path, subdir))
- for subdir in ['include', 'core', 'drivers', 'programs', 'tests'])
-
-def looks_like_mbedtls_root(path: str) -> bool:
- """Whether the given directory looks like the root of the Mbed TLS source tree."""
- return all(os.path.isdir(os.path.join(path, subdir))
- for subdir in ['include', 'library', 'programs', 'tests'])
-
-def looks_like_root(path: str) -> bool:
- return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path)
-
-def crypto_core_directory(root: Optional[str] = None, relative: Optional[bool] = False) -> str:
- """
- Return the path of the directory containing the PSA crypto core
- for either TF-PSA-Crypto or Mbed TLS.
-
- Returns either the full path or relative path depending on the
- "relative" boolean argument.
- """
- if root is None:
- root = guess_project_root()
- if looks_like_tf_psa_crypto_root(root):
- if relative:
- return "core"
- return os.path.join(root, "core")
- elif looks_like_mbedtls_root(root):
- if relative:
- return "library"
- return os.path.join(root, "library")
- else:
- raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
-
-def crypto_library_filename(root: Optional[str] = None) -> str:
- """Return the crypto library filename for either TF-PSA-Crypto or Mbed TLS."""
- if root is None:
- root = guess_project_root()
- if looks_like_tf_psa_crypto_root(root):
- return "tfpsacrypto"
- elif looks_like_mbedtls_root(root):
- return "mbedcrypto"
- else:
- raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
-
-def check_repo_path():
- """Check that the current working directory is the project root, and throw
- an exception if not.
- """
- if not all(os.path.isdir(d) for d in ["include", "library", "tests"]):
- raise Exception("This script must be run from Mbed TLS root")
-
-def chdir_to_root() -> None:
- """Detect the root of the Mbed TLS source tree and change to it.
-
- The current directory must be up to two levels deep inside an Mbed TLS
- source tree.
- """
- for d in [os.path.curdir,
- os.path.pardir,
- os.path.join(os.path.pardir, os.path.pardir)]:
- if looks_like_root(d):
- os.chdir(d)
- return
- raise Exception('Mbed TLS source tree not found')
-
-def guess_project_root():
- """Guess project source code directory.
-
- Return the first possible project root directory.
- """
- dirs = set({})
- for frame in inspect.stack():
- path = os.path.dirname(frame.filename)
- for d in ['.', os.path.pardir] \
- + [os.path.join(*([os.path.pardir]*i)) for i in range(2, 10)]:
- d = os.path.abspath(os.path.join(path, d))
- if d in dirs:
- continue
- dirs.add(d)
- if looks_like_root(d):
- return d
- raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found')
-
-def guess_mbedtls_root(root: Optional[str] = None) -> str:
- """Guess Mbed TLS source code directory.
-
- Return the first possible Mbed TLS root directory.
- Raise an exception if we are not in Mbed TLS.
- """
- if root is None:
- root = guess_project_root()
- if looks_like_mbedtls_root(root):
- return root
- else:
- raise Exception('Mbed TLS source tree not found')
-
-def guess_tf_psa_crypto_root(root: Optional[str] = None) -> str:
- """Guess TF-PSA-Crypto source code directory.
-
- Return the first possible TF-PSA-Crypto root directory.
- Raise an exception if we are not in TF-PSA-Crypto.
- """
- if root is None:
- root = guess_project_root()
- if looks_like_tf_psa_crypto_root(root):
- return root
- else:
- raise Exception('TF-PSA-Crypto source tree not found')
diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py
deleted file mode 100644
index f2cbbe4..0000000
--- a/scripts/mbedtls_dev/c_build_helper.py
+++ /dev/null
@@ -1,162 +0,0 @@
-"""Generate and run C code.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import os
-import platform
-import subprocess
-import sys
-import tempfile
-
-def remove_file_if_exists(filename):
- """Remove the specified file, ignoring errors."""
- if not filename:
- return
- try:
- os.remove(filename)
- except OSError:
- pass
-
-def create_c_file(file_label):
- """Create a temporary C file.
-
- * ``file_label``: a string that will be included in the file name.
-
- Return ```(c_file, c_name, exe_name)``` where ``c_file`` is a Python
- stream open for writing to the file, ``c_name`` is the name of the file
- and ``exe_name`` is the name of the executable that will be produced
- by compiling the file.
- """
- c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(file_label),
- suffix='.c')
- exe_suffix = '.exe' if platform.system() == 'Windows' else ''
- exe_name = c_name[:-2] + exe_suffix
- remove_file_if_exists(exe_name)
- c_file = os.fdopen(c_fd, 'w', encoding='ascii')
- return c_file, c_name, exe_name
-
-def generate_c_printf_expressions(c_file, cast_to, printf_format, expressions):
- """Generate C instructions to print the value of ``expressions``.
-
- Write the code with ``c_file``'s ``write`` method.
-
- Each expression is cast to the type ``cast_to`` and printed with the
- printf format ``printf_format``.
- """
- for expr in expressions:
- c_file.write(' printf("{}\\n", ({}) {});\n'
- .format(printf_format, cast_to, expr))
-
-def generate_c_file(c_file,
- caller, header,
- main_generator):
- """Generate a temporary C source file.
-
- * ``c_file`` is an open stream on the C source file.
- * ``caller``: an informational string written in a comment at the top
- of the file.
- * ``header``: extra code to insert before any function in the generated
- C file.
- * ``main_generator``: a function called with ``c_file`` as its sole argument
- to generate the body of the ``main()`` function.
- """
- c_file.write('/* Generated by {} */'
- .format(caller))
- c_file.write('''
-#include <stdio.h>
-''')
- c_file.write(header)
- c_file.write('''
-int main(void)
-{
-''')
- main_generator(c_file)
- c_file.write(''' return 0;
-}
-''')
-
-def compile_c_file(c_filename, exe_filename, include_dirs):
- """Compile a C source file with the host compiler.
-
- * ``c_filename``: the name of the source file to compile.
- * ``exe_filename``: the name for the executable to be created.
- * ``include_dirs``: a list of paths to include directories to be passed
- with the -I switch.
- """
- # Respect $HOSTCC if it is set
- cc = os.getenv('HOSTCC', None)
- if cc is None:
- cc = os.getenv('CC', 'cc')
- cmd = [cc]
-
- proc = subprocess.Popen(cmd,
- stdout=subprocess.DEVNULL,
- stderr=subprocess.PIPE,
- universal_newlines=True)
- cc_is_msvc = 'Microsoft (R) C/C++' in proc.communicate()[1]
-
- cmd += ['-I' + dir for dir in include_dirs]
- if cc_is_msvc:
- # MSVC has deprecated using -o to specify the output file,
- # and produces an object file in the working directory by default.
- obj_filename = exe_filename[:-4] + '.obj'
- cmd += ['-Fe' + exe_filename, '-Fo' + obj_filename]
- else:
- cmd += ['-o' + exe_filename]
-
- subprocess.check_call(cmd + [c_filename])
-
-def get_c_expression_values(
- cast_to, printf_format,
- expressions,
- caller=__name__, file_label='',
- header='', include_path=None,
- keep_c=False,
-): # pylint: disable=too-many-arguments, too-many-locals
- """Generate and run a program to print out numerical values for expressions.
-
- * ``cast_to``: a C type.
- * ``printf_format``: a printf format suitable for the type ``cast_to``.
- * ``header``: extra code to insert before any function in the generated
- C file.
- * ``expressions``: a list of C language expressions that have the type
- ``cast_to``.
- * ``include_path``: a list of directories containing header files.
- * ``keep_c``: if true, keep the temporary C file (presumably for debugging
- purposes).
-
- Use the C compiler specified by the ``CC`` environment variable, defaulting
- to ``cc``. If ``CC`` looks like MSVC, use its command line syntax,
- otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``.
-
- Return the list of values of the ``expressions``.
- """
- if include_path is None:
- include_path = []
- c_name = None
- exe_name = None
- obj_name = None
- try:
- c_file, c_name, exe_name = create_c_file(file_label)
- generate_c_file(
- c_file, caller, header,
- lambda c_file: generate_c_printf_expressions(c_file,
- cast_to, printf_format,
- expressions)
- )
- c_file.close()
-
- compile_c_file(c_name, exe_name, include_path)
- if keep_c:
- sys.stderr.write('List of {} tests kept at {}\n'
- .format(caller, c_name))
- else:
- os.remove(c_name)
- output = subprocess.check_output([exe_name])
- return output.decode('ascii').strip().split('\n')
- finally:
- remove_file_if_exists(exe_name)
- remove_file_if_exists(obj_name)
diff --git a/scripts/mbedtls_dev/c_parsing_helper.py b/scripts/mbedtls_dev/c_parsing_helper.py
deleted file mode 100644
index 2657b7d..0000000
--- a/scripts/mbedtls_dev/c_parsing_helper.py
+++ /dev/null
@@ -1,131 +0,0 @@
-"""Helper functions to parse C code in heavily constrained scenarios.
-
-Currently supported functionality:
-
-* read_function_declarations: read function declarations from a header file.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-### WARNING: the code in this file has not been extensively reviewed yet.
-### We do not think it is harmful, but it may be below our normal standards
-### for robustness and maintainability.
-
-import re
-from typing import Dict, Iterable, Iterator, List, Optional, Tuple
-
-
-class ArgumentInfo:
- """Information about an argument to an API function."""
- #pylint: disable=too-few-public-methods
-
- _KEYWORDS = [
- 'const', 'register', 'restrict',
- 'int', 'long', 'short', 'signed', 'unsigned',
- ]
- _DECLARATION_RE = re.compile(
- r'(?P<type>\w[\w\s*]*?)\s*' +
- r'(?!(?:' + r'|'.join(_KEYWORDS) + r'))(?P<name>\b\w+\b)?' +
- r'\s*(?P<suffix>\[[^][]*\])?\Z',
- re.A | re.S)
-
- @classmethod
- def normalize_type(cls, typ: str) -> str:
- """Normalize whitespace in a type."""
- typ = re.sub(r'\s+', r' ', typ)
- typ = re.sub(r'\s*\*', r' *', typ)
- return typ
-
- def __init__(self, decl: str) -> None:
- self.decl = decl.strip()
- m = self._DECLARATION_RE.match(self.decl)
- if not m:
- raise ValueError(self.decl)
- self.type = self.normalize_type(m.group('type')) #type: str
- self.name = m.group('name') #type: Optional[str]
- self.suffix = m.group('suffix') if m.group('suffix') else '' #type: str
-
-
-class FunctionInfo:
- """Information about an API function."""
- #pylint: disable=too-few-public-methods
-
- # Regex matching the declaration of a function that returns void.
- VOID_RE = re.compile(r'\s*\bvoid\s*\Z', re.A)
-
- def __init__(self, #pylint: disable=too-many-arguments
- filename: str,
- line_number: int,
- qualifiers: Iterable[str],
- return_type: str,
- name: str,
- arguments: List[str]) -> None:
- self.filename = filename
- self.line_number = line_number
- self.qualifiers = frozenset(qualifiers)
- self.return_type = return_type
- self.name = name
- self.arguments = [ArgumentInfo(arg) for arg in arguments]
-
- def returns_void(self) -> bool:
- """Whether the function returns void."""
- return bool(self.VOID_RE.search(self.return_type))
-
-
-# Match one C comment.
-# Note that we match both comment types, so things like // in a /*...*/
-# comment are handled correctly.
-_C_COMMENT_RE = re.compile(r'//(?:[^\n]|\\\n)*|/\*.*?\*/', re.S)
-_NOT_NEWLINES_RE = re.compile(r'[^\n]+')
-
-def read_logical_lines(filename: str) -> Iterator[Tuple[int, str]]:
- """Read logical lines from a file.
-
- Logical lines are one or more physical line, with balanced parentheses.
- """
- with open(filename, encoding='utf-8') as inp:
- content = inp.read()
- # Strip comments, but keep newlines for line numbering
- content = re.sub(_C_COMMENT_RE,
- lambda m: re.sub(_NOT_NEWLINES_RE, "", m.group(0)),
- content)
- lines = enumerate(content.splitlines(), 1)
- for line_number, line in lines:
- # Read a logical line, containing balanced parentheses.
- # We assume that parentheses are balanced (this should be ok
- # since comments have been stripped), otherwise there will be
- # a gigantic logical line at the end.
- paren_level = line.count('(') - line.count(')')
- while paren_level > 0:
- _, more = next(lines) #pylint: disable=stop-iteration-return
- paren_level += more.count('(') - more.count(')')
- line += '\n' + more
- yield line_number, line
-
-_C_FUNCTION_DECLARATION_RE = re.compile(
- r'(?P<qualifiers>(?:(?:extern|inline|static)\b\s*)*)'
- r'(?P<return_type>\w[\w\s*]*?)\s*' +
- r'\b(?P<name>\w+)' +
- r'\s*\((?P<arguments>.*)\)\s*;',
- re.A | re.S)
-
-def read_function_declarations(functions: Dict[str, FunctionInfo],
- filename: str) -> None:
- """Collect function declarations from a C header file."""
- for line_number, line in read_logical_lines(filename):
- m = _C_FUNCTION_DECLARATION_RE.match(line)
- if not m:
- continue
- qualifiers = m.group('qualifiers').split()
- return_type = m.group('return_type')
- name = m.group('name')
- arguments = m.group('arguments').split(',')
- if len(arguments) == 1 and re.match(FunctionInfo.VOID_RE, arguments[0]):
- arguments = []
- # Note: we replace any existing declaration for the same name.
- functions[name] = FunctionInfo(filename, line_number,
- qualifiers,
- return_type,
- name,
- arguments)
diff --git a/scripts/mbedtls_dev/c_wrapper_generator.py b/scripts/mbedtls_dev/c_wrapper_generator.py
deleted file mode 100644
index 3cf1e05..0000000
--- a/scripts/mbedtls_dev/c_wrapper_generator.py
+++ /dev/null
@@ -1,473 +0,0 @@
-"""Generate C wrapper functions.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-### WARNING: the code in this file has not been extensively reviewed yet.
-### We do not think it is harmful, but it may be below our normal standards
-### for robustness and maintainability.
-
-import os
-import re
-import sys
-import typing
-from typing import Dict, List, Optional, Tuple
-
-from .c_parsing_helper import ArgumentInfo, FunctionInfo
-from . import typing_util
-
-
-def c_declare(prefix: str, name: str, suffix: str) -> str:
- """Format a declaration of name with the given type prefix and suffix."""
- if not prefix.endswith('*'):
- prefix += ' '
- return prefix + name + suffix
-
-
-WrapperInfo = typing.NamedTuple('WrapperInfo', [
- ('argument_names', List[str]),
- ('guard', Optional[str]),
- ('wrapper_name', str),
-])
-
-
-class Base:
- """Generate a C source file containing wrapper functions."""
-
- # This class is designed to have many methods potentially overloaded.
- # Tell pylint not to complain about methods that have unused arguments:
- # child classes are likely to override those methods and need the
- # arguments in question.
- #pylint: disable=no-self-use,unused-argument
-
- # Prefix prepended to the function's name to form the wrapper name.
- _WRAPPER_NAME_PREFIX = ''
- # Suffix appended to the function's name to form the wrapper name.
- _WRAPPER_NAME_SUFFIX = '_wrap'
-
- # Functions with one of these qualifiers are skipped.
- _SKIP_FUNCTION_WITH_QUALIFIERS = frozenset(['inline', 'static'])
-
- def __init__(self):
- """Construct a wrapper generator object.
- """
- self.program_name = os.path.basename(sys.argv[0])
- # To be populated in a derived class
- self.functions = {} #type: Dict[str, FunctionInfo]
- # Preprocessor symbol used as a guard against multiple inclusion in the
- # header. Must be set before writing output to a header.
- # Not used when writing .c output.
- self.header_guard = None #type: Optional[str]
-
- def _write_prologue(self, out: typing_util.Writable, header: bool) -> None:
- """Write the prologue of a C file.
-
- This includes a description comment and some include directives.
- """
- out.write("""/* Automatically generated by {}, do not edit! */
-
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-"""
- .format(self.program_name))
- if header:
- out.write("""
-#ifndef {guard}
-#define {guard}
-
-#ifdef __cplusplus
-extern "C" {{
-#endif
-"""
- .format(guard=self.header_guard))
- out.write("""
-#include <mbedtls/build_info.h>
-""")
-
- def _write_epilogue(self, out: typing_util.Writable, header: bool) -> None:
- """Write the epilogue of a C file.
- """
- if header:
- out.write("""
-#ifdef __cplusplus
-}}
-#endif
-
-#endif /* {guard} */
-"""
- .format(guard=self.header_guard))
- out.write("""
-/* End of automatically generated file. */
-""")
-
- def _wrapper_function_name(self, original_name: str) -> str:
- """The name of the wrapper function.
-
- By default, this adds a suffix.
- """
- return (self._WRAPPER_NAME_PREFIX +
- original_name +
- self._WRAPPER_NAME_SUFFIX)
-
- def _wrapper_declaration_start(self,
- function: FunctionInfo,
- wrapper_name: str) -> str:
- """The beginning of the wrapper function declaration.
-
- This ends just before the opening parenthesis of the argument list.
-
- This is a string containing at least the return type and the
- function name. It may start with additional qualifiers or attributes
- such as `static`, `__attribute__((...))`, etc.
- """
- return c_declare(function.return_type, wrapper_name, '')
-
- def _argument_name(self,
- function_name: str,
- num: int,
- arg: ArgumentInfo) -> str:
- """Name to use for the given argument in the wrapper function.
-
- Argument numbers count from 0.
- """
- name = 'arg' + str(num)
- if arg.name:
- name += '_' + arg.name
- return name
-
- def _wrapper_declaration_argument(self,
- function_name: str,
- num: int, name: str,
- arg: ArgumentInfo) -> str:
- """One argument definition in the wrapper function declaration.
-
- Argument numbers count from 0.
- """
- return c_declare(arg.type, name, arg.suffix)
-
- def _underlying_function_name(self, function: FunctionInfo) -> str:
- """The name of the underlying function.
-
- By default, this is the name of the wrapped function.
- """
- return function.name
-
- def _return_variable_name(self, function: FunctionInfo) -> str:
- """The name of the variable that will contain the return value."""
- return 'retval'
-
- def _write_function_call(self, out: typing_util.Writable,
- function: FunctionInfo,
- argument_names: List[str]) -> None:
- """Write the call to the underlying function.
- """
- # Note that the function name is in parentheses, to avoid calling
- # a function-like macro with the same name, since in typical usage
- # there is a function-like macro with the same name which is the
- # wrapper.
- call = '({})({})'.format(self._underlying_function_name(function),
- ', '.join(argument_names))
- if function.returns_void():
- out.write(' {};\n'.format(call))
- else:
- ret_name = self._return_variable_name(function)
- ret_decl = c_declare(function.return_type, ret_name, '')
- out.write(' {} = {};\n'.format(ret_decl, call))
-
- def _write_function_return(self, out: typing_util.Writable,
- function: FunctionInfo,
- if_void: bool = False) -> None:
- """Write a return statement.
-
- If the function returns void, only write a statement if if_void is true.
- """
- if function.returns_void():
- if if_void:
- out.write(' return;\n')
- else:
- ret_name = self._return_variable_name(function)
- out.write(' return {};\n'.format(ret_name))
-
- def _write_function_body(self, out: typing_util.Writable,
- function: FunctionInfo,
- argument_names: List[str]) -> None:
- """Write the body of the wrapper code for the specified function.
- """
- self._write_function_call(out, function, argument_names)
- self._write_function_return(out, function)
-
- def _skip_function(self, function: FunctionInfo) -> bool:
- """Whether to skip this function.
-
- By default, static or inline functions are skipped.
- """
- if not self._SKIP_FUNCTION_WITH_QUALIFIERS.isdisjoint(function.qualifiers):
- return True
- return False
-
- _FUNCTION_GUARDS = {
- } #type: Dict[str, str]
-
- def _function_guard(self, function: FunctionInfo) -> Optional[str]:
- """A preprocessor condition for this function.
-
- The wrapper will be guarded with `#if` on this condition, if not None.
- """
- return self._FUNCTION_GUARDS.get(function.name)
-
- def _wrapper_info(self, function: FunctionInfo) -> Optional[WrapperInfo]:
- """Information about the wrapper for one function.
-
- Return None if the function should be skipped.
- """
- if self._skip_function(function):
- return None
- argument_names = [self._argument_name(function.name, num, arg)
- for num, arg in enumerate(function.arguments)]
- return WrapperInfo(
- argument_names=argument_names,
- guard=self._function_guard(function),
- wrapper_name=self._wrapper_function_name(function.name),
- )
-
- def _write_function_prototype(self, out: typing_util.Writable,
- function: FunctionInfo,
- wrapper: WrapperInfo,
- header: bool) -> None:
- """Write the prototype of a wrapper function.
-
- If header is true, write a function declaration, with a semicolon at
- the end. Otherwise just write the prototype, intended to be followed
- by the function's body.
- """
- declaration_start = self._wrapper_declaration_start(function,
- wrapper.wrapper_name)
- arg_indent = ' '
- terminator = ';\n' if header else '\n'
- if function.arguments:
- out.write(declaration_start + '(\n')
- for num in range(len(function.arguments)):
- arg_def = self._wrapper_declaration_argument(
- function.name,
- num, wrapper.argument_names[num], function.arguments[num])
- arg_terminator = \
- (')' + terminator if num == len(function.arguments) - 1 else
- ',\n')
- out.write(arg_indent + arg_def + arg_terminator)
- else:
- out.write(declaration_start + '(void)' + terminator)
-
- def _write_c_function(self, out: typing_util.Writable,
- function: FunctionInfo) -> None:
- """Write wrapper code for one function.
-
- Do nothing if the function is skipped.
- """
- wrapper = self._wrapper_info(function)
- if wrapper is None:
- return
- out.write("""
-/* Wrapper for {} */
-"""
- .format(function.name))
- if wrapper.guard is not None:
- out.write('#if {}\n'.format(wrapper.guard))
- self._write_function_prototype(out, function, wrapper, False)
- out.write('{\n')
- self._write_function_body(out, function, wrapper.argument_names)
- out.write('}\n')
- if wrapper.guard is not None:
- out.write('#endif /* {} */\n'.format(wrapper.guard))
-
- def _write_h_function_declaration(self, out: typing_util.Writable,
- function: FunctionInfo,
- wrapper: WrapperInfo) -> None:
- """Write the declaration of one wrapper function.
- """
- self._write_function_prototype(out, function, wrapper, True)
-
- def _write_h_macro_definition(self, out: typing_util.Writable,
- function: FunctionInfo,
- wrapper: WrapperInfo) -> None:
- """Write the macro definition for one wrapper.
- """
- arg_list = ', '.join(wrapper.argument_names)
- out.write('#define {function_name}({args}) \\\n {wrapper_name}({args})\n'
- .format(function_name=function.name,
- wrapper_name=wrapper.wrapper_name,
- args=arg_list))
-
- def _write_h_function(self, out: typing_util.Writable,
- function: FunctionInfo) -> None:
- """Write the complete header content for one wrapper.
-
- This is the declaration of the wrapper function, and the
- definition of a function-like macro that calls the wrapper function.
-
- Do nothing if the function is skipped.
- """
- wrapper = self._wrapper_info(function)
- if wrapper is None:
- return
- out.write('\n')
- if wrapper.guard is not None:
- out.write('#if {}\n'.format(wrapper.guard))
- self._write_h_function_declaration(out, function, wrapper)
- self._write_h_macro_definition(out, function, wrapper)
- if wrapper.guard is not None:
- out.write('#endif /* {} */\n'.format(wrapper.guard))
-
- def write_c_file(self, filename: str) -> None:
- """Output a whole C file containing function wrapper definitions."""
- with open(filename, 'w', encoding='utf-8') as out:
- self._write_prologue(out, False)
- for name in sorted(self.functions):
- self._write_c_function(out, self.functions[name])
- self._write_epilogue(out, False)
-
- def _header_guard_from_file_name(self, filename: str) -> str:
- """Preprocessor symbol used as a guard against multiple inclusion."""
- # Heuristic to strip irrelevant leading directories
- filename = re.sub(r'.*include[\\/]', r'', filename)
- return re.sub(r'[^0-9A-Za-z]', r'_', filename, re.A).upper()
-
- def write_h_file(self, filename: str) -> None:
- """Output a header file with function wrapper declarations and macro definitions."""
- self.header_guard = self._header_guard_from_file_name(filename)
- with open(filename, 'w', encoding='utf-8') as out:
- self._write_prologue(out, True)
- for name in sorted(self.functions):
- self._write_h_function(out, self.functions[name])
- self._write_epilogue(out, True)
-
-
-class UnknownTypeForPrintf(Exception):
- """Exception raised when attempting to generate code that logs a value of an unknown type."""
-
- def __init__(self, typ: str) -> None:
- super().__init__("Unknown type for printf format generation: " + typ)
-
-
-class Logging(Base):
- """Generate wrapper functions that log the inputs and outputs."""
-
- def __init__(self) -> None:
- """Construct a wrapper generator including logging of inputs and outputs.
-
- Log to stdout by default. Call `set_stream` to change this.
- """
- super().__init__()
- self.stream = 'stdout'
-
- def set_stream(self, stream: str) -> None:
- """Set the stdio stream to log to.
-
- Call this method before calling `write_c_output` or `write_h_output`.
- """
- self.stream = stream
-
- def _write_prologue(self, out: typing_util.Writable, header: bool) -> None:
- super()._write_prologue(out, header)
- if not header:
- out.write("""
-#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS)
-#include <stdio.h>
-#include <inttypes.h>
-#include <mbedtls/debug.h> // for MBEDTLS_PRINTF_SIZET
-#include <mbedtls/platform.h> // for mbedtls_fprintf
-#endif /* defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) */
-""")
-
- _PRINTF_SIMPLE_FORMAT = {
- 'int': '%d',
- 'long': '%ld',
- 'long long': '%lld',
- 'size_t': '%"MBEDTLS_PRINTF_SIZET"',
- 'unsigned': '0x%08x',
- 'unsigned int': '0x%08x',
- 'unsigned long': '0x%08lx',
- 'unsigned long long': '0x%016llx',
- }
-
- def _printf_simple_format(self, typ: str) -> Optional[str]:
- """Use this printf format for a value of typ.
-
- Return None if values of typ need more complex handling.
- """
- return self._PRINTF_SIMPLE_FORMAT.get(typ)
-
- _PRINTF_TYPE_CAST = {
- 'int32_t': 'int',
- 'uint32_t': 'unsigned',
- 'uint64_t': 'unsigned long long',
- } #type: Dict[str, str]
-
- def _printf_type_cast(self, typ: str) -> Optional[str]:
- """Cast values of typ to this type before passing them to printf.
-
- Return None if values of the given type do not need a cast.
- """
- return self._PRINTF_TYPE_CAST.get(typ)
-
- _POINTER_TYPE_RE = re.compile(r'\s*\*\Z')
-
- def _printf_parameters(self, typ: str, var: str) -> Tuple[str, List[str]]:
- """The printf format and arguments for a value of type typ stored in var.
- """
- expr = var
- base_type = typ
- # For outputs via a pointer, get the value that has been written.
- # Note: we don't support pointers to pointers here.
- pointer_match = self._POINTER_TYPE_RE.search(base_type)
- if pointer_match:
- base_type = base_type[:pointer_match.start(0)]
- expr = '*({})'.format(expr)
- # Maybe cast the value to a standard type.
- cast_to = self._printf_type_cast(base_type)
- if cast_to is not None:
- expr = '({}) {}'.format(cast_to, expr)
- base_type = cast_to
- # Try standard types.
- fmt = self._printf_simple_format(base_type)
- if fmt is not None:
- return '{}={}'.format(var, fmt), [expr]
- raise UnknownTypeForPrintf(typ)
-
- def _write_function_logging(self, out: typing_util.Writable,
- function: FunctionInfo,
- argument_names: List[str]) -> None:
- """Write code to log the function's inputs and outputs."""
- formats, values = '%s', ['"' + function.name + '"']
- for arg_info, arg_name in zip(function.arguments, argument_names):
- fmt, vals = self._printf_parameters(arg_info.type, arg_name)
- if fmt:
- formats += ' ' + fmt
- values += vals
- if not function.returns_void():
- ret_name = self._return_variable_name(function)
- fmt, vals = self._printf_parameters(function.return_type, ret_name)
- if fmt:
- formats += ' ' + fmt
- values += vals
- out.write("""\
-#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS)
- if ({stream}) {{
- mbedtls_fprintf({stream}, "{formats}\\n",
- {values});
- }}
-#endif /* defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) */
-"""
- .format(stream=self.stream,
- formats=formats,
- values=', '.join(values)))
-
- def _write_function_body(self, out: typing_util.Writable,
- function: FunctionInfo,
- argument_names: List[str]) -> None:
- """Write the body of the wrapper code for the specified function.
- """
- self._write_function_call(out, function, argument_names)
- self._write_function_logging(out, function, argument_names)
- self._write_function_return(out, function)
diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py
deleted file mode 100644
index a36de69..0000000
--- a/scripts/mbedtls_dev/crypto_data_tests.py
+++ /dev/null
@@ -1,112 +0,0 @@
-"""Generate test data for cryptographic mechanisms.
-
-This module is a work in progress, only implementing a few cases for now.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import hashlib
-from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import
-
-from . import crypto_knowledge
-from . import psa_information
-from . import test_case
-
-
-def psa_low_level_dependencies(*expressions: str) -> List[str]:
- """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols.
-
- This function generates MBEDTLS_PSA_BUILTIN_xxx symbols.
- """
- high_level = psa_information.automatic_dependencies(*expressions)
- for dep in high_level:
- assert dep.startswith('PSA_WANT_')
- return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level]
-
-
-class HashPSALowLevel:
- """Generate test cases for the PSA low-level hash interface."""
-
- def __init__(self, info: psa_information.Information) -> None:
- self.info = info
- base_algorithms = sorted(info.constructors.algorithms)
- all_algorithms = \
- [crypto_knowledge.Algorithm(expr)
- for expr in info.constructors.generate_expressions(base_algorithms)]
- self.algorithms = \
- [alg
- for alg in all_algorithms
- if (not alg.is_wildcard and
- alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))]
-
- # CALCULATE[alg] = function to return the hash of its argument in hex
- # TO-DO: implement the None entries with a third-party library, because
- # hashlib might not have everything, depending on the Python version and
- # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake
- # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not
- # available.
- CALCULATE = {
- 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(),
- 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest()
- 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(),
- 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(),
- 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(),
- 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(),
- 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(),
- 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest()
- 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest()
- 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(),
- 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(),
- 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(),
- 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(),
- 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64),
- } #type: Dict[str, Optional[Callable[[bytes], str]]]
-
- @staticmethod
- def one_test_case(alg: crypto_knowledge.Algorithm,
- function: str, note: str,
- arguments: List[str]) -> test_case.TestCase:
- """Construct one test case involving a hash."""
- tc = test_case.TestCase()
- tc.set_description('{}{} {}'
- .format(function,
- ' ' + note if note else '',
- alg.short_expression()))
- tc.set_dependencies(psa_low_level_dependencies(alg.expression))
- tc.set_function(function)
- tc.set_arguments([alg.expression] +
- ['"{}"'.format(arg) for arg in arguments])
- return tc
-
- def test_cases_for_hash(self,
- alg: crypto_knowledge.Algorithm
- ) -> Iterator[test_case.TestCase]:
- """Enumerate all test cases for one hash algorithm."""
- calc = self.CALCULATE[alg.expression]
- if calc is None:
- return # not implemented yet
-
- short = b'abc'
- hash_short = calc(short)
- long = (b'Hello, world. Here are 16 unprintable bytes: ['
- b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a'
- b'\x80\x81\x82\x83\xfe\xff]. '
- b' This message was brought to you by a natural intelligence. '
- b' If you can read this, good luck with your debugging!')
- hash_long = calc(long)
-
- yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')])
- yield self.one_test_case(alg, 'hash_valid_one_shot', '',
- [short.hex(), hash_short])
- for n in [0, 1, 64, len(long) - 1, len(long)]:
- yield self.one_test_case(alg, 'hash_valid_multipart',
- '{} + {}'.format(n, len(long) - n),
- [long[:n].hex(), calc(long[:n]),
- long[n:].hex(), hash_long])
-
- def all_test_cases(self) -> Iterator[test_case.TestCase]:
- """Enumerate all test cases for all hash algorithms."""
- for alg in self.algorithms:
- yield from self.test_cases_for_hash(alg)
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
deleted file mode 100644
index ebfd55c..0000000
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ /dev/null
@@ -1,568 +0,0 @@
-"""Knowledge about cryptographic mechanisms implemented in Mbed TLS.
-
-This module is entirely based on the PSA API.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import enum
-import re
-from typing import FrozenSet, Iterable, List, Optional, Tuple, Dict
-
-from .asymmetric_key_data import ASYMMETRIC_KEY_DATA
-
-
-def short_expression(original: str, level: int = 0) -> str:
- """Abbreviate the expression, keeping it human-readable.
-
- If `level` is 0, just remove parts that are implicit from context,
- such as a leading ``PSA_KEY_TYPE_``.
- For larger values of `level`, also abbreviate some names in an
- unambiguous, but ad hoc way.
- """
- short = original
- short = re.sub(r'\bPSA_(?:ALG|DH_FAMILY|ECC_FAMILY|KEY_[A-Z]+)_', r'', short)
- short = re.sub(r' +', r'', short)
- if level >= 1:
- short = re.sub(r'PUBLIC_KEY\b', r'PUB', short)
- short = re.sub(r'KEY_PAIR\b', r'PAIR', short)
- short = re.sub(r'\bBRAINPOOL_P', r'BP', short)
- short = re.sub(r'\bMONTGOMERY\b', r'MGM', short)
- short = re.sub(r'AEAD_WITH_SHORTENED_TAG\b', r'AEAD_SHORT', short)
- short = re.sub(r'\bDETERMINISTIC_', r'DET_', short)
- short = re.sub(r'\bKEY_AGREEMENT\b', r'KA', short)
- short = re.sub(r'_PSK_TO_MS\b', r'_PSK2MS', short)
- return short
-
-
-BLOCK_CIPHERS = frozenset(['AES', 'ARIA', 'CAMELLIA', 'DES'])
-BLOCK_MAC_MODES = frozenset(['CBC_MAC', 'CMAC'])
-BLOCK_CIPHER_MODES = frozenset([
- 'CTR', 'CFB', 'OFB', 'XTS', 'CCM_STAR_NO_TAG',
- 'ECB_NO_PADDING', 'CBC_NO_PADDING', 'CBC_PKCS7',
-])
-BLOCK_AEAD_MODES = frozenset(['CCM', 'GCM'])
-
-class EllipticCurveCategory(enum.Enum):
- """Categorization of elliptic curve families.
-
- The category of a curve determines what algorithms are defined over it.
- """
-
- SHORT_WEIERSTRASS = 0
- MONTGOMERY = 1
- TWISTED_EDWARDS = 2
-
- @staticmethod
- def from_family(family: str) -> 'EllipticCurveCategory':
- if family == 'PSA_ECC_FAMILY_MONTGOMERY':
- return EllipticCurveCategory.MONTGOMERY
- if family == 'PSA_ECC_FAMILY_TWISTED_EDWARDS':
- return EllipticCurveCategory.TWISTED_EDWARDS
- # Default to SW, which most curves belong to.
- return EllipticCurveCategory.SHORT_WEIERSTRASS
-
-
-class KeyType:
- """Knowledge about a PSA key type."""
-
- def __init__(self, name: str, params: Optional[Iterable[str]] = None) -> None:
- """Analyze a key type.
-
- The key type must be specified in PSA syntax. In its simplest form,
- `name` is a string 'PSA_KEY_TYPE_xxx' which is the name of a PSA key
- type macro. For key types that take arguments, the arguments can
- be passed either through the optional argument `params` or by
- passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, ...)'
- in `name` as a string.
- """
-
- self.name = name.strip()
- """The key type macro name (``PSA_KEY_TYPE_xxx``).
-
- For key types constructed from a macro with arguments, this is the
- name of the macro, and the arguments are in `self.params`.
- """
- if params is None:
- if '(' in self.name:
- m = re.match(r'(\w+)\s*\((.*)\)\Z', self.name)
- assert m is not None
- self.name = m.group(1)
- params = m.group(2).split(',')
- self.params = (None if params is None else
- [param.strip() for param in params])
- """The parameters of the key type, if there are any.
-
- None if the key type is a macro without arguments.
- """
- assert re.match(r'PSA_KEY_TYPE_\w+\Z', self.name)
-
- self.expression = self.name
- """A C expression whose value is the key type encoding."""
- if self.params is not None:
- self.expression += '(' + ', '.join(self.params) + ')'
-
- m = re.match(r'PSA_KEY_TYPE_(\w+)', self.name)
- assert m
- self.head = re.sub(r'_(?:PUBLIC_KEY|KEY_PAIR)\Z', r'', m.group(1))
- """The key type macro name, with common prefixes and suffixes stripped."""
-
- self.private_type = re.sub(r'_PUBLIC_KEY\Z', r'_KEY_PAIR', self.name)
- """The key type macro name for the corresponding key pair type.
-
- For everything other than a public key type, this is the same as
- `self.name`.
- """
-
- def short_expression(self, level: int = 0) -> str:
- """Abbreviate the expression, keeping it human-readable.
-
- See `crypto_knowledge.short_expression`.
- """
- return short_expression(self.expression, level=level)
-
- def is_public(self) -> bool:
- """Whether the key type is for public keys."""
- return self.name.endswith('_PUBLIC_KEY')
-
- DH_KEY_SIZES = {
- 'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192),
- } # type: Dict[str, Tuple[int, ...]]
- ECC_KEY_SIZES = {
- 'PSA_ECC_FAMILY_SECP_K1': (192, 225, 256),
- 'PSA_ECC_FAMILY_SECP_R1': (224, 256, 384, 521),
- 'PSA_ECC_FAMILY_SECP_R2': (160,),
- 'PSA_ECC_FAMILY_SECT_K1': (163, 233, 239, 283, 409, 571),
- 'PSA_ECC_FAMILY_SECT_R1': (163, 233, 283, 409, 571),
- 'PSA_ECC_FAMILY_SECT_R2': (163,),
- 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512),
- 'PSA_ECC_FAMILY_MONTGOMERY': (255, 448),
- 'PSA_ECC_FAMILY_TWISTED_EDWARDS': (255, 448),
- } # type: Dict[str, Tuple[int, ...]]
- KEY_TYPE_SIZES = {
- 'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive
- 'PSA_KEY_TYPE_ARIA': (128, 192, 256), # exhaustive
- 'PSA_KEY_TYPE_CAMELLIA': (128, 192, 256), # exhaustive
- 'PSA_KEY_TYPE_CHACHA20': (256,), # exhaustive
- 'PSA_KEY_TYPE_DERIVE': (120, 128), # sample
- 'PSA_KEY_TYPE_DES': (64, 128, 192), # exhaustive
- 'PSA_KEY_TYPE_HMAC': (128, 160, 224, 256, 384, 512), # standard size for each supported hash
- 'PSA_KEY_TYPE_PASSWORD': (48, 168, 336), # sample
- 'PSA_KEY_TYPE_PASSWORD_HASH': (128, 256), # sample
- 'PSA_KEY_TYPE_PEPPER': (128, 256), # sample
- 'PSA_KEY_TYPE_RAW_DATA': (8, 40, 128), # sample
- 'PSA_KEY_TYPE_RSA_KEY_PAIR': (1024, 1536), # small sample
- } # type: Dict[str, Tuple[int, ...]]
- def sizes_to_test(self) -> Tuple[int, ...]:
- """Return a tuple of key sizes to test.
-
- For key types that only allow a single size, or only a small set of
- sizes, these are all the possible sizes. For key types that allow a
- wide range of sizes, these are a representative sample of sizes,
- excluding large sizes for which a typical resource-constrained platform
- may run out of memory.
- """
- if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR':
- assert self.params is not None
- return self.ECC_KEY_SIZES[self.params[0]]
- if self.private_type == 'PSA_KEY_TYPE_DH_KEY_PAIR':
- assert self.params is not None
- return self.DH_KEY_SIZES[self.params[0]]
- return self.KEY_TYPE_SIZES[self.private_type]
-
- # "48657265006973206b6579a064617461"
- DATA_BLOCK = b'Here\000is key\240data'
- def key_material(self, bits: int) -> bytes:
- """Return a byte string containing suitable key material with the given bit length.
-
- Use the PSA export representation. The resulting byte string is one that
- can be obtained with the following code:
- ```
- psa_set_key_type(&attributes, `self.expression`);
- psa_set_key_bits(&attributes, `bits`);
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
- psa_generate_key(&attributes, &id);
- psa_export_key(id, `material`, ...);
- ```
- """
- if self.expression in ASYMMETRIC_KEY_DATA:
- if bits not in ASYMMETRIC_KEY_DATA[self.expression]:
- raise ValueError('No key data for {}-bit {}'
- .format(bits, self.expression))
- return ASYMMETRIC_KEY_DATA[self.expression][bits]
- if bits % 8 != 0:
- raise ValueError('Non-integer number of bytes: {} bits for {}'
- .format(bits, self.expression))
- length = bits // 8
- if self.name == 'PSA_KEY_TYPE_DES':
- # "644573206b457901644573206b457902644573206b457904"
- des3 = b'dEs kEy\001dEs kEy\002dEs kEy\004'
- return des3[:length]
- return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) +
- [self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]])
-
- def can_do(self, alg: 'Algorithm') -> bool:
- """Whether this key type can be used for operations with the given algorithm.
-
- This function does not currently handle key derivation or PAKE.
- """
- #pylint: disable=too-many-branches,too-many-return-statements
- if not alg.is_valid_for_operation():
- return False
- if self.head == 'HMAC' and alg.head == 'HMAC':
- return True
- if self.head == 'DES':
- # 64-bit block ciphers only allow a reduced set of modes.
- return alg.head in [
- 'CBC_NO_PADDING', 'CBC_PKCS7',
- 'ECB_NO_PADDING',
- ]
- if self.head in BLOCK_CIPHERS and \
- alg.head in frozenset.union(BLOCK_MAC_MODES,
- BLOCK_CIPHER_MODES,
- BLOCK_AEAD_MODES):
- if alg.head in ['CMAC', 'OFB'] and \
- self.head in ['ARIA', 'CAMELLIA']:
- return False # not implemented in Mbed TLS
- return True
- if self.head == 'CHACHA20' and alg.head == 'CHACHA20_POLY1305':
- return True
- if self.head in {'ARC4', 'CHACHA20'} and \
- alg.head == 'STREAM_CIPHER':
- return True
- if self.head == 'RSA' and alg.head.startswith('RSA_'):
- return True
- if alg.category == AlgorithmCategory.KEY_AGREEMENT and \
- self.is_public():
- # The PSA API does not use public key objects in key agreement
- # operations: it imports the public key as a formatted byte string.
- # So a public key object with a key agreement algorithm is not
- # a valid combination.
- return False
- if alg.is_invalid_key_agreement_with_derivation():
- return False
- if self.head == 'ECC':
- assert self.params is not None
- eccc = EllipticCurveCategory.from_family(self.params[0])
- if alg.head == 'ECDH' and \
- eccc in {EllipticCurveCategory.SHORT_WEIERSTRASS,
- EllipticCurveCategory.MONTGOMERY}:
- return True
- if alg.head == 'ECDSA' and \
- eccc == EllipticCurveCategory.SHORT_WEIERSTRASS:
- return True
- if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \
- eccc == EllipticCurveCategory.TWISTED_EDWARDS:
- return True
- if self.head == 'DH' and alg.head == 'FFDH':
- return True
- return False
-
-
-class AlgorithmCategory(enum.Enum):
- """PSA algorithm categories."""
- # The numbers are aligned with the category bits in numerical values of
- # algorithms.
- HASH = 2
- MAC = 3
- CIPHER = 4
- AEAD = 5
- SIGN = 6
- ASYMMETRIC_ENCRYPTION = 7
- KEY_DERIVATION = 8
- KEY_AGREEMENT = 9
- PAKE = 10
-
- def requires_key(self) -> bool:
- """Whether operations in this category are set up with a key."""
- return self not in {self.HASH, self.KEY_DERIVATION}
-
- def is_asymmetric(self) -> bool:
- """Whether operations in this category involve asymmetric keys."""
- return self in {
- self.SIGN,
- self.ASYMMETRIC_ENCRYPTION,
- self.KEY_AGREEMENT
- }
-
-
-class AlgorithmNotRecognized(Exception):
- def __init__(self, expr: str) -> None:
- super().__init__('Algorithm not recognized: ' + expr)
- self.expr = expr
-
-
-class Algorithm:
- """Knowledge about a PSA algorithm."""
-
- @staticmethod
- def determine_base(expr: str) -> str:
- """Return an expression for the "base" of the algorithm.
-
- This strips off variants of algorithms such as MAC truncation.
-
- This function does not attempt to detect invalid inputs.
- """
- m = re.match(r'PSA_ALG_(?:'
- r'(?:TRUNCATED|AT_LEAST_THIS_LENGTH)_MAC|'
- r'AEAD_WITH_(?:SHORTENED|AT_LEAST_THIS_LENGTH)_TAG'
- r')\((.*),[^,]+\)\Z', expr)
- if m:
- expr = m.group(1)
- return expr
-
- @staticmethod
- def determine_head(expr: str) -> str:
- """Return the head of an algorithm expression.
-
- The head is the first (outermost) constructor, without its PSA_ALG_
- prefix, and with some normalization of similar algorithms.
- """
- m = re.match(r'PSA_ALG_(?:DETERMINISTIC_)?(\w+)', expr)
- if not m:
- raise AlgorithmNotRecognized(expr)
- head = m.group(1)
- if head == 'KEY_AGREEMENT':
- m = re.match(r'PSA_ALG_KEY_AGREEMENT\s*\(\s*PSA_ALG_(\w+)', expr)
- if not m:
- raise AlgorithmNotRecognized(expr)
- head = m.group(1)
- head = re.sub(r'_ANY\Z', r'', head)
- if re.match(r'ED[0-9]+PH\Z', head):
- head = 'EDDSA_PREHASH'
- return head
-
- CATEGORY_FROM_HEAD = {
- 'SHA': AlgorithmCategory.HASH,
- 'SHAKE256_512': AlgorithmCategory.HASH,
- 'MD': AlgorithmCategory.HASH,
- 'RIPEMD': AlgorithmCategory.HASH,
- 'ANY_HASH': AlgorithmCategory.HASH,
- 'HMAC': AlgorithmCategory.MAC,
- 'STREAM_CIPHER': AlgorithmCategory.CIPHER,
- 'CHACHA20_POLY1305': AlgorithmCategory.AEAD,
- 'DSA': AlgorithmCategory.SIGN,
- 'ECDSA': AlgorithmCategory.SIGN,
- 'EDDSA': AlgorithmCategory.SIGN,
- 'PURE_EDDSA': AlgorithmCategory.SIGN,
- 'RSA_PSS': AlgorithmCategory.SIGN,
- 'RSA_PKCS1V15_SIGN': AlgorithmCategory.SIGN,
- 'RSA_PKCS1V15_CRYPT': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
- 'RSA_OAEP': AlgorithmCategory.ASYMMETRIC_ENCRYPTION,
- 'HKDF': AlgorithmCategory.KEY_DERIVATION,
- 'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION,
- 'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION,
- 'TLS12_ECJPAKE_TO_PMS': AlgorithmCategory.KEY_DERIVATION,
- 'PBKDF': AlgorithmCategory.KEY_DERIVATION,
- 'ECDH': AlgorithmCategory.KEY_AGREEMENT,
- 'FFDH': AlgorithmCategory.KEY_AGREEMENT,
- # KEY_AGREEMENT(...) is a key derivation with a key agreement component
- 'KEY_AGREEMENT': AlgorithmCategory.KEY_DERIVATION,
- 'JPAKE': AlgorithmCategory.PAKE,
- }
- for x in BLOCK_MAC_MODES:
- CATEGORY_FROM_HEAD[x] = AlgorithmCategory.MAC
- for x in BLOCK_CIPHER_MODES:
- CATEGORY_FROM_HEAD[x] = AlgorithmCategory.CIPHER
- for x in BLOCK_AEAD_MODES:
- CATEGORY_FROM_HEAD[x] = AlgorithmCategory.AEAD
-
- def determine_category(self, expr: str, head: str) -> AlgorithmCategory:
- """Return the category of the given algorithm expression.
-
- This function does not attempt to detect invalid inputs.
- """
- prefix = head
- while prefix:
- if prefix in self.CATEGORY_FROM_HEAD:
- return self.CATEGORY_FROM_HEAD[prefix]
- if re.match(r'.*[0-9]\Z', prefix):
- prefix = re.sub(r'_*[0-9]+\Z', r'', prefix)
- else:
- prefix = re.sub(r'_*[^_]*\Z', r'', prefix)
- raise AlgorithmNotRecognized(expr)
-
- @staticmethod
- def determine_wildcard(expr) -> bool:
- """Whether the given algorithm expression is a wildcard.
-
- This function does not attempt to detect invalid inputs.
- """
- if re.search(r'\bPSA_ALG_ANY_HASH\b', expr):
- return True
- if re.search(r'_AT_LEAST_', expr):
- return True
- return False
-
- def __init__(self, expr: str) -> None:
- """Analyze an algorithm value.
-
- The algorithm must be expressed as a C expression containing only
- calls to PSA algorithm constructor macros and numeric literals.
-
- This class is only programmed to handle valid expressions. Invalid
- expressions may result in exceptions or in nonsensical results.
- """
- self.expression = re.sub(r'\s+', r'', expr)
- self.base_expression = self.determine_base(self.expression)
- self.head = self.determine_head(self.base_expression)
- self.category = self.determine_category(self.base_expression, self.head)
- self.is_wildcard = self.determine_wildcard(self.expression)
-
- def get_key_agreement_derivation(self) -> Optional[str]:
- """For a combined key agreement and key derivation algorithm, get the derivation part.
-
- For anything else, return None.
- """
- if self.category != AlgorithmCategory.KEY_AGREEMENT:
- return None
- m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression)
- if not m:
- return None
- kdf_alg = m.group(1)
- # Assume kdf_alg is either a valid KDF or 0.
- if re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg):
- return None
- return kdf_alg
-
- KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT = frozenset([
- 'PSA_ALG_TLS12_ECJPAKE_TO_PMS', # secret input in specific format
- ])
- def is_valid_key_agreement_with_derivation(self) -> bool:
- """Whether this is a valid combined key agreement and key derivation algorithm."""
- kdf_alg = self.get_key_agreement_derivation()
- if kdf_alg is None:
- return False
- return kdf_alg not in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT
-
- def is_invalid_key_agreement_with_derivation(self) -> bool:
- """Whether this is an invalid combined key agreement and key derivation algorithm."""
- kdf_alg = self.get_key_agreement_derivation()
- if kdf_alg is None:
- return False
- return kdf_alg in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT
-
- def short_expression(self, level: int = 0) -> str:
- """Abbreviate the expression, keeping it human-readable.
-
- See `crypto_knowledge.short_expression`.
- """
- return short_expression(self.expression, level=level)
-
- HASH_LENGTH = {
- 'PSA_ALG_MD5': 16,
- 'PSA_ALG_SHA_1': 20,
- }
- HASH_LENGTH_BITS_RE = re.compile(r'([0-9]+)\Z')
- @classmethod
- def hash_length(cls, alg: str) -> int:
- """The length of the given hash algorithm, in bytes."""
- if alg in cls.HASH_LENGTH:
- return cls.HASH_LENGTH[alg]
- m = cls.HASH_LENGTH_BITS_RE.search(alg)
- if m:
- return int(m.group(1)) // 8
- raise ValueError('Unknown hash length for ' + alg)
-
- PERMITTED_TAG_LENGTHS = {
- 'PSA_ALG_CCM': frozenset([4, 6, 8, 10, 12, 14, 16]),
- 'PSA_ALG_CHACHA20_POLY1305': frozenset([16]),
- 'PSA_ALG_GCM': frozenset([4, 8, 12, 13, 14, 15, 16]),
- }
- MAC_LENGTH = {
- 'PSA_ALG_CBC_MAC': 16, # actually the block cipher length
- 'PSA_ALG_CMAC': 16, # actually the block cipher length
- }
- HMAC_RE = re.compile(r'PSA_ALG_HMAC\((.*)\)\Z')
- @classmethod
- def permitted_truncations(cls, base: str) -> FrozenSet[int]:
- """Permitted output lengths for the given MAC or AEAD base algorithm.
-
- For a MAC algorithm, this is the set of truncation lengths that
- Mbed TLS supports.
- For an AEAD algorithm, this is the set of truncation lengths that
- are permitted by the algorithm specification.
- """
- if base in cls.PERMITTED_TAG_LENGTHS:
- return cls.PERMITTED_TAG_LENGTHS[base]
- max_length = cls.MAC_LENGTH.get(base, None)
- if max_length is None:
- m = cls.HMAC_RE.match(base)
- if m:
- max_length = cls.hash_length(m.group(1))
- if max_length is None:
- raise ValueError('Unknown permitted lengths for ' + base)
- return frozenset(range(4, max_length + 1))
-
- TRUNCATED_ALG_RE = re.compile(
- r'(?P<face>PSA_ALG_(?:AEAD_WITH_SHORTENED_TAG|TRUNCATED_MAC))'
- r'\((?P<base>.*),'
- r'(?P<length>0[Xx][0-9A-Fa-f]+|[1-9][0-9]*|0[0-7]*)[LUlu]*\)\Z')
- def is_invalid_truncation(self) -> bool:
- """False for a MAC or AEAD algorithm truncated to an invalid length.
-
- True for a MAC or AEAD algorithm truncated to a valid length or to
- a length that cannot be determined. True for anything other than
- a truncated MAC or AEAD.
- """
- m = self.TRUNCATED_ALG_RE.match(self.expression)
- if m:
- base = m.group('base')
- to_length = int(m.group('length'), 0)
- permitted_lengths = self.permitted_truncations(base)
- if to_length not in permitted_lengths:
- return True
- return False
-
- def is_valid_for_operation(self) -> bool:
- """Whether this algorithm construction is valid for an operation.
-
- This function assumes that the algorithm is constructed in a
- "grammatically" correct way, and only rejects semantically invalid
- combinations.
- """
- if self.is_wildcard:
- return False
- if self.is_invalid_truncation():
- return False
- return True
-
- def can_do(self, category: AlgorithmCategory) -> bool:
- """Whether this algorithm can perform operations in the given category.
- """
- if category == self.category:
- return True
- if category == AlgorithmCategory.KEY_DERIVATION and \
- self.is_valid_key_agreement_with_derivation():
- return True
- return False
-
- def usage_flags(self, public: bool = False) -> List[str]:
- """The list of usage flags describing operations that can perform this algorithm.
-
- If public is true, only return public-key operations, not private-key operations.
- """
- if self.category == AlgorithmCategory.HASH:
- flags = []
- elif self.category == AlgorithmCategory.MAC:
- flags = ['SIGN_HASH', 'SIGN_MESSAGE',
- 'VERIFY_HASH', 'VERIFY_MESSAGE']
- elif self.category == AlgorithmCategory.CIPHER or \
- self.category == AlgorithmCategory.AEAD:
- flags = ['DECRYPT', 'ENCRYPT']
- elif self.category == AlgorithmCategory.SIGN:
- flags = ['VERIFY_HASH', 'VERIFY_MESSAGE']
- if not public:
- flags += ['SIGN_HASH', 'SIGN_MESSAGE']
- elif self.category == AlgorithmCategory.ASYMMETRIC_ENCRYPTION:
- flags = ['ENCRYPT']
- if not public:
- flags += ['DECRYPT']
- elif self.category == AlgorithmCategory.KEY_DERIVATION or \
- self.category == AlgorithmCategory.KEY_AGREEMENT:
- flags = ['DERIVE']
- else:
- raise AlgorithmNotRecognized(self.expression)
- return ['PSA_KEY_USAGE_' + flag for flag in flags]
diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py
deleted file mode 100644
index b40f3b1..0000000
--- a/scripts/mbedtls_dev/ecp.py
+++ /dev/null
@@ -1,875 +0,0 @@
-"""Framework classes for generation of ecp test cases."""
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-from typing import List
-
-from . import test_data_generation
-from . import bignum_common
-
-
-class EcpTarget(test_data_generation.BaseTarget):
- #pylint: disable=abstract-method, too-few-public-methods
- """Target for ecp test case generation."""
- target_basename = 'test_suite_ecp.generated'
-
-
-class EcpP192R1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P192 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p192_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED",
- "MBEDTLS_ECP_NIST_OPTIM"]
-
- moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "fffffffffffffffffffffffffffffffefffffffffffffffe",
-
- # Modulus + 1
- "ffffffffffffffffffffffffffffffff0000000000000000",
-
- # 2^192 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P192 multiplication result
- ("fffffffffffffffffffffffffffffffdfffffffffffffffc"
- "000000000000000100000000000000040000000000000004"),
-
- # Generate an overflow during reduction
- ("00000000000000000000000000000001ffffffffffffffff"
- "ffffffffffffffffffffffffffffffff0000000000000000"),
-
- # Generate an overflow during carry reduction
- ("ffffffffffffffff00000000000000010000000000000000"
- "fffffffffffffffeffffffffffffffff0000000000000000"),
-
- # First 8 number generated by random.getrandbits(384) - seed(2,2)
- ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
- "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
- "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"),
- ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7"
- "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"),
- ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"
- "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"),
- ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78"
- "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"
- "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"),
- ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561"
- "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"),
- ("bd143fa9b714210c665d7435c1066932f4767f26294365b2"
- "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
-
- # Next 2 number generated by random.getrandbits(192)
- "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2",
- "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63"
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP192R1"] + args
-
-
-class EcpP224R1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P224 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p224_raw"
- input_style = "arch_split"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED",
- "MBEDTLS_ECP_NIST_OPTIM"]
-
- moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "ffffffffffffffffffffffffffffffff000000000000000000000000",
-
- # Modulus + 1
- "ffffffffffffffffffffffffffffffff000000000000000000000002",
-
- # 2^224 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P224 multiplication result
- ("fffffffffffffffffffffffffffffffe000000000000000000000000"
- "00000001000000000000000000000000000000000000000000000000"),
-
- # Generate an overflow during reduction
- ("00000000000000000000000000010000000070000000002000001000"
- "ffffffffffff9fffffffffe00000efff000070000000002000001003"),
-
- # Generate an underflow during reduction
- ("00000001000000000000000000000000000000000000000000000000"
- "00000000000dc0000000000000000001000000010000000100000003"),
-
- # First 8 number generated by random.getrandbits(448) - seed(2,2)
- ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337"
- "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675"
- "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"),
- ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12"
- "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"),
- ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6"
- "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"),
- ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
- "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
- ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
- "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
- ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
- "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
- ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
- "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"),
-
- # Next 2 number generated by random.getrandbits(224)
- "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a",
- "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"
- ]
-
- @property
- def arg_a(self) -> str:
- limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
- hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
- return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP224R1"] + args
-
-
-class EcpP256R1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P256 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p256_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED",
- "MBEDTLS_ECP_NIST_OPTIM"]
-
- moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "ffffffff00000001000000000000000000000000fffffffffffffffffffffffe",
-
- # Modulus + 1
- "ffffffff00000001000000000000000000000001000000000000000000000000",
-
- # 2^256 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P256 multiplication result
- ("fffffffe00000002fffffffe0000000100000001fffffffe00000001fffffffc"
- "00000003fffffffcfffffffffffffffffffffffc000000000000000000000004"),
-
- # Generate an overflow during reduction
- ("0000000000000000000000010000000000000000000000000000000000000000"
- "00000000000000000000000000000000000000000000000000000000ffffffff"),
-
- # Generate an underflow during reduction
- ("0000000000000000000000000000000000000000000000000000000000000010"
- "ffffffff00000000000000000000000000000000000000000000000000000000"),
-
- # Generate an overflow during carry reduction
- ("aaaaaaaa00000000000000000000000000000000000000000000000000000000"
- "00000000000000000000000000000000aaaaaaacaaaaaaaaaaaaaaaa00000000"),
-
- # Generate an underflow during carry reduction
- ("000000000000000000000001ffffffff00000000000000000000000000000000"
- "0000000000000000000000000000000000000002000000020000000100000002"),
-
- # First 8 number generated by random.getrandbits(512) - seed(2,2)
- ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
- "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"
- "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"),
- ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626"
- "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"),
- ("829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"
- "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("e89204e2e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"
- "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"),
- ("bd143fa9b714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0"
- "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"),
- ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9"
- "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
- ("d08f1bb2531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"
- "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
-
- # Next 2 number generated by random.getrandbits(256)
- "c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062",
- "d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP256R1"] + args
-
-
-class EcpP384R1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P384 fast reduction."""
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p384_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED",
- "MBEDTLS_ECP_NIST_OPTIM"]
-
- moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffeffffffff0000000000000000ffffffff")
- ] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- ("ffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffeffffffff0000000000000000fffffffe"),
-
- # Modulus + 1
- ("ffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffeffffffff000000000000000100000000"),
-
- # 2^384 - 1
- ("ffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffff"),
-
- # Maximum canonical P384 multiplication result
- ("ffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffdfffffffe0000000000000001fffffffc"
- "000000000000000000000000000000010000000200000000"
- "fffffffe000000020000000400000000fffffffc00000004"),
-
- # Testing with overflow in A(12) + A(21) + A(20);
- ("497811378624857a2c2af60d70583376545484cfae5c812f"
- "e2999fc1abb51d18b559e8ca3b50aaf263fdf8f24bdfb98f"
- "ffffffff20e65bf9099e4e73a5e8b517cf4fbeb8fd1750fd"
- "ae6d43f2e53f82d5ffffffffffffffffcc6f1e06111c62e0"),
-
- # Testing with underflow in A(13) + A(22) + A(23) - A(12) - A(20);
- ("dfdd25e96777406b3c04b8c7b406f5fcf287e1e576003a09"
- "2852a6fbe517f2712b68abef41dbd35183a0614fb7222606"
- "ffffffff84396eee542f18a9189d94396c784059c17a9f18"
- "f807214ef32f2f10ffffffff8a77fac20000000000000000"),
-
- # Testing with overflow in A(23) + A(20) + A(19) - A(22);
- ("783753f8a5afba6c1862eead1deb2fcdd907272be3ffd185"
- "42b24a71ee8b26cab0aa33513610ff973042bbe1637cc9fc"
- "99ad36c7f703514572cf4f5c3044469a8f5be6312c19e5d3"
- "f8fc1ac6ffffffffffffffff8c86252400000000ffffffff"),
-
- # Testing with underflow in A(23) + A(20) + A(19) - A(22);
- ("65e1d2362fce922663b7fd517586e88842a9b4bd092e93e6"
- "251c9c69f278cbf8285d99ae3b53da5ba36e56701e2b17c2"
- "25f1239556c5f00117fa140218b46ebd8e34f50d0018701f"
- "a8a0a5cc00000000000000004410bcb4ffffffff00000000"),
-
- # Testing the second round of carry reduction
- ("000000000000000000000000ffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffff0000000000000000"
- "0000000000000000ffffffff000000000000000000000001"
- "00000000000000000000000000000000ffffffff00000001"),
-
- # First 8 number generated by random.getrandbits(768) - seed(2,2)
- ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
- "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"
- "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
- "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"
- "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"
- "ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7"
- "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"),
- ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"
- "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"
- "2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78"
- "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("bd143fa9b714210c665d7435c1066932f4767f26294365b2"
- "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"
- "97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561"
- "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"),
- ("8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4"
- "e73695c3e652c71a74667bffe202849da9643a295a9ac6de"
- "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63"
- "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
- ("d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f8777"
- "7ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6"
- "e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460"
- "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"),
- ("0227eeb7b9d7d01f5769da05d205bbfcc8c69069134bccd3"
- "e1cf4f589f8e4ce0af29d115ef24bd625dd961e6830b54fa"
- "7d28f93435339774bb1e386c4fd5079e681b8f5896838b76"
- "9da59b74a6c3181c81e220df848b1df78feb994a81167346"),
- ("d322a7353ead4efe440e2b4fda9c025a22f1a83185b98f5f"
- "c11e60de1b343f52ea748db9e020307aaeb6db2c3a038a70"
- "9779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a8"
- "1b2d19a2beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd"),
-
- # Next 2 number generated by random.getrandbits(384)
- ("5c3747465cc36c270e8a35b10828d569c268a20eb78ac332"
- "e5e138e26c4454b90f756132e16dce72f18e859835e1f291"),
- ("eb2b5693babb7fbb0a76c196067cfdcb11457d9cf45e2fa0"
- "1d7f4275153924800600571fac3a5b263fdf57cd2c006497")
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP384R1"] + args
-
-
-class EcpP521R1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P521 fast reduction."""
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p521_raw"
- input_style = "arch_split"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED",
- "MBEDTLS_ECP_NIST_OPTIM"]
-
- moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff")
- ] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- ("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"),
-
- # Modulus + 1
- ("020000000000000000000000000000000000000000000000000000000000000000"
- "000000000000000000000000000000000000000000000000000000000000000000"),
-
- # Maximum canonical P521 multiplication result
- ("0003ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "fffff800"
- "0000000000000000000000000000000000000000000000000000000000000000"
- "0000000000000000000000000000000000000000000000000000000000000004"),
-
- # Test case for overflow during addition
- ("0001efffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "000001ef"
- "0000000000000000000000000000000000000000000000000000000000000000"
- "000000000000000000000000000000000000000000000000000000000f000000"),
-
- # First 8 number generated by random.getrandbits(1042) - seed(2,2)
- ("0003cc2e82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f"
- "6e405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd"
- "9b1f282e"
- "4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
- "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("00017052829e07b0829a48d422fe99a22c70501e533c91352d3d854e061b9030"
- "3b08c6e33c7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c5055"
- "6c71c4a6"
- "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a"
- "09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57eb"),
- ("00021f15a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
- "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64"
- "ca2ce6bc"
- "5d3fd983c34c769fe89204e2e8168561867e5e15bc01bfce6a27e0dfcbf87544"
- "72154e76e4c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"),
- ("000381bc2a838af8d5c44a4eb3172062d08f1bb2531d6460f0caeef038c89b38"
- "a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688b9d39cca91551e82"
- "59cc60b1"
- "7604e4b4e73695c3e652c71a74667bffe202849da9643a295a9ac6decbd4d3e2"
- "d4dec9ef83f0be4e80371eb97f81375eecc1cb6347733e847d718d733ff98ff3"),
- ("00034816c8c69069134bccd3e1cf4f589f8e4ce0af29d115ef24bd625dd961e6"
- "830b54fa7d28f93435339774bb1e386c4fd5079e681b8f5896838b769da59b74"
- "a6c3181c"
- "81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a823"
- "4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6"),
- ("000397846c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe"
- "440e2b4fda9c025a22f1a83185b98f5fc11e60de1b343f52ea748db9e020307a"
- "aeb6db2c"
- "3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a81b2d19a2"
- "beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd0227eeb7b9d7d01f5769da05"),
- ("00002c3296e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d9"
- "2838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693"
- "babb7fbb"
- "0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b26"
- "3fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332"),
- ("00009d23b4917fc09f20dbb0dcc93f0e66dfe717c17313394391b6e2e6eacb0f"
- "0bb7be72bd6d25009aeb7fa0c4169b148d2f527e72daf0a54ef25c0707e33868"
- "7d1f7157"
- "5653a45c49390aa51cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71"
- "581d8e830112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec"),
-
- # Next 2 number generated by random.getrandbits(521)
- ("12b84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe"
- "3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccdf572df00790813e3"),
- ("166049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1"
- "eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706649889c0c7f38608")
- ]
-
- @property
- def arg_a(self) -> str:
- # Number of limbs: 2 * N
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP521R1"] + args
-
-
-class EcpP192K1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P192K1 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p192k1_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"]
-
- moduli = ["fffffffffffffffffffffffffffffffffffffffeffffee37"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "fffffffffffffffffffffffffffffffffffffffeffffee36",
-
- # Modulus + 1
- "fffffffffffffffffffffffffffffffffffffffeffffee38",
-
- # 2^192 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P192K1 multiplication result
- ("fffffffffffffffffffffffffffffffffffffffdffffdc6c"
- "0000000000000000000000000000000100002394013c7364"),
-
- # Test case for overflow during addition
- ("00000007ffff71b809e27dd832cfd5e04d9d2dbb9f8da217"
- "0000000000000000000000000000000000000000520834f0"),
-
- # First 8 number generated by random.getrandbits(384) - seed(2,2)
- ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd"
- "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1"
- "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"),
- ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7"
- "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"),
- ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"
- "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"),
- ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78"
- "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"
- "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"),
- ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561"
- "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"),
- ("bd143fa9b714210c665d7435c1066932f4767f26294365b2"
- "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
-
- # Next 2 number generated by random.getrandbits(192)
- "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2",
- "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63"
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self):
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP192K1"] + args
-
-
-class EcpP224K1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P224 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p224k1_raw"
- input_style = "arch_split"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"]
-
- moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c",
-
- # Modulus + 1
- "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56e",
-
- # 2^224 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P224K1 multiplication result
- ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8"
- "00000000000000000000000000000000000000010000352802c26590"),
-
- # Test case for overflow during addition
- ("0000007ffff2b68161180fd8cd92e1a109be158a19a99b1809db8032"
- "0000000000000000000000000000000000000000000000000bf04f49"),
-
- # First 8 number generated by random.getrandbits(448) - seed(2,2)
- ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337"
- "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675"
- "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"),
- ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12"
- "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"),
- ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6"
- "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"),
- ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
- "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
- ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
- "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
- ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
- "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
- ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
- "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"),
-
- # Next 2 number generated by random.getrandbits(224)
- ("eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
- ("f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"),
- ]
-
- @property
- def arg_a(self) -> str:
- limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb)
- hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb)
- return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self):
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP224K1"] + args
-
-
-class EcpP256K1Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P256 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p256k1_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"]
-
- moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e",
-
- # Modulus + 1
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30",
-
- # 2^256 - 1
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-
- # Maximum canonical P256K1 multiplication result
- ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c"
- "000000000000000000000000000000000000000000000001000007a4000e9844"),
-
- # Test case for overflow during addition
- ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
- "00000000000000000000000000000000000000000000000000000000585674fd"),
-
- # Test case for overflow during addition
- ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562"
- "00000000000000000000000000000000000000000000000000000000585674fd"),
-
- # First 8 number generated by random.getrandbits(512) - seed(2,2)
- ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
- "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"
- "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"),
- ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626"
- "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"),
- ("829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"
- "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("e89204e2e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"
- "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"),
- ("bd143fa9b714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0"
- "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"),
- ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9"
- "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
- ("d08f1bb2531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"
- "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
-
- # Next 2 number generated by random.getrandbits(256)
- ("c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"),
- ("d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"),
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self):
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_SECP256K1"] + args
-
-
-class EcpP255Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP 25519 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "mbedtls_ecp_mod_p255_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"]
-
- moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffed")] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),
-
- # Modulus + 1
- ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"),
-
- # 2^255 - 1
- ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
-
- # Maximum canonical P255 multiplication result
- ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"
- "0000000000000000000000000000000000000000000000000000000000000190"),
-
- # First 8 number generated by random.getrandbits(510) - seed(2,2)
- ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124"
- "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"),
- ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"
- "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"),
- ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626"
- "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"),
- ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"
- "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"),
- ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"
- "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"),
- ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0"
- "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"),
- ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9"
- "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"),
- ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"
- "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
-
- # Next 2 number generated by random.getrandbits(255)
- ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"),
- ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"),
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self)-> List[str]:
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_CURVE25519"] + args
-
-
-class EcpP448Raw(bignum_common.ModOperationCommon,
- EcpTarget):
- """Test cases for ECP P448 fast reduction."""
- symbol = "-"
- test_function = "ecp_mod_p_generic_raw"
- test_name = "ecp_mod_p448_raw"
- input_style = "fixed"
- arity = 1
- dependencies = ["MBEDTLS_ECP_DP_CURVE448_ENABLED"]
-
- moduli = [("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff")] # type: List[str]
-
- input_values = [
- "0", "1",
-
- # Modulus - 1
- ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"),
-
- # Modulus + 1
- ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "00000000000000000000000000000000000000000000000000000000"),
-
- # 2^448 - 1
- ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
- "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
-
- # Maximum canonical P448 multiplication result
- ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffd"
- "fffffffffffffffffffffffffffffffffffffffffffffffffffffffd"
- "00000000000000000000000000000000000000000000000000000004"
- "00000000000000000000000000000000000000000000000000000004"),
-
- # First 8 number generated by random.getrandbits(896) - seed(2,2)
- ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e"
- "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"
- "a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26"
- "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"),
- ("4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48"
- "e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460"
- "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"
- "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"),
- ("bc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da7"
- "0569c018eb2b5693babb7fbb0a76c196067cfdcb11457d9cf45e2fa0"
- "1d7f4275153924800600571fac3a5b263fdf57cd2c0064975c374746"
- "5cc36c270e8a35b10828d569c268a20eb78ac332e5e138e26c4454b9"),
- ("8d2f527e72daf0a54ef25c0707e338687d1f71575653a45c49390aa5"
- "1cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71581d8e83"
- "0112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec"
- "0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981ae"),
- ("84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da"
- "1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd"
- "f572df00790813e32748dd1db4917fc09f20dbb0dcc93f0e66dfe717"
- "c17313394391b6e2e6eacb0f0bb7be72bd6d25009aeb7fa0c4169b14"),
- ("2bb3b36f29421c4021b7379f0897246a40c270b00e893302aba9e7b8"
- "23fc5ad2f58105748ed5d1b7b310b730049dd332a73fa0b26b75196c"
- "f87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb8394"
- "24d201e653f53d6883ca1c107ca6e706649889c0c7f3860895bfa813"),
- ("af3f5d7841b1256d5c1dc12fb5a1ae519fb8883accda6559caa538a0"
- "9fc9370d3a6b86a7975b54a31497024640332b0612d4050771d7b14e"
- "b6c004cc3b8367dc3f2bb31efe9934ad0809eae3ef232a32b5459d83"
- "fbc46f1aea990e94821d46063b4dbf2ca294523d74115c86188b1044"),
- ("7430051376e31f5aab63ad02854efa600641b4fa37a47ce41aeffafc"
- "3b45402ac02659fe2e87d4150511baeb198ababb1a16daff3da95cd2"
- "167b75dfb948f82a8317cba01c75f67e290535d868a24b7f627f2855"
- "09167d4126af8090013c3273c02c6b9586b4625b475b51096c4ad652"),
-
- # Corner case which causes maximum overflow
- ("f4ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1"
- "a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd0B"
- "519A16DF59C53E0D49B209200F878F362ACE518D5B8BFCF9CDC725E5E"
- "01C06295E8605AF06932B5006D9E556D3F190E8136BF9C643D332"),
-
- # Next 2 number generated by random.getrandbits(448)
- ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4"
- "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"),
- ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15"
- "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"),
-
- ]
-
- @property
- def arg_a(self) -> str:
- return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits)
-
- def result(self) -> List[str]:
- result = self.int_a % self.int_n
- return [self.format_result(result)]
-
- @property
- def is_valid(self) -> bool:
- return True
-
- def arguments(self):
- args = super().arguments()
- return ["MBEDTLS_ECP_DP_CURVE448"] + args
diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py
deleted file mode 100644
index ddd7c7f..0000000
--- a/scripts/mbedtls_dev/logging_util.py
+++ /dev/null
@@ -1,46 +0,0 @@
-"""Auxiliary functions used for logging module.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import logging
-import sys
-
-def configure_logger(
- logger: logging.Logger,
- log_format="[%(levelname)s]: %(message)s",
- split_level=logging.WARNING
- ) -> None:
- """
- Configure the logging.Logger instance so that:
- - Format is set to any log_format.
- Default: "[%(levelname)s]: %(message)s"
- - loglevel >= split_level are printed to stderr.
- - loglevel < split_level are printed to stdout.
- Default: logging.WARNING
- """
- class MaxLevelFilter(logging.Filter):
- # pylint: disable=too-few-public-methods
- def __init__(self, max_level, name=''):
- super().__init__(name)
- self.max_level = max_level
-
- def filter(self, record: logging.LogRecord) -> bool:
- return record.levelno <= self.max_level
-
- log_formatter = logging.Formatter(log_format)
-
- # set loglevel >= split_level to be printed to stderr
- stderr_hdlr = logging.StreamHandler(sys.stderr)
- stderr_hdlr.setLevel(split_level)
- stderr_hdlr.setFormatter(log_formatter)
-
- # set loglevel < split_level to be printed to stdout
- stdout_hdlr = logging.StreamHandler(sys.stdout)
- stdout_hdlr.addFilter(MaxLevelFilter(split_level - 1))
- stdout_hdlr.setFormatter(log_formatter)
-
- logger.addHandler(stderr_hdlr)
- logger.addHandler(stdout_hdlr)
diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py
deleted file mode 100644
index d68be00..0000000
--- a/scripts/mbedtls_dev/macro_collector.py
+++ /dev/null
@@ -1,539 +0,0 @@
-"""Collect macro definitions from header files.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import itertools
-import re
-from typing import Dict, IO, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union
-
-
-class ReadFileLineException(Exception):
- def __init__(self, filename: str, line_number: Union[int, str]) -> None:
- message = 'in {} at {}'.format(filename, line_number)
- super(ReadFileLineException, self).__init__(message)
- self.filename = filename
- self.line_number = line_number
-
-
-class read_file_lines:
- # Dear Pylint, conventionally, a context manager class name is lowercase.
- # pylint: disable=invalid-name,too-few-public-methods
- """Context manager to read a text file line by line.
-
- ```
- with read_file_lines(filename) as lines:
- for line in lines:
- process(line)
- ```
- is equivalent to
- ```
- with open(filename, 'r') as input_file:
- for line in input_file:
- process(line)
- ```
- except that if process(line) raises an exception, then the read_file_lines
- snippet annotates the exception with the file name and line number.
- """
- def __init__(self, filename: str, binary: bool = False) -> None:
- self.filename = filename
- self.file = None #type: Optional[IO[str]]
- self.line_number = 'entry' #type: Union[int, str]
- self.generator = None #type: Optional[Iterable[Tuple[int, str]]]
- self.binary = binary
- def __enter__(self) -> 'read_file_lines':
- self.file = open(self.filename, 'rb' if self.binary else 'r')
- self.generator = enumerate(self.file)
- return self
- def __iter__(self) -> Iterator[str]:
- assert self.generator is not None
- for line_number, content in self.generator:
- self.line_number = line_number
- yield content
- self.line_number = 'exit'
- def __exit__(self, exc_type, exc_value, exc_traceback) -> None:
- if self.file is not None:
- self.file.close()
- if exc_type is not None:
- raise ReadFileLineException(self.filename, self.line_number) \
- from exc_value
-
-
-class PSAMacroEnumerator:
- """Information about constructors of various PSA Crypto types.
-
- This includes macro names as well as information about their arguments
- when applicable.
-
- This class only provides ways to enumerate expressions that evaluate to
- values of the covered types. Derived classes are expected to populate
- the set of known constructors of each kind, as well as populate
- `self.arguments_for` for arguments that are not of a kind that is
- enumerated here.
- """
- #pylint: disable=too-many-instance-attributes
-
- def __init__(self) -> None:
- """Set up an empty set of known constructor macros.
- """
- self.statuses = set() #type: Set[str]
- self.lifetimes = set() #type: Set[str]
- self.locations = set() #type: Set[str]
- self.persistence_levels = set() #type: Set[str]
- self.algorithms = set() #type: Set[str]
- self.ecc_curves = set() #type: Set[str]
- self.dh_groups = set() #type: Set[str]
- self.key_types = set() #type: Set[str]
- self.key_usage_flags = set() #type: Set[str]
- self.hash_algorithms = set() #type: Set[str]
- self.mac_algorithms = set() #type: Set[str]
- self.ka_algorithms = set() #type: Set[str]
- self.kdf_algorithms = set() #type: Set[str]
- self.pake_algorithms = set() #type: Set[str]
- self.aead_algorithms = set() #type: Set[str]
- self.sign_algorithms = set() #type: Set[str]
- # macro name -> list of argument names
- self.argspecs = {} #type: Dict[str, List[str]]
- # argument name -> list of values
- self.arguments_for = {
- 'mac_length': [],
- 'min_mac_length': [],
- 'tag_length': [],
- 'min_tag_length': [],
- } #type: Dict[str, List[str]]
- # Whether to include intermediate macros in enumerations. Intermediate
- # macros serve as category headers and are not valid values of their
- # type. See `is_internal_name`.
- # Always false in this class, may be set to true in derived classes.
- self.include_intermediate = False
-
- def is_internal_name(self, name: str) -> bool:
- """Whether this is an internal macro. Internal macros will be skipped."""
- if not self.include_intermediate:
- if name.endswith('_BASE') or name.endswith('_NONE'):
- return True
- if '_CATEGORY_' in name:
- return True
- return name.endswith('_FLAG') or name.endswith('_MASK')
-
- def gather_arguments(self) -> None:
- """Populate the list of values for macro arguments.
-
- Call this after parsing all the inputs.
- """
- self.arguments_for['hash_alg'] = sorted(self.hash_algorithms)
- self.arguments_for['mac_alg'] = sorted(self.mac_algorithms)
- self.arguments_for['ka_alg'] = sorted(self.ka_algorithms)
- self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms)
- self.arguments_for['aead_alg'] = sorted(self.aead_algorithms)
- self.arguments_for['sign_alg'] = sorted(self.sign_algorithms)
- self.arguments_for['curve'] = sorted(self.ecc_curves)
- self.arguments_for['group'] = sorted(self.dh_groups)
- self.arguments_for['persistence'] = sorted(self.persistence_levels)
- self.arguments_for['location'] = sorted(self.locations)
- self.arguments_for['lifetime'] = sorted(self.lifetimes)
-
- @staticmethod
- def _format_arguments(name: str, arguments: Iterable[str]) -> str:
- """Format a macro call with arguments.
-
- The resulting format is consistent with
- `InputsForTest.normalize_argument`.
- """
- return name + '(' + ', '.join(arguments) + ')'
-
- _argument_split_re = re.compile(r' *, *')
- @classmethod
- def _argument_split(cls, arguments: str) -> List[str]:
- return re.split(cls._argument_split_re, arguments)
-
- def distribute_arguments(self, name: str) -> Iterator[str]:
- """Generate macro calls with each tested argument set.
-
- If name is a macro without arguments, just yield "name".
- If name is a macro with arguments, yield a series of
- "name(arg1,...,argN)" where each argument takes each possible
- value at least once.
- """
- try:
- if name not in self.argspecs:
- yield name
- return
- argspec = self.argspecs[name]
- if argspec == []:
- yield name + '()'
- return
- argument_lists = [self.arguments_for[arg] for arg in argspec]
- arguments = [values[0] for values in argument_lists]
- yield self._format_arguments(name, arguments)
- # Dear Pylint, enumerate won't work here since we're modifying
- # the array.
- # pylint: disable=consider-using-enumerate
- for i in range(len(arguments)):
- for value in argument_lists[i][1:]:
- arguments[i] = value
- yield self._format_arguments(name, arguments)
- arguments[i] = argument_lists[i][0]
- except BaseException as e:
- raise Exception('distribute_arguments({})'.format(name)) from e
-
- def distribute_arguments_without_duplicates(
- self, seen: Set[str], name: str
- ) -> Iterator[str]:
- """Same as `distribute_arguments`, but don't repeat seen results."""
- for result in self.distribute_arguments(name):
- if result not in seen:
- seen.add(result)
- yield result
-
- def generate_expressions(self, names: Iterable[str]) -> Iterator[str]:
- """Generate expressions covering values constructed from the given names.
-
- `names` can be any iterable collection of macro names.
-
- For example:
- * ``generate_expressions(['PSA_ALG_CMAC', 'PSA_ALG_HMAC'])``
- generates ``'PSA_ALG_CMAC'`` as well as ``'PSA_ALG_HMAC(h)'`` for
- every known hash algorithm ``h``.
- * ``macros.generate_expressions(macros.key_types)`` generates all
- key types.
- """
- seen = set() #type: Set[str]
- return itertools.chain(*(
- self.distribute_arguments_without_duplicates(seen, name)
- for name in names
- ))
-
-
-class PSAMacroCollector(PSAMacroEnumerator):
- """Collect PSA crypto macro definitions from C header files.
- """
-
- def __init__(self, include_intermediate: bool = False) -> None:
- """Set up an object to collect PSA macro definitions.
-
- Call the read_file method of the constructed object on each header file.
-
- * include_intermediate: if true, include intermediate macros such as
- PSA_XXX_BASE that do not designate semantic values.
- """
- super().__init__()
- self.include_intermediate = include_intermediate
- self.key_types_from_curve = {} #type: Dict[str, str]
- self.key_types_from_group = {} #type: Dict[str, str]
- self.algorithms_from_hash = {} #type: Dict[str, str]
-
- @staticmethod
- def algorithm_tester(name: str) -> str:
- """The predicate for whether an algorithm is built from the given constructor.
-
- The given name must be the name of an algorithm constructor of the
- form ``PSA_ALG_xxx`` which is used as ``PSA_ALG_xxx(yyy)`` to build
- an algorithm value. Return the corresponding predicate macro which
- is used as ``predicate(alg)`` to test whether ``alg`` can be built
- as ``PSA_ALG_xxx(yyy)``. The predicate is usually called
- ``PSA_ALG_IS_xxx``.
- """
- prefix = 'PSA_ALG_'
- assert name.startswith(prefix)
- midfix = 'IS_'
- suffix = name[len(prefix):]
- if suffix in ['DSA', 'ECDSA']:
- midfix += 'RANDOMIZED_'
- elif suffix == 'RSA_PSS':
- suffix += '_STANDARD_SALT'
- return prefix + midfix + suffix
-
- def record_algorithm_subtype(self, name: str, expansion: str) -> None:
- """Record the subtype of an algorithm constructor.
-
- Given a ``PSA_ALG_xxx`` macro name and its expansion, if the algorithm
- is of a subtype that is tracked in its own set, add it to the relevant
- set.
- """
- # This code is very ad hoc and fragile. It should be replaced by
- # something more robust.
- if re.match(r'MAC(?:_|\Z)', name):
- self.mac_algorithms.add(name)
- elif re.match(r'KDF(?:_|\Z)', name):
- self.kdf_algorithms.add(name)
- elif re.search(r'0x020000[0-9A-Fa-f]{2}', expansion):
- self.hash_algorithms.add(name)
- elif re.search(r'0x03[0-9A-Fa-f]{6}', expansion):
- self.mac_algorithms.add(name)
- elif re.search(r'0x05[0-9A-Fa-f]{6}', expansion):
- self.aead_algorithms.add(name)
- elif re.search(r'0x09[0-9A-Fa-f]{2}0000', expansion):
- self.ka_algorithms.add(name)
- elif re.search(r'0x08[0-9A-Fa-f]{6}', expansion):
- self.kdf_algorithms.add(name)
-
- # "#define" followed by a macro name with either no parameters
- # or a single parameter and a non-empty expansion.
- # Grab the macro name in group 1, the parameter name if any in group 2
- # and the expansion in group 3.
- _define_directive_re = re.compile(r'\s*#\s*define\s+(\w+)' +
- r'(?:\s+|\((\w+)\)\s*)' +
- r'(.+)')
- _deprecated_definition_re = re.compile(r'\s*MBEDTLS_DEPRECATED')
-
- def read_line(self, line):
- """Parse a C header line and record the PSA identifier it defines if any.
- This function analyzes lines that start with "#define PSA_"
- (up to non-significant whitespace) and skips all non-matching lines.
- """
- # pylint: disable=too-many-branches
- m = re.match(self._define_directive_re, line)
- if not m:
- return
- name, parameter, expansion = m.groups()
- expansion = re.sub(r'/\*.*?\*/|//.*', r' ', expansion)
- if parameter:
- self.argspecs[name] = [parameter]
- if re.match(self._deprecated_definition_re, expansion):
- # Skip deprecated values, which are assumed to be
- # backward compatibility aliases that share
- # numerical values with non-deprecated values.
- return
- if self.is_internal_name(name):
- # Macro only to build actual values
- return
- elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \
- and not parameter:
- self.statuses.add(name)
- elif name.startswith('PSA_KEY_TYPE_') and not parameter:
- self.key_types.add(name)
- elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve':
- self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:]
- elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group':
- self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:]
- elif name.startswith('PSA_ECC_FAMILY_') and not parameter:
- self.ecc_curves.add(name)
- elif name.startswith('PSA_DH_FAMILY_') and not parameter:
- self.dh_groups.add(name)
- elif name.startswith('PSA_ALG_') and not parameter:
- if name in ['PSA_ALG_ECDSA_BASE',
- 'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']:
- # Ad hoc skipping of duplicate names for some numerical values
- return
- self.algorithms.add(name)
- self.record_algorithm_subtype(name, expansion)
- elif name.startswith('PSA_ALG_') and parameter == 'hash_alg':
- self.algorithms_from_hash[name] = self.algorithm_tester(name)
- elif name.startswith('PSA_KEY_USAGE_') and not parameter:
- self.key_usage_flags.add(name)
- else:
- # Other macro without parameter
- return
-
- _nonascii_re = re.compile(rb'[^\x00-\x7f]+')
- _continued_line_re = re.compile(rb'\\\r?\n\Z')
- def read_file(self, header_file):
- for line in header_file:
- m = re.search(self._continued_line_re, line)
- while m:
- cont = next(header_file)
- line = line[:m.start(0)] + cont
- m = re.search(self._continued_line_re, line)
- line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
- self.read_line(line)
-
-
-class InputsForTest(PSAMacroEnumerator):
- # pylint: disable=too-many-instance-attributes
- """Accumulate information about macros to test.
-enumerate
- This includes macro names as well as information about their arguments
- when applicable.
- """
-
- def __init__(self) -> None:
- super().__init__()
- self.all_declared = set() #type: Set[str]
- # Identifier prefixes
- self.table_by_prefix = {
- 'ERROR': self.statuses,
- 'ALG': self.algorithms,
- 'ECC_CURVE': self.ecc_curves,
- 'DH_GROUP': self.dh_groups,
- 'KEY_LIFETIME': self.lifetimes,
- 'KEY_LOCATION': self.locations,
- 'KEY_PERSISTENCE': self.persistence_levels,
- 'KEY_TYPE': self.key_types,
- 'KEY_USAGE': self.key_usage_flags,
- } #type: Dict[str, Set[str]]
- # Test functions
- self.table_by_test_function = {
- # Any function ending in _algorithm also gets added to
- # self.algorithms.
- 'key_type': [self.key_types],
- 'block_cipher_key_type': [self.key_types],
- 'stream_cipher_key_type': [self.key_types],
- 'ecc_key_family': [self.ecc_curves],
- 'ecc_key_types': [self.ecc_curves],
- 'dh_key_family': [self.dh_groups],
- 'dh_key_types': [self.dh_groups],
- 'hash_algorithm': [self.hash_algorithms],
- 'mac_algorithm': [self.mac_algorithms],
- 'cipher_algorithm': [],
- 'hmac_algorithm': [self.mac_algorithms, self.sign_algorithms],
- 'aead_algorithm': [self.aead_algorithms],
- 'key_derivation_algorithm': [self.kdf_algorithms],
- 'key_agreement_algorithm': [self.ka_algorithms],
- 'asymmetric_signature_algorithm': [self.sign_algorithms],
- 'asymmetric_signature_wildcard': [self.algorithms],
- 'asymmetric_encryption_algorithm': [],
- 'pake_algorithm': [self.pake_algorithms],
- 'other_algorithm': [],
- 'lifetime': [self.lifetimes],
- } #type: Dict[str, List[Set[str]]]
- mac_lengths = [str(n) for n in [
- 1, # minimum expressible
- 4, # minimum allowed by policy
- 13, # an odd size in a plausible range
- 14, # an even non-power-of-two size in a plausible range
- 16, # same as full size for at least one algorithm
- 63, # maximum expressible
- ]]
- self.arguments_for['mac_length'] += mac_lengths
- self.arguments_for['min_mac_length'] += mac_lengths
- aead_lengths = [str(n) for n in [
- 1, # minimum expressible
- 4, # minimum allowed by policy
- 13, # an odd size in a plausible range
- 14, # an even non-power-of-two size in a plausible range
- 16, # same as full size for at least one algorithm
- 63, # maximum expressible
- ]]
- self.arguments_for['tag_length'] += aead_lengths
- self.arguments_for['min_tag_length'] += aead_lengths
-
- def add_numerical_values(self) -> None:
- """Add numerical values that are not supported to the known identifiers."""
- # Sets of names per type
- self.algorithms.add('0xffffffff')
- self.ecc_curves.add('0xff')
- self.dh_groups.add('0xff')
- self.key_types.add('0xffff')
- self.key_usage_flags.add('0x80000000')
-
- # Hard-coded values for unknown algorithms
- #
- # These have to have values that are correct for their respective
- # PSA_ALG_IS_xxx macros, but are also not currently assigned and are
- # not likely to be assigned in the near future.
- self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH
- self.mac_algorithms.add('0x03007fff')
- self.ka_algorithms.add('0x09fc0000')
- self.kdf_algorithms.add('0x080000ff')
- self.pake_algorithms.add('0x0a0000ff')
- # For AEAD algorithms, the only variability is over the tag length,
- # and this only applies to known algorithms, so don't test an
- # unknown algorithm.
-
- def get_names(self, type_word: str) -> Set[str]:
- """Return the set of known names of values of the given type."""
- return {
- 'status': self.statuses,
- 'algorithm': self.algorithms,
- 'ecc_curve': self.ecc_curves,
- 'dh_group': self.dh_groups,
- 'key_type': self.key_types,
- 'key_usage': self.key_usage_flags,
- }[type_word]
-
- # Regex for interesting header lines.
- # Groups: 1=macro name, 2=type, 3=argument list (optional).
- _header_line_re = \
- re.compile(r'#define +' +
- r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' +
- r'(?:\(([^\n()]*)\))?')
- # Regex of macro names to exclude.
- _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z')
- # Additional excluded macros.
- _excluded_names = set([
- # Macros that provide an alternative way to build the same
- # algorithm as another macro.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG',
- 'PSA_ALG_FULL_LENGTH_MAC',
- # Auxiliary macro whose name doesn't fit the usual patterns for
- # auxiliary macros.
- 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE',
- ])
- def parse_header_line(self, line: str) -> None:
- """Parse a C header line, looking for "#define PSA_xxx"."""
- m = re.match(self._header_line_re, line)
- if not m:
- return
- name = m.group(1)
- self.all_declared.add(name)
- if re.search(self._excluded_name_re, name) or \
- name in self._excluded_names or \
- self.is_internal_name(name):
- return
- dest = self.table_by_prefix.get(m.group(2))
- if dest is None:
- return
- dest.add(name)
- if m.group(3):
- self.argspecs[name] = self._argument_split(m.group(3))
-
- _nonascii_re = re.compile(rb'[^\x00-\x7f]+') #type: Pattern
- def parse_header(self, filename: str) -> None:
- """Parse a C header file, looking for "#define PSA_xxx"."""
- with read_file_lines(filename, binary=True) as lines:
- for line in lines:
- line = re.sub(self._nonascii_re, rb'', line).decode('ascii')
- self.parse_header_line(line)
-
- _macro_identifier_re = re.compile(r'[A-Z]\w+')
- def generate_undeclared_names(self, expr: str) -> Iterable[str]:
- for name in re.findall(self._macro_identifier_re, expr):
- if name not in self.all_declared:
- yield name
-
- def accept_test_case_line(self, function: str, argument: str) -> bool:
- #pylint: disable=unused-argument
- undeclared = list(self.generate_undeclared_names(argument))
- if undeclared:
- raise Exception('Undeclared names in test case', undeclared)
- return True
-
- @staticmethod
- def normalize_argument(argument: str) -> str:
- """Normalize whitespace in the given C expression.
-
- The result uses the same whitespace as
- ` PSAMacroEnumerator.distribute_arguments`.
- """
- return re.sub(r',', r', ', re.sub(r' +', r'', argument))
-
- def add_test_case_line(self, function: str, argument: str) -> None:
- """Parse a test case data line, looking for algorithm metadata tests."""
- sets = []
- if function.endswith('_algorithm'):
- sets.append(self.algorithms)
- if function == 'key_agreement_algorithm' and \
- argument.startswith('PSA_ALG_KEY_AGREEMENT('):
- # We only want *raw* key agreement algorithms as such, so
- # exclude ones that are already chained with a KDF.
- # Keep the expression as one to test as an algorithm.
- function = 'other_algorithm'
- sets += self.table_by_test_function[function]
- if self.accept_test_case_line(function, argument):
- for s in sets:
- s.add(self.normalize_argument(argument))
-
- # Regex matching a *.data line containing a test function call and
- # its arguments. The actual definition is partly positional, but this
- # regex is good enough in practice.
- _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)')
- def parse_test_cases(self, filename: str) -> None:
- """Parse a test case file (*.data), looking for algorithm metadata tests."""
- with read_file_lines(filename) as lines:
- for line in lines:
- m = re.match(self._test_case_line_re, line)
- if m:
- self.add_test_case_line(m.group(1), m.group(2))
diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py
deleted file mode 100644
index 6080386..0000000
--- a/scripts/mbedtls_dev/psa_information.py
+++ /dev/null
@@ -1,161 +0,0 @@
-"""Collect information about PSA cryptographic mechanisms.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import re
-from collections import OrderedDict
-from typing import FrozenSet, List, Optional
-
-from . import macro_collector
-
-
-class Information:
- """Gather information about PSA constructors."""
-
- def __init__(self) -> None:
- self.constructors = self.read_psa_interface()
-
- @staticmethod
- def remove_unwanted_macros(
- constructors: macro_collector.PSAMacroEnumerator
- ) -> None:
- # Mbed TLS does not support finite-field DSA.
- # Don't attempt to generate any related test case.
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR')
- constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY')
-
- def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator:
- """Return the list of known key types, algorithms, etc."""
- constructors = macro_collector.InputsForTest()
- header_file_names = ['include/psa/crypto_values.h',
- 'include/psa/crypto_extra.h']
- test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data']
- for header_file_name in header_file_names:
- constructors.parse_header(header_file_name)
- for test_cases in test_suites:
- constructors.parse_test_cases(test_cases)
- self.remove_unwanted_macros(constructors)
- constructors.gather_arguments()
- return constructors
-
-
-def psa_want_symbol(name: str) -> str:
- """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature."""
- if name.startswith('PSA_'):
- return name[:4] + 'WANT_' + name[4:]
- else:
- raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name)
-
-def finish_family_dependency(dep: str, bits: int) -> str:
- """Finish dep if it's a family dependency symbol prefix.
-
- A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be
- qualified by the key size. If dep is such a symbol, finish it by adjusting
- the prefix and appending the key size. Other symbols are left unchanged.
- """
- return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep)
-
-def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]:
- """Finish any family dependency symbol prefixes.
-
- Apply `finish_family_dependency` to each element of `dependencies`.
- """
- return [finish_family_dependency(dep, bits) for dep in dependencies]
-
-SYMBOLS_WITHOUT_DEPENDENCY = frozenset([
- 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies
- 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier
- 'PSA_ALG_ANY_HASH', # only in policies
- 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies
- 'PSA_ALG_KEY_AGREEMENT', # chaining
- 'PSA_ALG_TRUNCATED_MAC', # modifier
-])
-def automatic_dependencies(*expressions: str) -> List[str]:
- """Infer dependencies of a test case by looking for PSA_xxx symbols.
-
- The arguments are strings which should be C expressions. Do not use
- string literals or comments as this function is not smart enough to
- skip them.
- """
- used = set()
- for expr in expressions:
- used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|DH_FAMILY|KEY_TYPE)_\w+', expr))
- used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
- return sorted(psa_want_symbol(name) for name in used)
-
-# Define set of regular expressions and dependencies to optionally append
-# extra dependencies for test case based on key description.
-
-# Skip AES test cases which require 192- or 256-bit key
-# if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined
-AES_128BIT_ONLY_DEP_REGEX = re.compile(r'AES\s(192|256)')
-AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH']
-# Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode
-# if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled.
-ECB_NO_PADDING_DEP_REGEX = re.compile(r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING')
-ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT']
-
-DEPENDENCY_FROM_DESCRIPTION = OrderedDict()
-DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP
-DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP
-def generate_deps_from_description(
- description: str
- ) -> List[str]:
- """Return additional dependencies based on test case description and REGEX.
- """
- dep_list = []
- for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items():
- if re.search(regex, description):
- dep_list += deps
-
- return dep_list
-
-# A temporary hack: at the time of writing, not all dependency symbols
-# are implemented yet. Skip test cases for which the dependency symbols are
-# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols properly leads to a test
-# failure.
-def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
- return frozenset(symbol
- for line in open(filename)
- for symbol in re.findall(r'\bPSA_WANT_\w+\b', line))
-_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name
-def hack_dependencies_not_implemented(dependencies: List[str]) -> None:
- global _implemented_dependencies #pylint: disable=global-statement,invalid-name
- if _implemented_dependencies is None:
- _implemented_dependencies = \
- read_implemented_dependencies('include/psa/crypto_config.h')
- if not all((dep.lstrip('!') in _implemented_dependencies or
- not dep.lstrip('!').startswith('PSA_WANT'))
- for dep in dependencies):
- dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET')
-
-def tweak_key_pair_dependency(dep: str, usage: str):
- """
- This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- symbols according to the required usage.
- """
- ret_list = list()
- if dep.endswith('KEY_PAIR'):
- if usage == "BASIC":
- # BASIC automatically includes IMPORT and EXPORT for test purposes (see
- # config_psa.h).
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep))
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep))
- elif usage == "GENERATE":
- ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep))
- else:
- # No replacement to do in this case
- ret_list.append(dep)
- return ret_list
-
-def fix_key_pair_dependencies(dep_list: List[str], usage: str):
- new_list = [new_deps
- for dep in dep_list
- for new_deps in tweak_key_pair_dependency(dep, usage)]
-
- return new_list
diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py
deleted file mode 100644
index b1fc377..0000000
--- a/scripts/mbedtls_dev/psa_storage.py
+++ /dev/null
@@ -1,206 +0,0 @@
-"""Knowledge about the PSA key store as implemented in Mbed TLS.
-
-Note that if you need to make a change that affects how keys are
-stored, this may indicate that the key store is changing in a
-backward-incompatible way! Think carefully about backward compatibility
-before changing how test data is constructed or validated.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import re
-import struct
-from typing import Dict, List, Optional, Set, Union
-import unittest
-
-from . import c_build_helper
-from . import build_tree
-
-
-class Expr:
- """Representation of a C expression with a known or knowable numerical value."""
-
- def __init__(self, content: Union[int, str]):
- if isinstance(content, int):
- digits = 8 if content > 0xffff else 4
- self.string = '{0:#0{1}x}'.format(content, digits + 2)
- self.value_if_known = content #type: Optional[int]
- else:
- self.string = content
- self.unknown_values.add(self.normalize(content))
- self.value_if_known = None
-
- value_cache = {} #type: Dict[str, int]
- """Cache of known values of expressions."""
-
- unknown_values = set() #type: Set[str]
- """Expressions whose values are not present in `value_cache` yet."""
-
- def update_cache(self) -> None:
- """Update `value_cache` for expressions registered in `unknown_values`."""
- expressions = sorted(self.unknown_values)
- includes = ['include']
- if build_tree.looks_like_tf_psa_crypto_root('.'):
- includes.append('drivers/builtin/include')
- values = c_build_helper.get_c_expression_values(
- 'unsigned long', '%lu',
- expressions,
- header="""
- #include <psa/crypto.h>
- """,
- include_path=includes) #type: List[str]
- for e, v in zip(expressions, values):
- self.value_cache[e] = int(v, 0)
- self.unknown_values.clear()
-
- @staticmethod
- def normalize(string: str) -> str:
- """Put the given C expression in a canonical form.
-
- This function is only intended to give correct results for the
- relatively simple kind of C expression typically used with this
- module.
- """
- return re.sub(r'\s+', r'', string)
-
- def value(self) -> int:
- """Return the numerical value of the expression."""
- if self.value_if_known is None:
- if re.match(r'([0-9]+|0x[0-9a-f]+)\Z', self.string, re.I):
- return int(self.string, 0)
- normalized = self.normalize(self.string)
- if normalized not in self.value_cache:
- self.update_cache()
- self.value_if_known = self.value_cache[normalized]
- return self.value_if_known
-
-Exprable = Union[str, int, Expr]
-"""Something that can be converted to a C expression with a known numerical value."""
-
-def as_expr(thing: Exprable) -> Expr:
- """Return an `Expr` object for `thing`.
-
- If `thing` is already an `Expr` object, return it. Otherwise build a new
- `Expr` object from `thing`. `thing` can be an integer or a string that
- contains a C expression.
- """
- if isinstance(thing, Expr):
- return thing
- else:
- return Expr(thing)
-
-
-class Key:
- """Representation of a PSA crypto key object and its storage encoding.
- """
-
- LATEST_VERSION = 0
- """The latest version of the storage format."""
-
- def __init__(self, *,
- version: Optional[int] = None,
- id: Optional[int] = None, #pylint: disable=redefined-builtin
- lifetime: Exprable = 'PSA_KEY_LIFETIME_PERSISTENT',
- type: Exprable, #pylint: disable=redefined-builtin
- bits: int,
- usage: Exprable, alg: Exprable, alg2: Exprable,
- material: bytes #pylint: disable=used-before-assignment
- ) -> None:
- self.version = self.LATEST_VERSION if version is None else version
- self.id = id #pylint: disable=invalid-name #type: Optional[int]
- self.lifetime = as_expr(lifetime) #type: Expr
- self.type = as_expr(type) #type: Expr
- self.bits = bits #type: int
- self.usage = as_expr(usage) #type: Expr
- self.alg = as_expr(alg) #type: Expr
- self.alg2 = as_expr(alg2) #type: Expr
- self.material = material #type: bytes
-
- MAGIC = b'PSA\000KEY\000'
-
- @staticmethod
- def pack(
- fmt: str,
- *args: Union[int, Expr]
- ) -> bytes: #pylint: disable=used-before-assignment
- """Pack the given arguments into a byte string according to the given format.
-
- This function is similar to `struct.pack`, but with the following differences:
- * All integer values are encoded with standard sizes and in
- little-endian representation. `fmt` must not include an endianness
- prefix.
- * Arguments can be `Expr` objects instead of integers.
- * Only integer-valued elements are supported.
- """
- return struct.pack('<' + fmt, # little-endian, standard sizes
- *[arg.value() if isinstance(arg, Expr) else arg
- for arg in args])
-
- def bytes(self) -> bytes:
- """Return the representation of the key in storage as a byte array.
-
- This is the content of the PSA storage file. When PSA storage is
- implemented over stdio files, this does not include any wrapping made
- by the PSA-storage-over-stdio-file implementation.
-
- Note that if you need to make a change in this function,
- this may indicate that the key store is changing in a
- backward-incompatible way! Think carefully about backward
- compatibility before making any change here.
- """
- header = self.MAGIC + self.pack('L', self.version)
- if self.version == 0:
- attributes = self.pack('LHHLLL',
- self.lifetime, self.type, self.bits,
- self.usage, self.alg, self.alg2)
- material = self.pack('L', len(self.material)) + self.material
- else:
- raise NotImplementedError
- return header + attributes + material
-
- def hex(self) -> str:
- """Return the representation of the key as a hexadecimal string.
-
- This is the hexadecimal representation of `self.bytes`.
- """
- return self.bytes().hex()
-
- def location_value(self) -> int:
- """The numerical value of the location encoded in the key's lifetime."""
- return self.lifetime.value() >> 8
-
-
-class TestKey(unittest.TestCase):
- # pylint: disable=line-too-long
- """A few smoke tests for the functionality of the `Key` class."""
-
- def test_numerical(self):
- key = Key(version=0,
- id=1, lifetime=0x00000001,
- type=0x2400, bits=128,
- usage=0x00000300, alg=0x05500200, alg2=0x04c01000,
- material=b'@ABCDEFGHIJKLMNO')
- expected_hex = '505341004b45590000000000010000000024800000030000000250050010c00410000000404142434445464748494a4b4c4d4e4f'
- self.assertEqual(key.bytes(), bytes.fromhex(expected_hex))
- self.assertEqual(key.hex(), expected_hex)
-
- def test_names(self):
- length = 0xfff8 // 8 # PSA_MAX_KEY_BITS in bytes
- key = Key(version=0,
- id=1, lifetime='PSA_KEY_LIFETIME_PERSISTENT',
- type='PSA_KEY_TYPE_RAW_DATA', bits=length*8,
- usage=0, alg=0, alg2=0,
- material=b'\x00' * length)
- expected_hex = '505341004b45590000000000010000000110f8ff000000000000000000000000ff1f0000' + '00' * length
- self.assertEqual(key.bytes(), bytes.fromhex(expected_hex))
- self.assertEqual(key.hex(), expected_hex)
-
- def test_defaults(self):
- key = Key(type=0x1001, bits=8,
- usage=0, alg=0, alg2=0,
- material=b'\x2a')
- expected_hex = '505341004b455900000000000100000001100800000000000000000000000000010000002a'
- self.assertEqual(key.bytes(), bytes.fromhex(expected_hex))
- self.assertEqual(key.hex(), expected_hex)
diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
deleted file mode 100644
index 6ed5e84..0000000
--- a/scripts/mbedtls_dev/test_case.py
+++ /dev/null
@@ -1,91 +0,0 @@
-"""Library for constructing an Mbed TLS test case.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import binascii
-import os
-import sys
-from typing import Iterable, List, Optional
-
-from . import typing_util
-
-def hex_string(data: bytes) -> str:
- return '"' + binascii.hexlify(data).decode('ascii') + '"'
-
-
-class MissingDescription(Exception):
- pass
-
-class MissingFunction(Exception):
- pass
-
-class TestCase:
- """An Mbed TLS test case."""
-
- def __init__(self, description: Optional[str] = None):
- self.comments = [] #type: List[str]
- self.description = description #type: Optional[str]
- self.dependencies = [] #type: List[str]
- self.function = None #type: Optional[str]
- self.arguments = [] #type: List[str]
-
- def add_comment(self, *lines: str) -> None:
- self.comments += lines
-
- def set_description(self, description: str) -> None:
- self.description = description
-
- def set_dependencies(self, dependencies: List[str]) -> None:
- self.dependencies = dependencies
-
- def set_function(self, function: str) -> None:
- self.function = function
-
- def set_arguments(self, arguments: List[str]) -> None:
- self.arguments = arguments
-
- def check_completeness(self) -> None:
- if self.description is None:
- raise MissingDescription
- if self.function is None:
- raise MissingFunction
-
- def write(self, out: typing_util.Writable) -> None:
- """Write the .data file paragraph for this test case.
-
- The output starts and ends with a single newline character. If the
- surrounding code writes lines (consisting of non-newline characters
- and a final newline), you will end up with a blank line before, but
- not after the test case.
- """
- self.check_completeness()
- assert self.description is not None # guide mypy
- assert self.function is not None # guide mypy
- out.write('\n')
- for line in self.comments:
- out.write('# ' + line + '\n')
- out.write(self.description + '\n')
- if self.dependencies:
- out.write('depends_on:' + ':'.join(self.dependencies) + '\n')
- out.write(self.function + ':' + ':'.join(self.arguments) + '\n')
-
-def write_data_file(filename: str,
- test_cases: Iterable[TestCase],
- caller: Optional[str] = None) -> None:
- """Write the test cases to the specified file.
-
- If the file already exists, it is overwritten.
- """
- if caller is None:
- caller = os.path.basename(sys.argv[0])
- tempfile = filename + '.new'
- with open(tempfile, 'w') as out:
- out.write('# Automatically generated by {}. Do not edit!\n'
- .format(caller))
- for tc in test_cases:
- tc.write(out)
- out.write('\n# End of automatically generated file.\n')
- os.replace(tempfile, filename)
diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py
deleted file mode 100644
index a84f7dd..0000000
--- a/scripts/mbedtls_dev/test_data_generation.py
+++ /dev/null
@@ -1,224 +0,0 @@
-"""Common code for test data generation.
-
-This module defines classes that are of general use to automatically
-generate .data files for unit tests, as well as a main function.
-
-These are used both by generate_psa_tests.py and generate_bignum_tests.py.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-import argparse
-import os
-import posixpath
-import re
-import inspect
-
-from abc import ABCMeta, abstractmethod
-from typing import Callable, Dict, Iterable, Iterator, List, Type, TypeVar
-
-from . import build_tree
-from . import test_case
-
-T = TypeVar('T') #pylint: disable=invalid-name
-
-
-class BaseTest(metaclass=ABCMeta):
- """Base class for test case generation.
-
- Attributes:
- count: Counter for test cases from this class.
- case_description: Short description of the test case. This may be
- automatically generated using the class, or manually set.
- dependencies: A list of dependencies required for the test case.
- show_test_count: Toggle for inclusion of `count` in the test description.
- test_function: Test function which the class generates cases for.
- test_name: A common name or description of the test function. This can
- be `test_function`, a clearer equivalent, or a short summary of the
- test function's purpose.
- """
- count = 0
- case_description = ""
- dependencies = [] # type: List[str]
- show_test_count = True
- test_function = ""
- test_name = ""
-
- def __new__(cls, *args, **kwargs):
- # pylint: disable=unused-argument
- cls.count += 1
- return super().__new__(cls)
-
- @abstractmethod
- def arguments(self) -> List[str]:
- """Get the list of arguments for the test case.
-
- Override this method to provide the list of arguments required for
- the `test_function`.
-
- Returns:
- List of arguments required for the test function.
- """
- raise NotImplementedError
-
- def description(self) -> str:
- """Create a test case description.
-
- Creates a description of the test case, including a name for the test
- function, an optional case count, and a description of the specific
- test case. This should inform a reader what is being tested, and
- provide context for the test case.
-
- Returns:
- Description for the test case.
- """
- if self.show_test_count:
- return "{} #{} {}".format(
- self.test_name, self.count, self.case_description
- ).strip()
- else:
- return "{} {}".format(self.test_name, self.case_description).strip()
-
-
- def create_test_case(self) -> test_case.TestCase:
- """Generate TestCase from the instance."""
- tc = test_case.TestCase()
- tc.set_description(self.description())
- tc.set_function(self.test_function)
- tc.set_arguments(self.arguments())
- tc.set_dependencies(self.dependencies)
-
- return tc
-
- @classmethod
- @abstractmethod
- def generate_function_tests(cls) -> Iterator[test_case.TestCase]:
- """Generate test cases for the class test function.
-
- This will be called in classes where `test_function` is set.
- Implementations should yield TestCase objects, by creating instances
- of the class with appropriate input data, and then calling
- `create_test_case()` on each.
- """
- raise NotImplementedError
-
-
-class BaseTarget:
- #pylint: disable=too-few-public-methods
- """Base target for test case generation.
-
- Child classes of this class represent an output file, and can be referred
- to as file targets. These indicate where test cases will be written to for
- all subclasses of the file target, which is set by `target_basename`.
-
- Attributes:
- target_basename: Basename of file to write generated tests to. This
- should be specified in a child class of BaseTarget.
- """
- target_basename = ""
-
- @classmethod
- def generate_tests(cls) -> Iterator[test_case.TestCase]:
- """Generate test cases for the class and its subclasses.
-
- In classes with `test_function` set, `generate_function_tests()` is
- called to generate test cases first.
-
- In all classes, this method will iterate over its subclasses, and
- yield from `generate_tests()` in each. Calling this method on a class X
- will yield test cases from all classes derived from X.
- """
- if issubclass(cls, BaseTest) and not inspect.isabstract(cls):
- #pylint: disable=no-member
- yield from cls.generate_function_tests()
- for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__):
- yield from subclass.generate_tests()
-
-
-class TestGenerator:
- """Generate test cases and write to data files."""
- def __init__(self, options) -> None:
- self.test_suite_directory = options.directory
- # Update `targets` with an entry for each child class of BaseTarget.
- # Each entry represents a file generated by the BaseTarget framework,
- # and enables generating the .data files using the CLI.
- self.targets.update({
- subclass.target_basename: subclass.generate_tests
- for subclass in BaseTarget.__subclasses__()
- if subclass.target_basename
- })
-
- def filename_for(self, basename: str) -> str:
- """The location of the data file with the specified base name."""
- return posixpath.join(self.test_suite_directory, basename + '.data')
-
- def write_test_data_file(self, basename: str,
- test_cases: Iterable[test_case.TestCase]) -> None:
- """Write the test cases to a .data file.
-
- The output file is ``basename + '.data'`` in the test suite directory.
- """
- filename = self.filename_for(basename)
- test_case.write_data_file(filename, test_cases)
-
- # Note that targets whose names contain 'test_format' have their content
- # validated by `abi_check.py`.
- targets = {} # type: Dict[str, Callable[..., Iterable[test_case.TestCase]]]
-
- def generate_target(self, name: str, *target_args) -> None:
- """Generate cases and write to data file for a target.
-
- For target callables which require arguments, override this function
- and pass these arguments using super() (see PSATestGenerator).
- """
- test_cases = self.targets[name](*target_args)
- self.write_test_data_file(name, test_cases)
-
-def main(args, description: str, generator_class: Type[TestGenerator] = TestGenerator):
- """Command line entry point."""
- parser = argparse.ArgumentParser(description=description)
- parser.add_argument('--list', action='store_true',
- help='List available targets and exit')
- parser.add_argument('--list-for-cmake', action='store_true',
- help='Print \';\'-separated list of available targets and exit')
- # If specified explicitly, this option may be a path relative to the
- # current directory when the script is invoked. The default value
- # is relative to the mbedtls root, which we don't know yet. So we
- # can't set a string as the default value here.
- parser.add_argument('--directory', metavar='DIR',
- help='Output directory (default: tests/suites)')
- parser.add_argument('targets', nargs='*', metavar='TARGET',
- help='Target file to generate (default: all; "-": none)')
- options = parser.parse_args(args)
-
- # Change to the mbedtls root, to keep things simple. But first, adjust
- # command line options that might be relative paths.
- if options.directory is None:
- options.directory = 'tests/suites'
- else:
- options.directory = os.path.abspath(options.directory)
- build_tree.chdir_to_root()
-
- generator = generator_class(options)
- if options.list:
- for name in sorted(generator.targets):
- print(generator.filename_for(name))
- return
- # List in a cmake list format (i.e. ';'-separated)
- if options.list_for_cmake:
- print(';'.join(generator.filename_for(name)
- for name in sorted(generator.targets)), end='')
- return
- if options.targets:
- # Allow "-" as a special case so you can run
- # ``generate_xxx_tests.py - $targets`` and it works uniformly whether
- # ``$targets`` is empty or not.
- options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target))
- for target in options.targets
- if target != '-']
- else:
- options.targets = sorted(generator.targets)
- for target in options.targets:
- generator.generate_target(target)
diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py
deleted file mode 100644
index 2ec448d..0000000
--- a/scripts/mbedtls_dev/typing_util.py
+++ /dev/null
@@ -1,28 +0,0 @@
-"""Auxiliary definitions used in type annotations.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-from typing import Any
-
-# The typing_extensions module is necessary for type annotations that are
-# checked with mypy. It is only used for type annotations or to define
-# things that are themselves only used for type annotations. It is not
-# available on a default Python installation. Therefore, try loading
-# what we need from it for the sake of mypy (which depends on, or comes
-# with, typing_extensions), and if not define substitutes that lack the
-# static type information but are good enough at runtime.
-try:
- from typing_extensions import Protocol #pylint: disable=import-error
-except ImportError:
- class Protocol: #type: ignore
- #pylint: disable=too-few-public-methods
- pass
-
-class Writable(Protocol):
- """Abstract class for typing hints."""
- # pylint: disable=no-self-use,too-few-public-methods,unused-argument
- def write(self, text: str) -> Any:
- ...
diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py
index 9888abe..b36f906 100755
--- a/scripts/min_requirements.py
+++ b/scripts/min_requirements.py
@@ -14,7 +14,9 @@
import typing
from typing import List, Optional
-from mbedtls_dev import typing_util
+
+import framework_scripts_path # pylint: disable=unused-import
+from mbedtls_framework import typing_util
def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations(
_list: List[typing.Any],
diff --git a/tests/.gitignore b/tests/.gitignore
index 973ebb5..870fa79 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -3,22 +3,26 @@
*.log
/test_suite*
-data_files/mpi_write
-data_files/hmac_drbg_seed
-data_files/ctr_drbg_seed
-data_files/entropy_seed
+/data_files/mpi_write
+/data_files/hmac_drbg_seed
+/data_files/ctr_drbg_seed
+/data_files/entropy_seed
-include/alt-extra/psa/crypto_platform_alt.h
-include/alt-extra/psa/crypto_struct_alt.h
-include/test/instrument_record_status.h
+/include/alt-extra/psa/crypto_platform_alt.h
+/include/alt-extra/psa/crypto_struct_alt.h
+/include/test/instrument_record_status.h
-src/libmbed*
+/src/libmbed*
-libtestdriver1/*
+/libtestdriver1/*
###START_GENERATED_FILES###
# Generated source files
/suites/*.generated.data
+/suites/test_suite_config.mbedtls_boolean.data
+/suites/test_suite_config.psa_boolean.data
/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data
/suites/test_suite_psa_crypto_storage_format.current.data
+/src/test_keys.h
+/src/test_certs.h
###END_GENERATED_FILES###
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 589643a..213578d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -21,7 +21,7 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -33,7 +33,19 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ --list-for-cmake
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ OUTPUT_VARIABLE
+ base_config_generated_data_files)
+string(REGEX REPLACE "[^;]*/" ""
+ base_config_generated_data_files "${base_config_generated_data_files}")
+
+execute_process(
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -45,7 +57,7 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py
--list-for-cmake
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -61,11 +73,15 @@
string(REGEX REPLACE "([^;]+)" "suites/\\1"
all_generated_data_files "${base_generated_data_files}")
set(bignum_generated_data_files "")
+set(config_generated_data_files "")
set(ecp_generated_data_files "")
set(psa_generated_data_files "")
foreach(file ${base_bignum_generated_data_files})
list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
+foreach(file ${base_config_generated_data_files})
+ list(APPEND config_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
+endforeach()
foreach(file ${base_ecp_generated_data_files})
list(APPEND ecp_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
@@ -81,16 +97,31 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_core.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod_raw.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_core.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_mod_raw.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_mod.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py
+ )
+ add_custom_command(
+ OUTPUT
+ ${config_generated_data_files}
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ # Do not declare the configuration files as dependencies: they
+ # change too often in ways that don't affect the result
+ # ((un)commenting some options).
)
add_custom_command(
OUTPUT
@@ -99,14 +130,14 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/ecp.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/ecp.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py
)
add_custom_command(
OUTPUT
@@ -115,20 +146,20 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_data_tests.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_information.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
- ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
- ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_data_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_knowledge.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/macro_collector.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/psa_information.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/psa_storage.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_values.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_extra.h
)
else()
@@ -142,6 +173,7 @@
# With this line, only 4 sub-makefiles include the above command, that reduces
# the risk of a race.
add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files})
+add_custom_target(test_suite_config_generated_data DEPENDS ${config_generated_data_files})
add_custom_target(test_suite_ecp_generated_data DEPENDS ${ecp_generated_data_files})
add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files})
# If SKIP_TEST_SUITES is not defined with -D, get it from the environment.
@@ -199,6 +231,10 @@
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
set(dependency test_suite_bignum_generated_data)
+ elseif(";${config_generated_data_names};" MATCHES ";${data_name};")
+ set(data_file
+ ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data)
elseif(";${ecp_generated_data_names};" MATCHES ";${data_name};")
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
@@ -210,7 +246,11 @@
else()
set(data_file
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data)
- set(dependency test_suite_bignum_generated_data test_suite_ecp_generated_data test_suite_psa_generated_data)
+ set(dependency
+ test_suite_bignum_generated_data
+ test_suite_config_generated_data
+ test_suite_ecp_generated_data
+ test_suite_psa_generated_data)
endif()
add_custom_command(
@@ -220,7 +260,7 @@
test_suite_${data_name}.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py
-f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
-d ${data_file}
-t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
@@ -229,7 +269,7 @@
--helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
-o .
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function
${data_file}
${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
diff --git a/tests/Makefile b/tests/Makefile
index c2a0b84..21ddf13 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -7,6 +7,7 @@
# Also include library headers, for the sake of invasive tests.
LOCAL_CFLAGS += -I../library
+
# Enable definition of various functions used throughout the testsuite
# (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless
# on non-POSIX platforms.
@@ -16,29 +17,46 @@
LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG
endif
-.PHONY: generated_files
GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
- $(PYTHON) scripts/generate_bignum_tests.py --list || \
+ $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
-$(error "$(PYTHON) scripts/generate_bignum_tests.py --list" failed)
+$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed)
endif
+GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
+
+GENERATED_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
+ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \
+ echo FAILED \
+))
+ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED)
+$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed)
+endif
+GENERATED_DATA_FILES += $(GENERATED_CONFIG_DATA_FILES)
+
GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \
- $(PYTHON) scripts/generate_ecp_tests.py --list || \
+ $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_ECP_DATA_FILES),FAILED)
-$(error "$(PYTHON) scripts/generate_ecp_tests.py --list" failed)
+$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed)
endif
+GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES)
+
GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \
- $(PYTHON) scripts/generate_psa_tests.py --list || \
+ $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \
echo FAILED \
))
ifeq ($(GENERATED_PSA_DATA_FILES),FAILED)
-$(error "$(PYTHON) scripts/generate_psa_tests.py --list" failed)
+$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed)
endif
-GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_ECP_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES)
+GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
+
+GENERATED_FILES = $(GENERATED_DATA_FILES)
+GENERATED_FILES += src/test_keys.h src/test_certs.h
+
+.PHONY: generated_files
generated_files: $(GENERATED_FILES)
# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
@@ -47,50 +65,68 @@
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
-.SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data
$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
-generated_bignum_test_data: scripts/generate_bignum_tests.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod_raw.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py
-generated_bignum_test_data: ../scripts/mbedtls_dev/test_data_generation.py
+generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py
+generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_bignum_test_data:
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
- $(PYTHON) scripts/generate_bignum_tests.py
+ $(PYTHON) ../framework/scripts/generate_bignum_tests.py
+.SECONDARY: generated_bignum_test_data
+
+# We deliberately omit the configuration files (mbedtls_config.h,
+# crypto_config.h) from the depenency list because during development
+# and on the CI, we often edit those in a way that doesn't change the
+# output, to comment out certain options, or even to remove certain
+# lines which do affect the output negatively (it will miss the
+# corresponding test cases).
+$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data
+generated_config_test_data: ../framework/scripts/generate_config_tests.py
+generated_config_test_data: ../scripts/config.py
+generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py
+generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
+generated_config_test_data:
+ echo " Gen $(GENERATED_CONFIG_DATA_FILES)"
+ $(PYTHON) ../framework/scripts/generate_config_tests.py
+.SECONDARY: generated_config_test_data
$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
-generated_ecp_test_data: scripts/generate_ecp_tests.py
-generated_ecp_test_data: ../scripts/mbedtls_dev/bignum_common.py
-generated_ecp_test_data: ../scripts/mbedtls_dev/ecp.py
-generated_ecp_test_data: ../scripts/mbedtls_dev/test_case.py
-generated_ecp_test_data: ../scripts/mbedtls_dev/test_data_generation.py
+generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py
+generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
+generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py
+generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py
+generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
generated_ecp_test_data:
echo " Gen $(GENERATED_ECP_DATA_FILES)"
- $(PYTHON) scripts/generate_ecp_tests.py
+ $(PYTHON) ../framework/scripts/generate_ecp_tests.py
+.SECONDARY: generated_ecp_test_data
$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
-generated_psa_test_data: scripts/generate_psa_tests.py
-generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py
-generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
-generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
-generated_psa_test_data: ../scripts/mbedtls_dev/psa_information.py
-generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
-generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
-generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py
+generated_psa_test_data: ../framework/scripts/generate_psa_tests.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py
+generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
## crypto_config.h as a dependency. Remove this file from your working tree
## if you've just added or removed an option in crypto_config.h.
-#generated_psa_test_data: ../include/psa/crypto_config.h
-generated_psa_test_data: ../include/psa/crypto_values.h
-generated_psa_test_data: ../include/psa/crypto_extra.h
+#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h
+generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h
+generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h
generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data
generated_psa_test_data:
echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
- $(PYTHON) scripts/generate_psa_tests.py
+ $(PYTHON) ../framework/scripts/generate_psa_tests.py
+.SECONDARY: generated_psa_test_data
# A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be
@@ -98,7 +134,7 @@
DATA_FILES := $(wildcard suites/test_suite_*.data)
# Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed.
-DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_FILES))
+DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES))
APPS = $(basename $(subst suites/,,$(DATA_FILES)))
# Construct executable name by adding OS specific suffix $(EXEXT).
@@ -112,6 +148,13 @@
mbedtls_test: $(MBEDTLS_TEST_OBJS)
+src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
+ $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
+ $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
+
+src/test_keys.h: ../framework/scripts/generate_test_keys.py
+ $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
+
TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h)
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
# Explicitly depend on this header because on a clean copy of the source tree,
@@ -119,6 +162,7 @@
# therefore the wildcard enumeration above doesn't include it.
TEST_OBJS_DEPS += include/test/instrument_record_status.h
endif
+TEST_OBJS_DEPS += src/test_certs.h src/test_keys.h
# Rule to compile common test C files in src folder
src/%.o : src/%.c $(TEST_OBJS_DEPS)
@@ -151,9 +195,9 @@
# dot in .c file's base name.
#
.SECONDEXPANSION:
-%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
+%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function
echo " Gen $@"
- $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
+ $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
-d suites/$*.data \
-t suites/main_test.function \
-p suites/host_test.function \
@@ -168,11 +212,14 @@
clean:
ifndef WINDOWS
+ $(MAKE) -C psa-client-server/psasim clean
rm -rf $(BINARIES) *.c *.datax
- rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed*
+ rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h
+ rm -f src/test_keys.h src/test_certs.h
rm -f include/test/instrument_record_status.h
rm -f include/alt-extra/*/*_alt.h
rm -rf libtestdriver1
+ rm -rf libpsaclient libpsaserver
rm -f ../library/libtestdriver1.a
else
if exist *.c del /Q /F *.c
@@ -180,6 +227,8 @@
if exist *.datax del /Q /F *.datax
if exist src/*.o del /Q /F src/*.o
if exist src/drivers/*.o del /Q /F src/drivers/*.o
+ if exist src/test_keys.h del /Q /F src/test_keys.h
+ if exist src/test_certs.h del /Q /F src/test_cers.h
if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o
if exist src/libmbed* del /Q /F src/libmed*
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
@@ -194,6 +243,10 @@
# Generate variants of some headers for testing
include/alt-extra/%_alt.h: ../include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
+include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h
+ perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
+include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h
+ perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
# Generate test library
@@ -202,7 +255,14 @@
# library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx
# symbols.
define libtestdriver1_rewrite :=
- s!^(\s*#\s*include\s*[\"<])(mbedtls|psa)/!$${1}libtestdriver1/include/$${2}/!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_legacy_crypto.h!$${1}libtestdriver1/include/mbedtls/config_adjust_legacy_crypto.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \
+ s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \
+ s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \
next if /^\s*#\s*include/; \
s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \
s/\b(?=mbedtls_|psa_)/libtestdriver1_/g;
@@ -215,6 +275,7 @@
mkdir ./libtestdriver1
cp -Rf ../library ./libtestdriver1
cp -Rf ../include ./libtestdriver1
+ cp -Rf ../tf-psa-crypto ./libtestdriver1
cp -Rf ../scripts ./libtestdriver1
mkdir ./libtestdriver1/3rdparty
touch ./libtestdriver1/3rdparty/Makefile.inc
@@ -227,22 +288,24 @@
# library the test library is intended to be linked with extended by
# ./include/test/drivers/crypto_config_test_driver_extension.h to
# mirror the PSA_ACCEL_* macros.
- mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak
- head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h
- cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h
- echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h
+ mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak
+ head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
+ cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
+ echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
# Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as
# mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash
# when this test driver library is linked with the Mbed TLS library.
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch]
perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h
+ perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h
+ perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h
$(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
-include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
+include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile
echo " Gen $@"
- sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
+ sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif
diff --git a/tests/compat.sh b/tests/compat.sh
index d7a91b4..073258e 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -96,6 +96,7 @@
EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305'
VERBOSE=""
MEMCHECK=0
+MIN_TESTS=1
PRESERVE_LOGS=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -116,6 +117,7 @@
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
printf " --list-test-cases\tList all potential test cases (No Execution)\n"
+ printf " --min \tMinimum number of non-skipped tests (default 1)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --preserve-logs\tPreserve logs of successful tests as well\n"
@@ -190,6 +192,9 @@
list_test_cases
exit $?
;;
+ --min)
+ shift; MIN_TESTS=$1
+ ;;
--outcome-file)
shift; MBEDTLS_TEST_OUTCOME_FILE=$1
;;
@@ -588,7 +593,18 @@
# o_check_ciphersuite STANDARD_CIPHER_SUITE
o_check_ciphersuite()
{
- if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
+ # skip DTLS when lack of support was declared
+ if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
+ SKIP_NEXT_="YES"
+ fi
+
+ # skip DTLS 1.2 is support was not detected
+ if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then
+ SKIP_NEXT="YES"
+ fi
+
+ # skip static ECDH when OpenSSL doesn't support it
+ if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then
case "$1" in
*ECDH_*) SKIP_NEXT="YES"
esac
@@ -665,10 +681,25 @@
esac
case $($OPENSSL ciphers ALL) in
- *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
- *) O_SUPPORT_ECDH="NO";;
+ *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";;
+ *) O_SUPPORT_STATIC_ECDH="NO";;
esac
+ case $($OPENSSL ciphers ALL) in
+ *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";;
+ *) O_SUPPORT_SINGLE_DES="NO";;
+ esac
+
+ # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
+ # supports -dtls1_2 from the s_server help. (The s_client
+ # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
+ # but doesn't list it. But the s_server help seems to be
+ # accurate.)
+ O_SUPPORT_DTLS12="NO"
+ if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then
+ O_SUPPORT_DTLS12="YES"
+ fi
+
if [ "X$VERIFY" = "XYES" ];
then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@@ -1109,19 +1140,6 @@
[Oo]pen*)
- if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then
- continue;
- fi
-
- # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL
- # supports $O_MODE from the s_server help. (The s_client
- # help isn't accurate as of 1.0.2g: it supports DTLS 1.2
- # but doesn't list it. But the s_server help seems to be
- # accurate.)
- if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
- continue;
- fi
-
reset_ciphersuites
add_common_ciphersuites
add_openssl_ciphersuites
@@ -1225,6 +1243,16 @@
PASSED=$(( $TESTS - $FAILED ))
echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
+if [ $((TESTS - SKIPPED)) -lt $MIN_TESTS ]; then
+ cat <<EOF
+Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPPED)).
+Maybe a bad filter ('$FILTER' excluding '$EXCLUDE') or a bad configuration?
+EOF
+ if [ $FAILED -eq 0 ]; then
+ FAILED=1
+ fi
+fi
+
FAILED=$(( $FAILED + $SRVMEM ))
if [ $FAILED -gt 255 ]; then
# Clamp at 255 as caller gets exit code & 0xFF
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 639496b..f40f838 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -37,24 +37,61 @@
#endif
/* Use the accelerator driver for all cryptographic mechanisms for which
- * the test driver implemented. */
+ * the test driver is implemented. This is copied from psa/crypto_config.h
+ * with the parts not implemented by the test driver commented out. */
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
+//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
+
#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
-#define MBEDTLS_PSA_ACCEL_ALG_CTR
+#define MBEDTLS_PSA_ACCEL_ALG_CCM
+#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
+#define MBEDTLS_PSA_ACCEL_ALG_CMAC
#define MBEDTLS_PSA_ACCEL_ALG_CFB
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
+#define MBEDTLS_PSA_ACCEL_ALG_CTR
#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
+#define MBEDTLS_PSA_ACCEL_ALG_ECDH
+#define MBEDTLS_PSA_ACCEL_ALG_FFDH
+#define MBEDTLS_PSA_ACCEL_ALG_ECDSA
+#define MBEDTLS_PSA_ACCEL_ALG_JPAKE
+#define MBEDTLS_PSA_ACCEL_ALG_GCM
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
+//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
+#define MBEDTLS_PSA_ACCEL_ALG_HMAC
#define MBEDTLS_PSA_ACCEL_ALG_MD5
#define MBEDTLS_PSA_ACCEL_ALG_OFB
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC
+//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128
#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
+#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
#define MBEDTLS_PSA_ACCEL_ALG_SHA_1
@@ -62,9 +99,14 @@
#define MBEDTLS_PSA_ACCEL_ALG_SHA_256
#define MBEDTLS_PSA_ACCEL_ALG_SHA_384
#define MBEDTLS_PSA_ACCEL_ALG_SHA_512
-#define MBEDTLS_PSA_ACCEL_ALG_XTS
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384
+#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512
+#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
+//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index d6df19c..6dae31d 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -706,17 +706,43 @@
### Password used for PKCS8-encoded encrypted RSA keys
keys_rsa_pkcs8_pwd = PolarSSLTest
-### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
+### Basic unencrypted RSA keys from which
### all other encrypted RSA keys are derived.
+keys_rsa_base =
+### TODO: the commands require OpenSSL 1.x to work as desired. With
+### OpenSSL 3.x, they produce pkcs8 files.
+rsa_pkcs1_768_clear.pem:
+ $(OPENSSL) genrsa -out $@ 768
+keys_rsa_base += rsa_pkcs1_768_clear.pem
+rsa_pkcs1_769_clear.pem:
+ $(OPENSSL) genrsa -out $@ 769
+keys_rsa_base += rsa_pkcs1_769_clear.pem
+rsa_pkcs1_770_clear.pem:
+ $(OPENSSL) genrsa -out $@ 770
+keys_rsa_base += rsa_pkcs1_770_clear.pem
+rsa_pkcs1_776_clear.pem:
+ $(OPENSSL) genrsa -out $@ 776
+keys_rsa_base += rsa_pkcs1_776_clear.pem
+rsa_pkcs1_784_clear.pem:
+ $(OPENSSL) genrsa -out $@ 784
+keys_rsa_base += rsa_pkcs1_784_clear.pem
rsa_pkcs1_1024_clear.pem:
$(OPENSSL) genrsa -out $@ 1024
-all_final += rsa_pkcs1_1024_clear.pem
+keys_rsa_base += rsa_pkcs1_1024_clear.pem
rsa_pkcs1_2048_clear.pem:
$(OPENSSL) genrsa -out $@ 2048
-all_final += rsa_pkcs1_2048_clear.pem
+keys_rsa_base += rsa_pkcs1_2048_clear.pem
rsa_pkcs1_4096_clear.pem:
$(OPENSSL) genrsa -out $@ 4096
-all_final += rsa_pkcs1_4096_clear.pem
+keys_rsa_base += rsa_pkcs1_4096_clear.pem
+
+all_final += $(keys_rsa_base)
+
+### PKCS1-encoded, plaintext RSA keys in derived forms
+
+rsa_pkcs1_%.der: rsa_pkcs1_%.pem
+ $(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@
+all_final += $(keys_rsa_base:.pem=.der)
###
### PKCS1-encoded, encrypted RSA keys
@@ -1170,8 +1196,8 @@
### Rules to generate all RSA keys from a particular class
###
-### Generate basic unencrypted RSA keys
-keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
+### Generate cleartext RSA keys in derived formats
+keys_rsa_cleartext: $(keys_rsa_base) $(keys_rsa_base:.pem=.der)
### Generate PKCS1-encoded encrypted RSA keys
keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
@@ -1183,7 +1209,8 @@
keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512
### Generate all RSA keys
-keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
+keys_rsa_all: keys_rsa_base keys_rsa_cleartext
+keys_rsa_all: keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
################################################################
#### Generate various EC keys
@@ -1765,6 +1792,22 @@
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
+server2-sha256.ku-ka.crt: SERVER2_CRT_SERIAL=22
+server2-sha256.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
+server2-sha256.ku-ke.crt: SERVER2_CRT_SERIAL=23
+server2-sha256.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
+server2-sha256.ku-ds.crt: SERVER2_CRT_SERIAL=24
+server2-sha256.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
+server2-sha256.ku-ds_ke.crt: SERVER2_CRT_SERIAL=28
+server2-sha256.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
+server2-sha256.ku-%.crt: server2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ key_usage="$(SERVER2_KEY_USAGE)" \
+ not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
+all_final += server2-sha256.ku-ka.crt server2-sha256.ku-ke.crt server2-sha256.ku-ds.crt server2-sha256.ku-ds_ke.crt
+
+all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
@@ -2076,72 +2119,6 @@
cat $^ > $@
################################################################
-#### Generate C format test certs header
-################################################################
-
-TEST_CERTS_H_INPUT_FILES=test-ca2.crt \
- test-ca2.crt.der \
- test-ca2.key.enc \
- test-ca2.key.der \
- test-ca-sha256.crt \
- test-ca-sha256.crt.der \
- test-ca-sha1.crt \
- test-ca-sha1.crt.der \
- test-ca.key \
- test-ca.key.der \
- server5.crt \
- server5.crt.der \
- server5.key \
- server5.key.der \
- server2-sha256.crt \
- server2-sha256.crt.der \
- server2.crt \
- server2.crt.der \
- server2.key \
- server2.key.der \
- cli2.crt \
- cli2.crt.der \
- cli2.key \
- cli2.key.der \
- cli-rsa-sha256.crt \
- cli-rsa-sha256.crt.der \
- cli-rsa.key \
- cli-rsa.key.der
-../src/test_certs.h: ../scripts/generate_test_cert_macros.py \
- $(TEST_CERTS_H_INPUT_FILES)
- ../scripts/generate_test_cert_macros.py --output $@ \
- --string TEST_CA_CRT_EC_PEM=test-ca2.crt \
- --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \
- --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \
- --password TEST_CA_PWD_EC_PEM=PolarSSLTest \
- --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \
- --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \
- --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \
- --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \
- --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \
- --string TEST_CA_KEY_RSA_PEM=test-ca.key \
- --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \
- --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \
- --string TEST_SRV_CRT_EC_PEM=server5.crt \
- --binary TEST_SRV_CRT_EC_DER=server5.crt.der \
- --string TEST_SRV_KEY_EC_PEM=server5.key \
- --binary TEST_SRV_KEY_EC_DER=server5.key.der \
- --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \
- --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \
- --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \
- --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \
- --string TEST_SRV_KEY_RSA_PEM=server2.key \
- --binary TEST_SRV_KEY_RSA_DER=server2.key.der \
- --string TEST_CLI_CRT_EC_PEM=cli2.crt \
- --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \
- --string TEST_CLI_KEY_EC_PEM=cli2.key \
- --binary TEST_CLI_KEY_EC_DER=cli2.key.der \
- --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \
- --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \
- --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \
- --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der
-
-################################################################
#### Diffie-Hellman parameters
################################################################
@@ -2161,7 +2138,7 @@
.PHONY: default all_final all
.PHONY: keys_rsa_all
-.PHONY: keys_rsa_unenc keys_rsa_enc_basic
+.PHONY: keys_rsa_enc_basic
.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der
new file mode 100644
index 0000000..cec2c30
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_1024_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der
new file mode 100644
index 0000000..667051b
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_2048_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_4096_clear.der b/tests/data_files/rsa_pkcs1_4096_clear.der
new file mode 100644
index 0000000..9dc971e
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_4096_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_768_clear.der b/tests/data_files/rsa_pkcs1_768_clear.der
new file mode 100644
index 0000000..a80b891
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_768_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_768_clear.pem b/tests/data_files/rsa_pkcs1_768_clear.pem
new file mode 100644
index 0000000..33140c3
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_768_clear.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBywIBAAJhANmJY6FPDF0oqQEJCSrTx+ezfCU8qB6NwF2SqrphhhRFCYaMiKeg
+bRVB4pCxjGrDM2iuwlMy2QqJo4TST4MgMbK44fG7fHip+IhD/lJAfSsL56ZKz3T9
+tlog4VFGynJL1wIDAQABAmEAjB02Etw7dnWOBaCwSumFxPOSbtmW37clxB+H3+yY
+081zyToTewSVvi9loxT5AHshHYt2P+c6ylbUUEV6ZhC3mDqYMcuQmX5pJ2MhaK4T
+cCihi9eBhROPzudJ27Jx84wBAjEA9CKkG30d9+PgbUp+KnMxZuavEG4U45EDEUOG
+5+MRgSnRlPz8JsiY+Q6ReeBaEZiBAjEA5BvToGaPFSkbFT1HiV4zEEDQoXrNUO/l
+vAP6p7fCLh2nnaIRIwuHwxTUhG8pe3hXAjEAzKJAtj3gockjc9ht+n0F2r/f28C5
+x6nkTVMxwCsHoCGCaATKAmRAPPrmG6dfN8KBAjAcwNkzPdpJW44bZkcPLL2ZDeJ+
+iGE7E5JM2d+Npp8mevx25Uftt/VcBNMpAm4jLy8CMHCcVdhdVFydsL8DSYRnWD8x
+1tn1npbAeyiMHBxyhDF9EP1me7rEHvJ4Wl61HSXQNA==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_769_clear.der b/tests/data_files/rsa_pkcs1_769_clear.der
new file mode 100644
index 0000000..c4bfe6c
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_769_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_769_clear.pem b/tests/data_files/rsa_pkcs1_769_clear.pem
new file mode 100644
index 0000000..25e12bd
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_769_clear.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBzAIBAAJhAbUzqda7ne4UGzC60NkNAXxewl/l7X5W1scvWQVKbshsSQoHcOPj
+12RmuuA2sR6MzTNxBxsb52HNbrlqZYN5L07uanwM2bio5xl1SFXN2p3hzE2EHlM1
+nBq0sSXbX4Ua+QIDAQABAmEA1RgMVPx3Wp50LkkwGErtiXgKV4GTQzwCTW13f0ur
+OYcGBpxf2sOnrWkg9r3RkKlg25cI5IVMb8HhHtmwqGxbmF08zu5e4Jb3zaR59lTs
+uOEhVudWBtSRsid6qZug0Pt9AjEBvN2EO7Vn0xMQPphOwMR7htVzxxsADRBHmS+1
+pppCFLOpwqVDObcnl3pVw2wGd3PTAjEA+5cKqX6tfKUwNR88/urAGg+T3YsqNs4t
+5t5HuGs7AsYj0xDTTvHEsIwaovCEwBKDAjBSTDiWQyz941zx94M6Lh8cBojwoJIV
+2JkmQak9NPRcmBAjricNmlB8uWj8ShO4LXkCMQDj0c0c2JIeibLSl7vzFf3oW2zJ
+M6iBQkh8g5GsZKVmCKgOC3FdTj6Oo//GxkdfaiMCMQGsQWYVeZ43Eqn+ZYSeX7Sz
+Fol0BMyjvKXTpCznqk9+c1T86c9Cw2Rd/7NLJmPmGR4=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_770_clear.der b/tests/data_files/rsa_pkcs1_770_clear.der
new file mode 100644
index 0000000..89e140f
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_770_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_770_clear.pem b/tests/data_files/rsa_pkcs1_770_clear.pem
new file mode 100644
index 0000000..0a707a8
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_770_clear.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBzQIBAAJhA0tr23/I4PgNNhnJdvdVGlg2hiAKKWD7kYcXGEZgPqTyY1rVND8q
+oqI7n9IJiC4A0l+N7lZceGVotMj/dPY1DTMWT01NsEJXh47lQJNdHhpJysZyodmF
++N71sstc2iynMQIDAQABAmEBGOm/nfwGEhg0YLpdSVuq/p6KZbl8trSTb+8dQrNj
+qgShWuuQD0ngCTDatlY+aTQTp82hyjT7+EtGfxzofA8pWHSV1uvuJVWamKy8AtV1
+YXo5lREZyjTgdJzuKjwIx00BAjEB4XPP3C/etfJzmCcCYoK+TYjSCdYdIbVIZZTR
+8xgarUBu2KzedKfcdR0H8yklRpxpAjEBwHe8tsyXpzbX8E0fe+qKGrp/hWeosThd
+3LbhYN+6NVs7YUkthICJa4TZfC5qyPuJAjEBxOtjTvvFoxsL/cYs6ymeB2jAVzqT
+O0PEcLOY8vzpE7V60eGGgO3taks+UFWT2KKJAjEAhCGDI2SiJe0dsDo41Xyj1f4u
+xjJlXFmcJgRn4O/p4ACSPTafR5PLaTdKELFoWvDpAjEBeGO+jrDgz6aoJ7eka8JM
+xAWHubm0UPsr7JILYSsxViJFWIVGwIgnJU4Ny8U5LhfS
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_776_clear.der b/tests/data_files/rsa_pkcs1_776_clear.der
new file mode 100644
index 0000000..a311c67
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_776_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_776_clear.pem b/tests/data_files/rsa_pkcs1_776_clear.pem
new file mode 100644
index 0000000..e62f7b1
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_776_clear.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBzgIBAAJiANnXRUGM65e+JIE48z8L9fxWiIrBffeFynsFih4lhFrIliTf++Jy
+R98lR8TGLO0x2Cosfb+vPcX7+bNdvqOn3q53NcYYFnih7GuNHeC/BAsI6c5H2HT3
+Rw3LCJPBk/yXhFsCAwEAAQJhP/xdWV29LbsqGdLSkChBPrdkL+2ZxITF7tC3uxcm
+A0x73aT05ZTPy5m1tPTI6XsEjOHlZNkYUkqebCSAk+Jwoi8eMjqkejry7R92SBEx
+vRxhSxYkFiY3M1AxUO1km9QZYQIxDz25KT5pjdnXmcXon4wjsplmKlVXRoy11Cju
+kLLZLIM+wLW0nhiks0CsrNY6VTcL0wIxDksBCJ3sMRKQcUW/MLmorTHTvV5iraKr
+YS5A0e37Y4i/g3VEJrzWaTr1FpKMMwD4WQIxCO9w3KNAku9CHV8P8Gnii9SvNuZt
+kmjwOP/+TUrtU9FmOujMiVt9Q7IJChNWg5sQDQIxBMin1Ol+d0I+ZBszDazmPumx
+c+1WW8VZVRJ1EY50mHDZoLcsE0cbAGeCRobQM/X8KQIxAbOSOWnQiL+4QuY5rQ05
+W2BL3qSET7u75RcT3ePnaZsJf5CweulDtVOVy8cq2sXQWw==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs1_784_clear.der b/tests/data_files/rsa_pkcs1_784_clear.der
new file mode 100644
index 0000000..94f3d3b
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_784_clear.der
Binary files differ
diff --git a/tests/data_files/rsa_pkcs1_784_clear.pem b/tests/data_files/rsa_pkcs1_784_clear.pem
new file mode 100644
index 0000000..b7b424b
--- /dev/null
+++ b/tests/data_files/rsa_pkcs1_784_clear.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIB0wIBAAJjAL2x2bcoZLRL21gXcWsVJpjy65T7t6lsg/7loYbeZoIM1YCbgOaw
+j3c2bkiToc53k1siXpXSLzdIyPCvs7Tm9q1mNHi4pMmiOU/49wXKZzEr8+iIMHXf
+GVxysbIsch/1m/yTAgMBAAECYhsXm5CdJETb0Kf0MS6qBqkxiJPun3yDExcElN0+
+RkWsr5F+pBpOfS75hya2bxWd3l2WyEA3JTTkveghmsOy3UzPC/IhQLGFYOsRg6ia
+yflUVObDrrdmXL0ysI2V4a0770MBAjIA3fXqP6Q8rg5WE2RddFeAGYTmfaDU9RGH
+8ee4w0kITTXOr23WHEgIYuspKMB01gvg+QIyANrJMJ8VzwJdeq28KSBTCtQawLGH
+mXzzsaSiD14hjEDQnVTkBEWMhtbyudm0NXjuOOsCMXj2gAbW9srUvUwsMlIpLYK6
+zvJAKE62kyPeaO7kakXJwS4R6dHX39oo1nGDESllp+ECMgDKEvcgiHEZuyNbIiZO
+H8UpoMgHcLn4adDSwYg2JgA3wTb/uFalsiS8lZXImSSmXEkfAjE3y7xpVjmzp3W2
+/iNSKwBWTOLyu06KQ03gQEtvuXyEk6Nx+8siz9RHyjKnRL4HzRM9
+-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/server2-sha256.ku-ds.crt b/tests/data_files/server2-sha256.ku-ds.crt
new file mode 100644
index 0000000..0d4866c
--- /dev/null
+++ b/tests/data_files/server2-sha256.ku-ds.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBGDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
+DQEBCwUAA4IBAQAtKutVrQunnzOQg3TP2vnOT8Qr5LrbvsSBaPEm21Oxkpr0gJcC
+/BgON5WrBdfpEDZ5jOMGgqdF3AxFzh/Zw1EBr2y2wIcleodtzV5j2fTQV9MPYJ9z
+XYfhNsr9idt/i4YCqJSe6lB/+GG/p+9jtMLGMjfSkNnG7ppa7Sv6NVsAxgbKskTw
+WU/z7T7Y/afK5omAPpHfWddzCl5o+o9VFi5scYyjv2iNPkRiTMDh4bE8RVm9vxcf
+TMH14TSa1Y6OkaTuzJLbU3V8yJZ67s2SK89Trd75SQ+B62nZYe+0NG+6b2s+D97y
+ex2x2EbfK/nxEL2Gv7/xG4gcpzxmKObhPpsS
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-sha256.ku-ds_ke.crt b/tests/data_files/server2-sha256.ku-ds_ke.crt
new file mode 100644
index 0000000..e89e17d
--- /dev/null
+++ b/tests/data_files/server2-sha256.ku-ds_ke.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBHDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3
+DQEBCwUAA4IBAQBZBDKh6TRkGh9ro5l/Rv6/LE9slTLCrAAjCA6fT2dig6WsijmK
+OLwjjuWRdKT+SPrm+42db4j++KcPVk/HwPNkbcXF7sAHy13DGi47mi7ySKqCiOZ8
+RVnpBWjZJpMzXi5l8RgXGK10v2C4iPX3E7iRw+CYTZjOWfjnzHUWqQ93eu3s6OU3
+3FobrPFKYkS9CvqvbGBIqpv8TTAoAvUAsjUbQHY2SlqlJLw2DUmewmeBzS2ItNyp
+BO367lTm03z+nG77pZYOhgxch8EA2RcIuoEExj0tHZcG3JLOz60ijqqG1lxjrTXV
+qMDRttuL8jisekj4gZD90T9JdMHpz8goNhO7
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-sha256.ku-ka.crt b/tests/data_files/server2-sha256.ku-ka.crt
new file mode 100644
index 0000000..326876b
--- /dev/null
+++ b/tests/data_files/server2-sha256.ku-ka.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3
+DQEBCwUAA4IBAQBsd9wHhcSkcO/AyrHRw33RVgdydoUIcopGHCnl+6ThQj9lM2cF
+eh7Zdu2GVyd2yyIeI7c+N1w1NOLxXYk4vviU6J/Jol706UefflMEMHIwgJqakWdj
+uq8o7CTOEhMpzSE6AfNj02jLb3qrkoJGB+STIwgx2IYdDzTrIr2Cb2T9zbDJCQBd
+l2PTVR5id/+Uy4h+2KNJzgRgOUIPc0eFN0aE5a7IHRx3q7h5h/DbBaQU4tVmaAYF
+o/6XlBvwVxan87w+hLfnFHUO7eMe0jnLvH2O+MW4ZeYh4VP2Jq7cLJQgTfCbFK9L
+PNG8gfhW71rcMRTxwKM5qziJ8h6PeomSglsO
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-sha256.ku-ke.crt b/tests/data_files/server2-sha256.ku-ke.crt
new file mode 100644
index 0000000..ca5c3c7
--- /dev/null
+++ b/tests/data_files/server2-sha256.ku-ke.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAi+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3
+DQEBCwUAA4IBAQAuR/fgNifvtW6ukLxp+VFlYael3kAGJpKhe271fjkaqiyBB9Qt
+NfFX1HDq1hJe8c8uf+SgFnY6rg1BjdctrEU92avPYjhpsyYEuSjt9LAtLfpeMaWD
+ltem8PNh/lkR+v0xqeYsDcHTv/oR9NfCIqoPFWOPlH7CvLowNbI06D8KkKiWAlL1
+tC62db6T5sOrmcmyjLoKUyerBqCWC+MM4G+AXMdfp54/xLOvkTq/K1cu1oRIGIYL
+SSAtVeRQXqwgaH2M2EkN79joF6XnjGG27TN8rCS7gxJm87vZjtZiSFugwhFFHFhX
+Gmp9IkBVZKQci1NbTY18l/2wxFYICv486sAV
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2
index 4a64b3a..c420c79 100644
--- a/tests/data_files/test_certs.h.jinja2
+++ b/tests/data_files/test_certs.h.jinja2
@@ -5,7 +5,7 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */
+/* THIS FILE is generated by `framework/scripts/generate_test_cert_macros.py` */
/* *INDENT-OFF* */
{% for mode, name, value in macros %}
@@ -40,3 +40,4 @@
{% endif %}
{% endfor %}
+/* End of generated file */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index dac07ac..66378e7 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -1,9 +1,24 @@
/**
- * This file is intended to be used to build PSA test driver libraries. It is
- * intended to be appended by the test build system to the crypto_config.h file
- * of the Mbed TLS library the test library will be linked to. It mirrors the
- * PSA_ACCEL_* macros defining the cryptographic operations the test library
- * supports.
+ * This file is intended to be used to build PSA external test driver
+ * libraries (libtestdriver1).
+ *
+ * It is intended to be appended by the test build system to the
+ * crypto_config.h file of the Mbed TLS library the test library will be
+ * linked to (see `tests/Makefile` libtestdriver1 target). This is done in
+ * order to insert it at the right time: after the main configuration
+ * (PSA_WANT) but before the logic that determines what built-ins to enable
+ * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros.
+ *
+ * It reverses the PSA_ACCEL_* macros defining the cryptographic operations
+ * that will be accelerated in the main library:
+ * - When something is accelerated in the main library, we need it supported
+ * in libtestdriver1, so we disable the accel macro in order to the built-in
+ * to be enabled.
+ * - When something is NOT accelerated in the main library, we don't need it
+ * in libtestdriver1, so we enable its accel macro in order to the built-in
+ * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the
+ * PSA_WANT macros as they need to be the same between libtestdriver1 and
+ * the main library, since they determine the ABI between the two.)
*/
#include "psa/crypto_legacy.h"
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index 7b5c4c7..1d9bc43 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -26,8 +26,10 @@
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
- /* Subset of hits which only counts key operations with EC key */
+ /* Subset of hits which only counts public key export operations */
unsigned long hits_export_public_key;
+ /* Subset of hits which only counts key generation operations */
+ unsigned long hits_generate_key;
/* Location of the last key management driver called to import a key. */
psa_key_location_t location;
} mbedtls_test_driver_key_management_hooks_t;
@@ -36,7 +38,7 @@
* sense that no PSA specification will assign a meaning to this location
* (stated first in version 1.0.1 of the specification) and that it is not
* used as a location of an opaque test drivers. */
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 }
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 }
static inline mbedtls_test_driver_key_management_hooks_t
mbedtls_test_driver_key_management_hooks_init(void)
{
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 7306d8e..7393d81 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -11,7 +11,7 @@
#include "test/helpers.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
@@ -38,12 +38,15 @@
mbedtls_psa_crypto_free(); \
} \
while (0)
-#else /*MBEDTLS_PSA_CRYPTO_C */
+#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
+#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
+#define PSA_DONE() mbedtls_psa_crypto_free();
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() ((void) 0)
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@@ -313,7 +316,7 @@
} \
while (0)
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** \def USE_PSA_INIT
*
diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h
index ecf926e..e6d712b 100644
--- a/tests/include/test/psa_test_wrappers.h
+++ b/tests/include/test/psa_test_wrappers.h
@@ -262,12 +262,15 @@
#define psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) \
mbedtls_test_wrap_psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key)
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
psa_pake_cipher_suite_t *arg1_cipher_suite);
#define psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_buffer,
@@ -275,13 +278,17 @@
size_t *arg3_buffer_length);
#define psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_password_len);
#define psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_peer_id,
@@ -289,13 +296,17 @@
size_t *arg3_peer_id_length);
#define psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_peer_len);
#define psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_user_id,
@@ -303,12 +314,15 @@
size_t *arg3_user_id_len);
#define psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_user_len);
#define psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) \
mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
psa_status_t mbedtls_test_wrap_psa_crypto_init(void);
#define psa_crypto_init() \
@@ -566,17 +580,22 @@
#define psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) \
mbedtls_test_wrap_psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg)
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_abort(
psa_pake_operation_t *arg0_operation);
#define psa_pake_abort(arg0_operation) \
mbedtls_test_wrap_psa_pake_abort(arg0_operation)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key(
psa_pake_operation_t *arg0_operation,
psa_key_derivation_operation_t *arg1_output);
#define psa_pake_get_implicit_key(arg0_operation, arg1_output) \
mbedtls_test_wrap_psa_pake_get_implicit_key(arg0_operation, arg1_output)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_input(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
@@ -584,7 +603,9 @@
size_t arg3_input_length);
#define psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) \
mbedtls_test_wrap_psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_output(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
@@ -593,38 +614,49 @@
size_t *arg4_output_length);
#define psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) \
mbedtls_test_wrap_psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_password_key(
psa_pake_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_password);
#define psa_pake_set_password_key(arg0_operation, arg1_password) \
mbedtls_test_wrap_psa_pake_set_password_key(arg0_operation, arg1_password)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_peer(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_peer_id,
size_t arg2_peer_id_len);
#define psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) \
mbedtls_test_wrap_psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_role(
psa_pake_operation_t *arg0_operation,
psa_pake_role_t arg1_role);
#define psa_pake_set_role(arg0_operation, arg1_role) \
mbedtls_test_wrap_psa_pake_set_role(arg0_operation, arg1_role)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_user(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_user_id,
size_t arg2_user_id_len);
#define psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) \
mbedtls_test_wrap_psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_setup(
psa_pake_operation_t *arg0_operation,
const psa_pake_cipher_suite_t *arg1_cipher_suite);
#define psa_pake_setup(arg0_operation, arg1_cipher_suite) \
mbedtls_test_wrap_psa_pake_setup(arg0_operation, arg1_cipher_suite)
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
psa_status_t mbedtls_test_wrap_psa_purge_key(
mbedtls_svc_key_id_t arg0_key);
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 77f85c4..00e45c3 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -40,7 +40,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#if defined(MBEDTLS_SSL_HAVE_AES)
#if defined(MBEDTLS_SSL_HAVE_GCM)
-#if defined(MBEDTLS_MD_CAN_SHA384)
+#if defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384
#endif
#if defined(MBEDTLS_MD_CAN_SHA256)
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 49f06e0..bd4f877 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -1460,8 +1460,10 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \
@@ -1473,8 +1475,10 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \
@@ -1486,8 +1490,10 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \
@@ -1499,8 +1505,10 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \
@@ -1512,8 +1520,10 @@
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \
"$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \
@@ -1524,9 +1534,11 @@
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_openssl_tls1_3_with_compatible_ephemeral
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \
@@ -1537,12 +1549,13 @@
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
-requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
-requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
-requires_config_enabled PSA_WANT_ALG_ECDH
+requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
+ PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384
run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 5e43921..10bbf19 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -813,6 +813,7 @@
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
@@ -826,6 +827,20 @@
-c "Reconnecting with saved session... ok" \
-c "HTTP/1.0 200 ok"
+requires_openssl_tls1_3_with_compatible_ephemeral
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
+run_test "TLS 1.3 m->O: resumption fails, no ticket support" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -C "Reconnecting with saved session... ok" \
+ -c "Ignore NewSessionTicket, not supported."
+
# No early data m->O tests for the time being. The option -early_data is needed
# to enable early data on OpenSSL server and it is not compatible with the
# -www option we usually use for testing with OpenSSL server (see
@@ -858,6 +873,7 @@
requires_gnutls_tls1_3
requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
@@ -875,6 +891,21 @@
requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS
+run_test "TLS 1.3 m->G: resumption fails, no ticket support" \
+ "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \
+ "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \
+ 1 \
+ -c "Protocol is TLSv1.3" \
+ -C "Saving session for reuse... ok" \
+ -C "Reconnecting with saved session... ok" \
+ -c "Ignore NewSessionTicket, not supported."
+
+requires_gnutls_tls1_3
+requires_all_configs_enabled MBEDTLS_SSL_CLI_C \
+ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384
diff --git a/tests/psa-client-server/README.md b/tests/psa-client-server/README.md
new file mode 100644
index 0000000..e6d9c87
--- /dev/null
+++ b/tests/psa-client-server/README.md
@@ -0,0 +1,6 @@
+### PSA Crypto Client-Server Testing
+
+Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it.
+
+Once stable, of production quality, and being tested by the CI, it will eventually be migrated into
+the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework).
diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore
new file mode 100644
index 0000000..4065abf
--- /dev/null
+++ b/tests/psa-client-server/psasim/.gitignore
@@ -0,0 +1,12 @@
+bin/*
+*.o
+*.so
+test/psa_ff_bootstrap.c
+test/psa_manifest/*
+test/client
+test/partition
+cscope.out
+*.orig
+*.swp
+*.DS_Store
+*psa_ff_bootstrap_*
diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile
new file mode 100644
index 0000000..ec6691f
--- /dev/null
+++ b/tests/psa-client-server/psasim/Makefile
@@ -0,0 +1,81 @@
+CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
+
+ifeq ($(DEBUG),1)
+override CFLAGS += -DDEBUG -O0 -g
+endif
+
+CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto
+SERVER_LIBS := -Lserver_libs -lmbedcrypto
+
+MBEDTLS_ROOT_PATH = ../../..
+COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \
+ -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \
+ -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include
+
+GENERATED_H_FILES = include/psa_manifest/manifest.h \
+ include/psa_manifest/pid.h \
+ include/psa_manifest/sid.h
+
+LIBPSACLIENT_SRC = src/psa_ff_client.c \
+ src/psa_sim_crypto_client.c \
+ src/psa_sim_serialise.c
+LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o)
+
+PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c
+
+PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \
+ $(wildcard src/aut_*.c)
+
+PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
+
+PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \
+ src/psa_ff_server.c \
+ src/psa_sim_crypto_server.c \
+ src/psa_sim_serialise.c
+
+.PHONY: all clean client_libs server_libs
+
+all:
+
+test/seedfile:
+ dd if=/dev/urandom of=./test/seedfile bs=64 count=1
+
+src/%.o: src/%.c $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@
+
+client_libs/libpsaclient: $(LIBPSACLIENT_OBJS)
+ mkdir -p client_libs
+ $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS)
+
+test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@
+
+$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
+ tools/psa_autogen.py src/manifest.json
+
+# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to
+# build client/server applications.
+#
+# Note: these rules assume that mbedtls_config.h is already configured by all.sh.
+# If not using all.sh then the user must do it manually.
+client_libs: client_libs/libpsaclient
+client_libs server_libs:
+ $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a
+ mkdir -p $@
+ cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/
+
+clean_server_intermediate_files:
+ rm -f $(PARTITION_SERVER_BOOTSTRAP)
+ rm -rf include/psa_manifest
+
+clean: clean_server_intermediate_files
+ rm -f test/psa_client_base test/psa_client_full test/psa_server
+ rm -rf client_libs server_libs
+ rm -f test/psa_service_* test/psa_notify_* test/*.log
+ rm -f test/seedfile
diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md
new file mode 100644
index 0000000..1b950d6
--- /dev/null
+++ b/tests/psa-client-server/psasim/README.md
@@ -0,0 +1,61 @@
+# psasim
+
+This tool simulates a PSA Firmware Framework implementation.
+It allows you to develop secure partitions and their clients on a desktop computer.
+It should be able to run on all systems that support POSIX and System V IPC:
+e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
+
+Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
+
+* This simulator is not intended to pass or demonstrate compliance.
+* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
+
+## Building
+
+To build and run the test program make sure you have `make`, `python` and a
+C compiler installed and then enter the following commands:
+
+```sh
+make run
+```
+
+Optionally the `DEBUG=1` command line option can be enabled to increase verbosity:
+
+```sh
+make DEBUG=1 run
+```
+
+Once done with the test, it is possible to clean all the generated files with:
+
+```sh
+make clean
+```
+
+## Features
+
+The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
+
+* `psa_notify` support
+* "strict" policy in manifest
+
+The only supported "interrupts" are POSIX signals, which act
+as a "virtual interrupt".
+
+The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
+
+## Design
+
+The code is designed to be readable rather than fast or secure.
+In this implementation only one message is delivered to a
+RoT service at a time.
+The code is not thread-safe.
+
+## Unsupported features
+
+Because this is a simulator there are a few things that
+can't be reasonably emulated:
+
+* Manifest MMIO regions are unsupported
+* Manifest priority field is ignored
+* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
+ making it infeasible to populate pid.h with correct values.
diff --git a/tests/psa-client-server/psasim/include/client.h b/tests/psa-client-server/psasim/include/client.h
new file mode 100644
index 0000000..d48498e
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/client.h
@@ -0,0 +1,75 @@
+/* PSA Firmware Framework client header for psasim. */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef __PSA_CLIENT_H__
+#define __PSA_CLIENT_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "psa/crypto.h"
+
+#include "error_ext.h"
+/*********************** PSA Client Macros and Types *************************/
+
+#define PSA_FRAMEWORK_VERSION (0x0100)
+
+#define PSA_VERSION_NONE (0)
+
+/* PSA response types */
+#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED
+#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY
+#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR
+
+/* PSA message handles */
+#define PSA_NULL_HANDLE ((psa_handle_t) 0)
+
+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0)
+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle))
+
+/**
+ * A read-only input memory region provided to an RoT Service.
+ */
+typedef struct psa_invec {
+ const void *base;
+ size_t len;
+} psa_invec;
+
+/**
+ * A writable output memory region provided to an RoT Service.
+ */
+typedef struct psa_outvec {
+ void *base;
+ size_t len;
+} psa_outvec;
+
+/*************************** PSA Client API **********************************/
+
+uint32_t psa_framework_version(void);
+
+uint32_t psa_version(uint32_t sid);
+
+psa_handle_t psa_connect(uint32_t sid, uint32_t version);
+
+psa_status_t psa_call(psa_handle_t handle,
+ int32_t type,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len);
+
+void psa_close(psa_handle_t handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_CLIENT_H__ */
diff --git a/tests/psa-client-server/psasim/include/common.h b/tests/psa-client-server/psasim/include/common.h
new file mode 100644
index 0000000..ee5b5a3
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/common.h
@@ -0,0 +1,52 @@
+/* Common definitions used for clients and services */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef _COMMON_H_
+#define _COMMON_H_
+
+#include <stdint.h>
+#include <stddef.h>
+
+/* Increasing this might break on some platforms */
+#define MAX_FRAGMENT_SIZE 200
+
+#define CONNECT_REQUEST 1
+#define CALL_REQUEST 2
+#define CLOSE_REQUEST 3
+#define VERSION_REQUEST 4
+#define READ_REQUEST 5
+#define READ_RESPONSE 6
+#define WRITE_REQUEST 7
+#define WRITE_RESPONSE 8
+#define SKIP_REQUEST 9
+#define PSA_REPLY 10
+
+#define NON_SECURE (1 << 30)
+
+typedef int32_t psa_handle_t;
+
+#define PSA_MAX_IOVEC (4u)
+
+#define PSA_IPC_CALL (0)
+
+struct message_text {
+ int qid;
+ int32_t psa_type;
+ char buf[MAX_FRAGMENT_SIZE];
+};
+
+struct message {
+ long message_type;
+ struct message_text message_text;
+};
+
+typedef struct vector_sizes {
+ size_t invec_sizes[PSA_MAX_IOVEC];
+ size_t outvec_sizes[PSA_MAX_IOVEC];
+} vector_sizes_t;
+
+#endif /* _COMMON_H_ */
diff --git a/tests/psa-client-server/psasim/include/error_ext.h b/tests/psa-client-server/psasim/include/error_ext.h
new file mode 100644
index 0000000..6c82b8a
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/error_ext.h
@@ -0,0 +1,19 @@
+/* PSA status codes used by psasim. */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_ERROR_H
+#define PSA_ERROR_H
+
+#include <stdint.h>
+
+#include "common.h"
+
+#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129)
+#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130)
+#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131)
+
+#endif
diff --git a/tests/psa-client-server/psasim/include/init.h b/tests/psa-client-server/psasim/include/init.h
new file mode 100644
index 0000000..de95d90
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/init.h
@@ -0,0 +1,15 @@
+/* Declarations of internal functions. */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdint.h>
+#include <service.h>
+void raise_signal(psa_signal_t signal);
+void __init_psasim(const char **array,
+ int size,
+ const int allow_ns_clients_array[32],
+ const uint32_t versions[32],
+ const int strict_policy_array[32]);
diff --git a/tests/psa-client-server/psasim/include/lifecycle.h b/tests/psa-client-server/psasim/include/lifecycle.h
new file mode 100644
index 0000000..1148397
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/lifecycle.h
@@ -0,0 +1,17 @@
+/* PSA lifecycle states used by psasim. */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u)
+#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu)
+#define PSA_LIFECYCLE_UNKNOWN (0x0000u)
+#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u)
+#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u)
+#define PSA_LIFECYCLE_SECURED (0x3000u)
+#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u)
+#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u)
+#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u)
+#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN
diff --git a/tests/psa-client-server/psasim/include/service.h b/tests/psa-client-server/psasim/include/service.h
new file mode 100644
index 0000000..cbcb918
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/service.h
@@ -0,0 +1,253 @@
+/* PSA Firmware Framework service header for psasim. */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef __PSA_SERVICE_H__
+#define __PSA_SERVICE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+#include <stdlib.h>
+#include <stdint.h>
+#include <stddef.h>
+
+#include "common.h"
+
+#include "psa/crypto.h"
+
+/********************** PSA Secure Partition Macros and Types ****************/
+
+/* PSA wait timeouts */
+#define PSA_POLL (0x00000000u)
+#define PSA_BLOCK (0x80000000u)
+
+/* A mask value that includes all Secure Partition signals */
+#define PSA_WAIT_ANY (~0u)
+
+/* Doorbell signal */
+#define PSA_DOORBELL (0x00000008u)
+
+/* PSA message types */
+#define PSA_IPC_CONNECT (-1)
+#define PSA_IPC_DISCONNECT (-2)
+
+/* Return code from psa_get() */
+#define PSA_ERR_NOMSG (INT32_MIN + 3)
+
+/* Store a set of one or more Secure Partition signals */
+typedef uint32_t psa_signal_t;
+
+/**
+ * Describe a message received by an RoT Service after calling \ref psa_get().
+ */
+typedef struct psa_msg_t {
+ uint32_t type; /* One of the following values:
+ * \ref PSA_IPC_CONNECT
+ * \ref PSA_IPC_CALL
+ * \ref PSA_IPC_DISCONNECT
+ */
+ psa_handle_t handle; /* A reference generated by the SPM to the
+ * message returned by psa_get().
+ */
+ int32_t client_id; /* Partition ID of the sender of the message */
+ void *rhandle; /* Be useful for binding a connection to some
+ * application-specific data or function
+ * pointer within the RoT Service
+ * implementation.
+ */
+ size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input
+ * vector in bytes.
+ */
+ size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output
+ * vector in bytes.
+ */
+} psa_msg_t;
+
+/************************* PSA Secure Partition API **************************/
+
+/**
+ * \brief Return the Secure Partition interrupt signals that have been asserted
+ * from a subset of signals provided by the caller.
+ *
+ * \param[in] signal_mask A set of signals to query. Signals that are not
+ * in this set will be ignored.
+ * \param[in] timeout Specify either blocking \ref PSA_BLOCK or
+ * polling \ref PSA_POLL operation.
+ *
+ * \retval >0 At least one signal is asserted.
+ * \retval 0 No signals are asserted. This is only seen when
+ * a polling timeout is used.
+ */
+psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout);
+
+/**
+ * \brief Retrieve the message which corresponds to a given RoT Service signal
+ * and remove the message from the RoT Service queue.
+ *
+ * \param[in] signal The signal value for an asserted RoT Service.
+ * \param[out] msg Pointer to \ref psa_msg_t object for receiving
+ * the message.
+ *
+ * \retval PSA_SUCCESS Success, *msg will contain the delivered
+ * message.
+ * \retval PSA_ERR_NOMSG Message could not be delivered.
+ * \retval "Does not return" The call is invalid because one or more of the
+ * following are true:
+ * \arg signal has more than a single bit set.
+ * \arg signal does not correspond to an RoT Service.
+ * \arg The RoT Service signal is not currently
+ * asserted.
+ * \arg The msg pointer provided is not a valid memory
+ * reference.
+ */
+psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg);
+
+/**
+ * \brief Associate some RoT Service private data with a client connection.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] rhandle Reverse handle allocated by the RoT Service.
+ *
+ * \retval void Success, rhandle will be provided with all
+ * subsequent messages delivered on this
+ * connection.
+ * \retval "Does not return" msg_handle is invalid.
+ */
+void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle);
+
+/**
+ * \brief Read a message parameter or part of a message parameter from a client
+ * input vector.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] invec_idx Index of the input vector to read from. Must be
+ * less than \ref PSA_MAX_IOVEC.
+ * \param[out] buffer Buffer in the Secure Partition to copy the
+ * requested data to.
+ * \param[in] num_bytes Maximum number of bytes to be read from the
+ * client input vector.
+ *
+ * \retval >0 Number of bytes copied.
+ * \retval 0 There was no remaining data in this input
+ * vector.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a
+ * \ref PSA_IPC_CALL message.
+ * \arg invec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ * \arg the memory reference for buffer is invalid or
+ * not writable.
+ */
+size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
+ void *buffer, size_t num_bytes);
+
+/**
+ * \brief Skip over part of a client input vector.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] invec_idx Index of input vector to skip from. Must be
+ * less than \ref PSA_MAX_IOVEC.
+ * \param[in] num_bytes Maximum number of bytes to skip in the client
+ * input vector.
+ *
+ * \retval >0 Number of bytes skipped.
+ * \retval 0 There was no remaining data in this input
+ * vector.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a
+ * \ref PSA_IPC_CALL message.
+ * \arg invec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ */
+size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes);
+
+/**
+ * \brief Write a message response to a client output vector.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[out] outvec_idx Index of output vector in message to write to.
+ * Must be less than \ref PSA_MAX_IOVEC.
+ * \param[in] buffer Buffer with the data to write.
+ * \param[in] num_bytes Number of bytes to write to the client output
+ * vector.
+ *
+ * \retval void Success
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg msg_handle does not refer to a
+ * \ref PSA_IPC_CALL message.
+ * \arg outvec_idx is equal to or greater than
+ * \ref PSA_MAX_IOVEC.
+ * \arg The memory reference for buffer is invalid.
+ * \arg The call attempts to write data past the end
+ * of the client output vector.
+ */
+void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
+ const void *buffer, size_t num_bytes);
+
+/**
+ * \brief Complete handling of a specific message and unblock the client.
+ *
+ * \param[in] msg_handle Handle for the client's message.
+ * \param[in] status Message result value to be reported to the
+ * client.
+ *
+ * \retval void Success.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg msg_handle is invalid.
+ * \arg An invalid status code is specified for the
+ * type of message.
+ */
+void psa_reply(psa_handle_t msg_handle, psa_status_t status);
+
+/**
+ * \brief Send a PSA_DOORBELL signal to a specific Secure Partition.
+ *
+ * \param[in] partition_id Secure Partition ID of the target partition.
+ *
+ * \retval void Success.
+ * \retval "Does not return" partition_id does not correspond to a Secure
+ * Partition.
+ */
+void psa_notify(int32_t partition_id);
+
+/**
+ * \brief Clear the PSA_DOORBELL signal.
+ *
+ * \retval void Success.
+ * \retval "Does not return" The Secure Partition's doorbell signal is not
+ * currently asserted.
+ */
+void psa_clear(void);
+
+/**
+ * \brief Inform the SPM that an interrupt has been handled (end of interrupt).
+ *
+ * \param[in] irq_signal The interrupt signal that has been processed.
+ *
+ * \retval void Success.
+ * \retval "Does not return" The call is invalid, one or more of the
+ * following are true:
+ * \arg irq_signal is not an interrupt signal.
+ * \arg irq_signal indicates more than one signal.
+ * \arg irq_signal is not currently asserted.
+ */
+void psa_eoi(psa_signal_t irq_signal);
+
+#define psa_panic(X) abort();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __PSA_SERVICE_H__ */
diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h
new file mode 100644
index 0000000..5eb8238
--- /dev/null
+++ b/tests/psa-client-server/psasim/include/util.h
@@ -0,0 +1,31 @@
+/* Common definitions used for clients and services */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "service.h"
+
+#define PRINT(fmt, ...) \
+ fprintf(stdout, fmt "\n", ##__VA_ARGS__)
+
+#if defined(DEBUG)
+#define INFO(fmt, ...) \
+ fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__)
+#else /* !DEBUG */
+#define INFO(...)
+#endif /* DEBUG*/
+
+#define ERROR(fmt, ...) \
+ fprintf(stderr, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__)
+
+#define FATAL(fmt, ...) \
+ { \
+ fprintf(stderr, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \
+ abort(); \
+ }
+
+#define PROJECT_ID 'M'
+#define PATHNAMESIZE 256
+#define TMP_FILE_BASE_PATH "./"
diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c
new file mode 100644
index 0000000..ed19879
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_main.c
@@ -0,0 +1,71 @@
+/**
+ * This is the base AUT that exectues all other AUTs meant to test PSA APIs
+ * through PSASIM.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+int psa_hash_compute_main(void);
+int psa_hash_main(void);
+int psa_aead_encrypt_main(char *cipher_name);
+int psa_aead_encrypt_decrypt_main(void);
+int psa_cipher_encrypt_decrypt_main(void);
+int psa_asymmetric_encrypt_decrypt_main(void);
+int psa_random_main(void);
+int psa_mac_main(void);
+int psa_key_agreement_main(void);
+int psa_sign_verify_main(void);
+int psa_hkdf_main(void);
+
+#define TEST_MODULE(main_func) \
+ do { \
+ char title[128] = { 0 }; \
+ char separator[128] = { 0 }; \
+ int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \
+ memset(separator, '=', title_len); \
+ printf("%s\n%s\n%s\n", separator, title, separator); \
+ ret = main_func; \
+ if (ret != 0) { \
+ goto exit; \
+ } \
+ } while (0)
+
+int main()
+{
+ int ret;
+
+ TEST_MODULE(psa_hash_compute_main());
+ TEST_MODULE(psa_hash_main());
+
+ TEST_MODULE(psa_aead_encrypt_main("aes128-gcm"));
+ TEST_MODULE(psa_aead_encrypt_main("aes256-gcm"));
+ TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8"));
+ TEST_MODULE(psa_aead_encrypt_main("chachapoly"));
+ TEST_MODULE(psa_aead_encrypt_decrypt_main());
+ TEST_MODULE(psa_cipher_encrypt_decrypt_main());
+ TEST_MODULE(psa_asymmetric_encrypt_decrypt_main());
+
+ TEST_MODULE(psa_random_main());
+
+ TEST_MODULE(psa_mac_main());
+ TEST_MODULE(psa_key_agreement_main());
+ TEST_MODULE(psa_sign_verify_main());
+ TEST_MODULE(psa_hkdf_main());
+
+exit:
+ return (ret != 0) ? 1 : 0;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
new file mode 100644
index 0000000..64463f5
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+const char usage[] =
+ "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+
+/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
+const unsigned char iv1[12] = { 0x00 };
+const unsigned char add_data1[] = { 0x01, 0x02 };
+const unsigned char msg1_part1[] = { 0x03, 0x04 };
+const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+
+/* Dummy data (2nd message) */
+const unsigned char iv2[12] = { 0x10 };
+const unsigned char add_data2[] = { 0x11, 0x12 };
+const unsigned char msg2_part1[] = { 0x13, 0x14 };
+const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+
+/* Maximum total size of the messages */
+#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
+#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
+#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
+
+/* Dummy key material - never do this in production!
+ * 32-byte is enough to all the key size supported by this program. */
+const unsigned char key_bytes[32] = { 0x2a };
+
+/* Print the contents of a buffer in hex */
+void print_buf(const char *title, uint8_t *buf, size_t len)
+{
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+}
+
+/* Run a PSA function and bail out if it fails.
+ * The symbolic name of the error code can be recovered using:
+ * programs/psa/psa_constant_name status <value> */
+#define PSA_CHECK(expr) \
+ do \
+ { \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } \
+ while (0)
+
+/*
+ * Prepare encryption material:
+ * - interpret command-line argument
+ * - set up key
+ * - outputs: key and algorithm, which together hold all the information
+ */
+static psa_status_t aead_prepare(const char *info,
+ psa_key_id_t *key,
+ psa_algorithm_t *alg)
+{
+ psa_status_t status;
+
+ /* Convert arg to alg + key_bits + key_type */
+ size_t key_bits;
+ psa_key_type_t key_type;
+ if (strcmp(info, "aes128-gcm") == 0) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "aes256-gcm") == 0) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "aes128-gcm_8") == 0) {
+ *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8);
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "chachapoly") == 0) {
+ *alg = PSA_ALG_CHACHA20_POLY1305;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_CHACHA20;
+ } else {
+ puts(usage);
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Prepare key attributes */
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, *alg);
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, key_bits); // optional
+
+ /* Import key */
+ PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key));
+
+exit:
+ return status;
+}
+
+/*
+ * Print out some information.
+ *
+ * All of this information was present in the command line argument, but his
+ * function demonstrates how each piece can be recovered from (key, alg).
+ */
+static void aead_info(psa_key_id_t key, psa_algorithm_t alg)
+{
+ psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+ (void) psa_get_key_attributes(key, &attr);
+ psa_key_type_t key_type = psa_get_key_type(&attr);
+ size_t key_bits = psa_get_key_bits(&attr);
+ psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
+ size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg);
+
+ const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES"
+ : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha"
+ : "???";
+ const char *base_str = base_alg == PSA_ALG_GCM ? "GCM"
+ : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly"
+ : "???";
+
+ printf("%s, %u, %s, %u\n",
+ type_str, (unsigned) key_bits, base_str, (unsigned) tag_len);
+}
+
+/*
+ * Encrypt a 2-part message.
+ */
+static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len)
+{
+ psa_status_t status;
+ size_t olen, olen_tag;
+ unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)];
+ unsigned char *p = out, *end = out + sizeof(out);
+ unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
+
+ psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
+ PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg));
+
+ PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len));
+ PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len));
+ PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen));
+ p += olen;
+ PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen));
+ p += olen;
+ PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen,
+ tag, sizeof(tag), &olen_tag));
+ p += olen;
+ memcpy(p, tag, olen_tag);
+ p += olen_tag;
+
+ olen = p - out;
+ print_buf("out", out, olen);
+
+exit:
+ psa_aead_abort(&op); // required on errors, harmless on success
+ return status;
+}
+
+/*
+ * AEAD demo: set up key/alg, print out info, encrypt messages.
+ */
+static psa_status_t aead_demo(const char *info)
+{
+ psa_status_t status;
+
+ psa_key_id_t key;
+ psa_algorithm_t alg;
+
+ PSA_CHECK(aead_prepare(info, &key, &alg));
+
+ aead_info(key, alg);
+
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv1, sizeof(iv1), add_data1, sizeof(add_data1),
+ msg1_part1, sizeof(msg1_part1),
+ msg1_part2, sizeof(msg1_part2)));
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv2, sizeof(iv2), add_data2, sizeof(add_data2),
+ msg2_part1, sizeof(msg2_part1),
+ msg2_part2, sizeof(msg2_part2)));
+
+exit:
+ psa_destroy_key(key);
+
+ return status;
+}
+
+/*
+ * Main function
+ */
+int psa_aead_encrypt_main(char *cipher_name)
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK(psa_crypto_init());
+
+ /* Run the demo */
+ PSA_CHECK(aead_demo(cipher_name));
+
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free();
+
+exit:
+ return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
new file mode 100644
index 0000000..ca090cc
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define BUFFER_SIZE 500
+
+static void print_bytestr(const uint8_t *bytes, size_t len)
+{
+ for (unsigned int idx = 0; idx < len; idx++) {
+ printf("%02X", bytes[idx]);
+ }
+}
+
+int psa_aead_encrypt_decrypt_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ uint8_t encrypt[BUFFER_SIZE] = { 0 };
+ uint8_t decrypt[BUFFER_SIZE] = { 0 };
+ const uint8_t plaintext[] = "Hello World!";
+ const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)];
+ size_t nonce_length = sizeof(nonce);
+ size_t ciphertext_length;
+ size_t plaintext_length;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 256);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_generate_random(nonce, nonce_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_random failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_aead_encrypt(key_id, // key
+ PSA_ALG_CCM, // algorithm
+ nonce, nonce_length, // nonce
+ NULL, 0, // additional data
+ plaintext, sizeof(plaintext), // plaintext
+ encrypt, sizeof(encrypt), // ciphertext
+ &ciphertext_length); // length of output
+ if (status != PSA_SUCCESS) {
+ printf("psa_aead_encrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ printf("AES-CCM encryption:\n");
+ printf("- Plaintext: '%s':\n", plaintext);
+ printf("- Key: ");
+ print_bytestr(key_bytes, sizeof(key_bytes));
+ printf("\n- Nonce: ");
+ print_bytestr(nonce, nonce_length);
+ printf("\n- No additional data\n");
+ printf("- Ciphertext:\n");
+
+ for (size_t j = 0; j < ciphertext_length; j++) {
+ if (j % 8 == 0) {
+ printf("\n ");
+ }
+ printf("%02x ", encrypt[j]);
+ }
+
+ printf("\n");
+
+ status = psa_aead_decrypt(key_id, // key
+ PSA_ALG_CCM, // algorithm
+ nonce, nonce_length, // nonce
+ NULL, 0, // additional data
+ encrypt, ciphertext_length, // ciphertext
+ decrypt, sizeof(decrypt), // plaintext
+ &plaintext_length); // length of output
+ if (status != PSA_SUCCESS) {
+ printf("psa_aead_decrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) {
+ printf("\nEncryption/Decryption failed!\n");
+ } else {
+ printf("\nEncryption/Decryption successful!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c
new file mode 100644
index 0000000..02d8cf4
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define KEY_BITS 4096
+#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS)
+
+static void print_bytestr(const uint8_t *bytes, size_t len)
+{
+ for (unsigned int idx = 0; idx < len; idx++) {
+ printf("%02X", bytes[idx]);
+ }
+}
+
+int psa_asymmetric_encrypt_decrypt_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ uint8_t original[BUFFER_SIZE/2] = { 0 };
+ uint8_t encrypt[BUFFER_SIZE] = { 0 };
+ uint8_t decrypt[BUFFER_SIZE] = { 0 };
+ size_t encrypted_length;
+ size_t decrypted_length;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_generate_random(original, sizeof(original));
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_random() failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
+ psa_set_key_bits(&attributes, KEY_BITS);
+
+ status = psa_generate_key(&attributes, &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_key failed (%d)\n", status);
+ return EXIT_FAILURE;
+ }
+
+ status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ original, sizeof(original), NULL, 0,
+ encrypt, sizeof(encrypt), &encrypted_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_asymmetric_encrypt failed (%d)\n", status);
+ return EXIT_FAILURE;
+ }
+
+ status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
+ encrypt, encrypted_length, NULL, 0,
+ decrypt, sizeof(decrypt), &decrypted_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_cipher_decrypt failed (%d)\n", status);
+ return EXIT_FAILURE;
+ }
+
+ if (memcmp(original, decrypt, sizeof(original)) != 0) {
+ printf("\nEncryption/Decryption failed!\n");
+ } else {
+ printf("\nEncryption/Decryption successful!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
new file mode 100644
index 0000000..a923feb
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define BUFFER_SIZE 4096
+
+static void print_bytestr(const uint8_t *bytes, size_t len)
+{
+ for (unsigned int idx = 0; idx < len; idx++) {
+ printf("%02X", bytes[idx]);
+ }
+}
+
+int psa_cipher_encrypt_decrypt_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ uint8_t original[BUFFER_SIZE] = { 0 };
+ uint8_t encrypt[BUFFER_SIZE] = { 0 };
+ uint8_t decrypt[BUFFER_SIZE] = { 0 };
+ const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
+ size_t encrypted_length;
+ size_t decrypted_length;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_generate_random(original, sizeof(original));
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_random() failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, 256);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING,
+ original, sizeof(original),
+ encrypt, sizeof(encrypt), &encrypted_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_cipher_encrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING,
+ encrypt, encrypted_length,
+ decrypt, sizeof(decrypt), &decrypted_length);
+ if (status != PSA_SUCCESS) {
+ printf("psa_cipher_decrypt failed\n");
+ return EXIT_FAILURE;
+ }
+
+ if (memcmp(original, decrypt, sizeof(original)) != 0) {
+ printf("\nEncryption/Decryption failed!\n");
+ } else {
+ printf("\nEncryption/Decryption successful!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c
new file mode 100644
index 0000000..b429c0b
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c
@@ -0,0 +1,167 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform.h"
+
+#define HASH_ALG PSA_ALG_SHA_256
+
+static const uint8_t sample_message[] = "Hello World!";
+/* sample_message is terminated with a null byte which is not part of
+ * the message itself so we make sure to subtract it in order to get
+ * the message length. */
+static const size_t sample_message_length = sizeof(sample_message) - 1;
+
+#define EXPECTED_HASH_VALUE { \
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
+}
+
+static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
+static const size_t expected_hash_len = sizeof(expected_hash);
+
+int psa_hash_main(void)
+{
+ psa_status_t status;
+ uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
+ size_t hash_length;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT;
+
+ mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Compute hash using multi-part operation */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ return EXIT_FAILURE;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_clone(&hash_operation, &cloned_hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("PSA hash clone failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_finish failed\n");
+ goto cleanup;
+ }
+
+ /* Check the result of the operation against the sample */
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ status =
+ psa_hash_verify(&cloned_hash_operation, expected_hash,
+ expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed\n");
+ goto cleanup;
+ } else {
+ mbedtls_printf("Multi-part hash operation successful!\n");
+ }
+
+ /* A bit of white-box testing: ensure that we can abort an operation more
+ * times than there are operation slots on the simulator server.
+ */
+ for (int i = 0; i < 200; i++) {
+ /* This should be a no-op */
+ status = psa_hash_abort(&hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_abort failed\n");
+ goto cleanup;
+ }
+ }
+
+ /* Compute hash using multi-part operation using the same operation struct */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ goto cleanup;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed: %d\n", status);
+ goto cleanup;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ /* Don't use psa_hash_finish() when going to check against an expected result */
+ status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed: %d\n", status);
+ goto cleanup;
+ } else {
+ mbedtls_printf("Second multi-part hash operation successful!\n");
+ }
+
+ /* Clear local variables prior to one-shot hash demo */
+ memset(hash, 0, sizeof(hash));
+ hash_length = 0;
+
+ /* Compute hash using one-shot function call */
+ status = psa_hash_compute(HASH_ALG,
+ sample_message, sample_message_length,
+ hash, sizeof(hash),
+ &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_compute failed\n");
+ goto cleanup;
+ }
+
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ mbedtls_printf("One-shot hash operation successful!\n\n");
+
+ /* Print out result */
+ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
+
+ for (size_t j = 0; j < expected_hash_len; j++) {
+ mbedtls_printf("%02x", hash[j]);
+ }
+
+ mbedtls_printf("\n");
+
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+
+cleanup:
+ psa_hash_abort(&hash_operation);
+ psa_hash_abort(&cloned_hash_operation);
+ return EXIT_FAILURE;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c
new file mode 100644
index 0000000..959e0c3
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform.h"
+
+#define HASH_ALG PSA_ALG_SHA_256
+
+static const uint8_t sample_message[] = "Hello World!";
+/* sample_message is terminated with a null byte which is not part of
+ * the message itself so we make sure to subtract it in order to get
+ * the message length. */
+static const size_t sample_message_length = sizeof(sample_message) - 1;
+
+#define EXPECTED_HASH_VALUE { \
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
+}
+
+static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
+static const size_t expected_hash_len = sizeof(expected_hash);
+
+int psa_hash_compute_main(void)
+{
+ psa_status_t status;
+ uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
+ size_t hash_length;
+
+ mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Clear local variables prior to one-shot hash demo */
+ memset(hash, 0, sizeof(hash));
+ hash_length = 0;
+
+ /* Compute hash using one-shot function call */
+ status = psa_hash_compute(HASH_ALG,
+ sample_message, sample_message_length,
+ hash, sizeof(hash),
+ &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_compute failed\n");
+ goto cleanup;
+ }
+
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ mbedtls_printf("One-shot hash operation successful!\n\n");
+
+ /* Print out result */
+ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
+
+ for (size_t j = 0; j < expected_hash_len; j++) {
+ mbedtls_printf("%02x", hash[j]);
+ }
+
+ mbedtls_printf("\n");
+
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+
+cleanup:
+ return EXIT_FAILURE;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c
new file mode 100644
index 0000000..891fdb3
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "mbedtls/build_info.h"
+
+int psa_hkdf_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ /* Example test vector from RFC 5869 */
+
+ /* Input keying material (IKM) */
+ unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+ 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
+
+ unsigned char salt[] =
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
+
+ /* Context and application specific information, which can be of zero length */
+ unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 };
+
+ /* Expected OKM based on the RFC 5869-provided test vector */
+ unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43,
+ 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90,
+ 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4,
+ 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
+ 0x58, 0x65 };
+
+ /* The output size of the HKDF function depends on the hash function used.
+ * In our case we use SHA-256, which produces a 32 byte fingerprint.
+ * Therefore, we allocate a buffer of 32 bytes to hold the output keying
+ * material (OKM).
+ */
+ unsigned char output[32];
+
+ psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
+
+ printf("PSA Crypto API: HKDF SHA-256 example\n\n");
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+
+ status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_setup(&operation, alg);
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_setup failed");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ salt, sizeof(salt));
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_input_bytes (salt) failed");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_input_key failed");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ info, sizeof(info));
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_input_bytes (info) failed");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_output_bytes(&operation, output, sizeof(output));
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_output_bytes failed");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_key_derivation_abort(&operation);
+ if (status != PSA_SUCCESS) {
+ printf("psa_key_derivation_abort failed");
+ return EXIT_FAILURE;
+ }
+
+ printf("OKM: \n");
+
+ for (size_t j = 0; j < sizeof(output); j++) {
+ if (output[j] != expected_okm[j]) {
+ printf("\n --- Unexpected outcome!\n");
+ return EXIT_FAILURE;
+ }
+
+ if (j % 8 == 0) {
+ printf("\n ");
+ }
+ printf("%02x ", output[j]);
+ }
+
+ printf("\n");
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c
new file mode 100644
index 0000000..4a0aab1
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include "mbedtls/build_info.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
+
+#define BUFFER_SIZE 500
+
+#define SERVER_PK_VALUE { \
+ 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \
+ 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \
+ 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \
+ 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \
+ 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \
+ 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \
+ 0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \
+ 0xf3, 0x20 \
+}
+
+#define KEY_BITS 256
+
+int psa_key_agreement_main(void)
+{
+ psa_status_t status;
+ psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t client_key_id = 0;
+ psa_key_id_t server_key_id = 0;
+ uint8_t client_pk[BUFFER_SIZE] = { 0 };
+ size_t client_pk_len;
+ size_t key_bits;
+ psa_key_type_t key_type;
+
+ const uint8_t server_pk[] = SERVER_PK_VALUE;
+ uint8_t derived_key[BUFFER_SIZE] = { 0 };
+ size_t derived_key_len;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH);
+ psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+ psa_set_key_bits(&client_attributes, KEY_BITS);
+
+ /* Generate ephemeral key pair */
+ status = psa_generate_key(&client_attributes, &client_key_id);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_generate_key failed\n");
+ return EXIT_FAILURE;
+ }
+ status = psa_export_public_key(client_key_id,
+ client_pk, sizeof(client_pk),
+ &client_pk_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_export_public_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len);
+
+ for (size_t j = 0; j < client_pk_len; j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", client_pk[j]);
+ }
+ mbedtls_printf("\n\n");
+
+ psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY);
+ psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
+
+ /* Import server public key */
+ status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_get_key_attributes(server_key_id, &check_attributes);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_get_key_attributes failed\n");
+ return EXIT_FAILURE;
+ }
+
+ key_bits = psa_get_key_bits(&check_attributes);
+ if (key_bits != 256) {
+ mbedtls_printf("Incompatible key size!\n");
+ return EXIT_FAILURE;
+ }
+
+ key_type = psa_get_key_type(&check_attributes);
+ if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) {
+ mbedtls_printf("Unsupported key type!\n");
+ return EXIT_FAILURE;
+ }
+
+ mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk));
+
+ for (size_t j = 0; j < sizeof(server_pk); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", server_pk[j]);
+ }
+ mbedtls_printf("\n\n");
+
+ /* Generate ECDHE derived key */
+ status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm
+ client_key_id, // client secret key
+ server_pk, sizeof(server_pk), // server public key
+ derived_key, sizeof(derived_key), // buffer to store derived key
+ &derived_key_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_raw_key_agreement failed\n");
+ return EXIT_FAILURE;
+ }
+
+ mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len);
+
+ for (size_t j = 0; j < derived_key_len; j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", derived_key[j]);
+ }
+ mbedtls_printf("\n");
+
+ psa_destroy_key(server_key_id);
+ psa_destroy_key(client_key_id);
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_mac.c b/tests/psa-client-server/psasim/src/aut_psa_mac.c
new file mode 100644
index 0000000..18b4b57
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_mac.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+
+/* constant-time buffer comparison */
+static inline int safer_memcmp(const void *a, const void *b, size_t n)
+{
+ size_t i;
+ volatile const unsigned char *A = (volatile const unsigned char *) a;
+ volatile const unsigned char *B = (volatile const unsigned char *) b;
+ volatile unsigned char diff = 0;
+
+ for (i = 0; i < n; i++) {
+ /* Read volatile data in order before computing diff.
+ * This avoids IAR compiler warning:
+ * 'the order of volatile accesses is undefined ..' */
+ unsigned char x = A[i], y = B[i];
+ diff |= x ^ y;
+ }
+
+ return diff;
+}
+
+
+int psa_mac_main(void)
+{
+ uint8_t input[] = "Hello World!";
+ psa_status_t status;
+ size_t mac_size_real = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key_id = 0;
+ uint8_t mac[PSA_MAC_MAX_SIZE];
+ psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk";
+ const uint8_t mbedtls_test_hmac_sha256[] = {
+ 0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71,
+ 0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86,
+ 0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8,
+ 0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b
+ };
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Single-part MAC operation with psa_mac_compute() */
+ status = psa_mac_compute(key_id,
+ PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ input,
+ sizeof(input),
+ mac,
+ sizeof(mac),
+ &mac_size_real);
+ if (status != PSA_SUCCESS) {
+ printf("psa_mac_compute failed\n");
+ return EXIT_FAILURE;
+ }
+
+ printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input);
+
+ for (size_t j = 0; j < mac_size_real; j++) {
+ if (j % 8 == 0) {
+ printf("\n ");
+ }
+ printf("%02x ", mac[j]);
+ }
+
+ printf("\n");
+
+ if (safer_memcmp(mac,
+ mbedtls_test_hmac_sha256,
+ mac_size_real
+ ) != 0) {
+ printf("\nMAC verified incorrectly!\n");
+ } else {
+ printf("\nMAC verified correctly!\n");
+ }
+
+ psa_destroy_key(key_id);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Single-part MAC operation with psa_mac_verify() */
+ status = psa_mac_verify(key_id,
+ PSA_ALG_HMAC(PSA_ALG_SHA_256),
+ input,
+ sizeof(input),
+ mbedtls_test_hmac_sha256,
+ sizeof(mbedtls_test_hmac_sha256));
+ if (status != PSA_SUCCESS) {
+ printf("psa_mac_verify failed\n");
+ return EXIT_FAILURE;
+ } else {
+ printf("psa_mac_verify passed successfully\n");
+ }
+
+ psa_destroy_key(key_id);
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Multi-part MAC operation */
+ status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256));
+ if (status != PSA_SUCCESS) {
+ printf("psa_mac_sign_setup failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_mac_update(&operation, input, sizeof(input));
+ if (status != PSA_SUCCESS) {
+ printf("psa_mac_update failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real);
+ if (status != PSA_SUCCESS) {
+ printf("psa_mac_sign_finish failed\n");
+ return EXIT_FAILURE;
+ }
+
+ if (safer_memcmp(mac,
+ mbedtls_test_hmac_sha256,
+ mac_size_real
+ ) != 0) {
+ printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n");
+ } else {
+ printf("MAC, calculated with multi-part MAC operation, verified correctly!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c
new file mode 100644
index 0000000..5880c4d
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_random.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include <psa/crypto.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/entropy.h"
+
+#define BUFFER_SIZE 100
+
+int psa_random_main(void)
+{
+ psa_status_t status;
+ uint8_t output[BUFFER_SIZE] = { 0 };
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_generate_random(output, BUFFER_SIZE);
+ if (status != PSA_SUCCESS) {
+ printf("psa_generate_random failed\n");
+ return EXIT_FAILURE;
+ }
+
+ printf("Random bytes generated:\n");
+
+ for (size_t j = 0; j < BUFFER_SIZE; j++) {
+ if (j % 8 == 0) {
+ printf("\n ");
+ }
+ printf("%02x ", output[j]);
+ }
+
+ printf("\n");
+
+ mbedtls_psa_crypto_free();
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c
new file mode 100644
index 0000000..98df9e5
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform.h"
+
+#define KEY_BYTES_VALUE { \
+ 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \
+ 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \
+ 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \
+}
+
+#define PLAINTEXT_VALUE "Hello World!"
+
+/* SHA-256(plaintext) */
+#define HASH_VALUE { \
+ 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \
+ 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \
+ 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \
+}
+
+int psa_sign_verify_main(void)
+{
+ psa_status_t status;
+ psa_key_id_t key_id = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
+ size_t signature_length;
+ const uint8_t key_bytes[] = KEY_BYTES_VALUE;
+ const uint8_t plaintext[] = PLAINTEXT_VALUE;
+ const uint8_t hash[] = HASH_VALUE;
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
+
+ status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_import_key failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_sign_hash(key_id, // key handle
+ PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm
+ hash, sizeof(hash), // hash of the message
+ signature, sizeof(signature), // signature (as output)
+ &signature_length); // length of signature output
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_sign_hash failed\n");
+ return EXIT_FAILURE;
+ }
+
+ mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext);
+
+ for (size_t j = 0; j < signature_length; j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", signature[j]);
+ }
+
+ mbedtls_printf("\n");
+
+ status = psa_verify_hash(key_id, // key handle
+ PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm
+ hash, sizeof(hash), // hash of message
+ signature, signature_length); // signature
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_verify_hash failed\n");
+ return EXIT_FAILURE;
+ } else {
+ mbedtls_printf("\nSignature verification successful!\n");
+ }
+
+ psa_destroy_key(key_id);
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+}
diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c
new file mode 100644
index 0000000..4c63abf
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/client.c
@@ -0,0 +1,23 @@
+/* psasim test client */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* Includes from mbedtls */
+#include "psa/crypto.h"
+#include "util.h"
+
+int main()
+{
+ /* psa_crypto_init() connects to the server */
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ ERROR("psa_crypto_init returned %d", status);
+ return 1;
+ }
+
+ mbedtls_psa_crypto_free();
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/src/manifest.json b/tests/psa-client-server/psasim/src/manifest.json
new file mode 100644
index 0000000..e67b636
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/manifest.json
@@ -0,0 +1,29 @@
+{
+ "psa_framework_version":1.0,
+ "name":"TEST_PARTITION",
+ "type":"PSA-ROT",
+ "priority":"LOW",
+ "entry_point":"psa_server_main",
+ "stack_size":"0x400",
+ "heap_size":"0x100",
+ "services":[
+ {
+ "name":"PSA_SID_CRYPTO",
+ "sid":"0x0000F000",
+ "signal":"PSA_CRYPTO",
+ "non_secure_clients": "true",
+ "minor_version":1,
+ "minor_policy":"STRICT"
+ }
+ ],
+ "irqs": [
+ {
+ "source": "SIGINT",
+ "signal": "SIGINT_SIG"
+ },
+ {
+ "source": "SIGTSTP",
+ "signal": "SIGSTP_SIG"
+ }
+ ]
+}
diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c
new file mode 100644
index 0000000..0d6bbf3
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_ff_client.c
@@ -0,0 +1,385 @@
+/* PSA firmware framework client API */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <inttypes.h>
+#include <sys/types.h>
+#include <sys/ipc.h>
+#include <sys/msg.h>
+
+#include "client.h"
+#include "common.h"
+#include "error_ext.h"
+#include "util.h"
+
+typedef struct internal_handle {
+ int server_qid;
+ int client_qid;
+ int internal_server_qid;
+ int valid;
+} internal_handle_t;
+
+typedef struct vectors {
+ const psa_invec *in_vec;
+ size_t in_len;
+ psa_outvec *out_vec;
+ size_t out_len;
+} vectors_t;
+
+/* Note that this implementation is functional and not secure */
+int __psa_ff_client_security_state = NON_SECURE;
+
+/* Access to this global is not thread safe */
+#define MAX_HANDLES 32
+static internal_handle_t handles[MAX_HANDLES] = { { 0 } };
+
+static int get_next_free_handle()
+{
+ /* Never return handle 0 as it's a special null handle */
+ for (int i = 1; i < MAX_HANDLES; i++) {
+ if (handles[i].valid == 0) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+static int handle_is_valid(psa_handle_t handle)
+{
+ if (handle > 0 && handle < MAX_HANDLES) {
+ if (handles[handle].valid == 1) {
+ return 1;
+ }
+ }
+ ERROR("ERROR: Invalid handle");
+ return 0;
+}
+
+static int get_queue_info(char *path, int *cqid, int *sqid)
+{
+ key_t server_queue_key;
+ int rx_qid, server_qid;
+
+ INFO("Attempting to contact a RoT service queue");
+
+ if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) {
+ ERROR("msgget: rx_qid");
+ return -1;
+ }
+
+ if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) {
+ ERROR("ftok");
+ return -2;
+ }
+
+ if ((server_qid = msgget(server_queue_key, 0)) == -1) {
+ ERROR("msgget: server_qid");
+ return -3;
+ }
+
+ *cqid = rx_qid;
+ *sqid = server_qid;
+
+ return 0;
+}
+
+static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type,
+ int *internal_server_qid)
+{
+ struct message response, request;
+ psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED;
+ size_t invec_seek[4] = { 0 };
+ size_t data_size;
+ psa_status_t invec, outvec; /* TODO: Should these be size_t ? */
+
+ assert(internal_server_qid > 0);
+
+ while (1) {
+ data_size = 0;
+ invec = 0;
+ outvec = 0;
+
+ /* read response from server */
+ if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) {
+ ERROR(" msgrcv failed");
+ return ret;
+ }
+
+ /* process return message from server */
+ switch (response.message_type) {
+ case PSA_REPLY:
+ memcpy(&ret, response.message_text.buf, sizeof(psa_status_t));
+ INFO(" Message received from server: %d", ret);
+ if (type == PSA_IPC_CONNECT && ret > 0) {
+ *internal_server_qid = ret;
+ INFO(" ASSSIGNED q ID %d", *internal_server_qid);
+ ret = PSA_SUCCESS;
+ }
+ return ret;
+ break;
+ case READ_REQUEST:
+ /* read data request */
+ request.message_type = READ_RESPONSE;
+
+ assert(vecs != 0);
+
+ memcpy(&invec, response.message_text.buf, sizeof(psa_status_t));
+ memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t));
+ INFO(" Partition asked for %lu bytes from invec %d", data_size, invec);
+
+ /* need to add more checks here */
+ assert(invec >= 0 && invec < PSA_MAX_IOVEC);
+
+ if (data_size > MAX_FRAGMENT_SIZE) {
+ data_size = MAX_FRAGMENT_SIZE;
+ }
+
+ /* send response */
+ INFO(" invec_seek[invec] is %lu", invec_seek[invec]);
+ INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]);
+ memcpy(request.message_text.buf,
+ (vecs->in_vec[invec].base + invec_seek[invec]),
+ data_size);
+
+ /* update invec base TODO: check me */
+ invec_seek[invec] = invec_seek[invec] + data_size;
+
+ INFO(" Sending message of type %li", request.message_type);
+ INFO(" with content %s", request.message_text.buf);
+
+ if (msgsnd(*internal_server_qid, &request,
+ sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) {
+ ERROR("Internal error: failed to respond to read request");
+ }
+ break;
+ case WRITE_REQUEST:
+ assert(vecs != 0);
+
+ request.message_type = WRITE_RESPONSE;
+
+ memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t));
+ memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t));
+ INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec);
+
+ assert(outvec >= 0 && outvec < PSA_MAX_IOVEC);
+
+ /* copy memory into message and send back amount written */
+ size_t sofar = vecs->out_vec[outvec].len;
+ memcpy(vecs->out_vec[outvec].base + sofar,
+ response.message_text.buf+(sizeof(size_t)*2), data_size);
+ INFO(" Data size is %lu", data_size);
+ vecs->out_vec[outvec].len += data_size;
+
+ INFO(" Sending message of type %li", request.message_type);
+
+ /* send response */
+ if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) {
+ ERROR("Internal error: failed to respond to write request");
+ }
+ break;
+ case SKIP_REQUEST:
+ memcpy(&invec, response.message_text.buf, sizeof(psa_status_t));
+ memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t));
+ INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec);
+ assert(invec >= 0 && invec < PSA_MAX_IOVEC);
+ /* update invec base TODO: check me */
+ invec_seek[invec] = invec_seek[invec] + data_size;
+ break;
+
+ default:
+ FATAL(" ERROR: unknown internal message type: %ld",
+ response.message_type);
+ }
+ }
+}
+
+static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid,
+ int32_t type, uint32_t minor_version, vectors_t *vecs)
+{
+ psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED;
+ size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */
+ struct message request;
+ request.message_type = 1; /* TODO: change this */
+ request.message_text.psa_type = type;
+ vector_sizes_t vec_sizes;
+
+ /* If the client is non-secure then set the NS bit */
+ if (__psa_ff_client_security_state != 0) {
+ request.message_type |= NON_SECURE;
+ }
+
+ assert(request.message_type >= 0);
+
+ INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type);
+ INFO(" internal_server_qid = %i", *internal_server_qid);
+
+ request.message_text.qid = rx_qid;
+
+ if (type == PSA_IPC_CONNECT) {
+ memcpy(request.message_text.buf, &minor_version, sizeof(minor_version));
+ request_msg_size = request_msg_size + sizeof(minor_version);
+ INFO(" Request msg size is %lu", request_msg_size);
+ } else {
+ assert(internal_server_qid > 0);
+ }
+
+ if (vecs != NULL && type >= PSA_IPC_CALL) {
+
+ memset(&vec_sizes, 0, sizeof(vec_sizes));
+
+ /* Copy invec sizes */
+ for (size_t i = 0; i < (vecs->in_len); i++) {
+ vec_sizes.invec_sizes[i] = vecs->in_vec[i].len;
+ INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]);
+ }
+
+ /* Copy outvec sizes */
+ for (size_t i = 0; i < (vecs->out_len); i++) {
+ vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len;
+
+ /* Reset to 0 since we need to eventually fill in with bytes written */
+ vecs->out_vec[i].len = 0;
+ }
+
+ memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes));
+ request_msg_size = request_msg_size + sizeof(vec_sizes);
+ }
+
+ INFO(" Sending and then waiting");
+
+ /* send message to server */
+ if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) {
+ ERROR(" msgsnd failed");
+ return ret;
+ }
+
+ return process_response(rx_qid, vecs, type, internal_server_qid);
+}
+
+
+uint32_t psa_framework_version(void)
+{
+ return PSA_FRAMEWORK_VERSION;
+}
+
+psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version)
+{
+ int idx;
+ psa_status_t ret;
+ char pathname[PATHNAMESIZE] = { 0 };
+
+ idx = get_next_free_handle();
+
+ /* if there's a free handle available */
+ if (idx >= 0) {
+ snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid);
+ INFO("Attempting to contact RoT service at %s", pathname);
+
+ /* if communication is possible */
+ if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) {
+
+ ret = send(handles[idx].client_qid,
+ handles[idx].server_qid,
+ &handles[idx].internal_server_qid,
+ PSA_IPC_CONNECT,
+ minor_version,
+ NULL);
+
+ /* if connection accepted by RoT service */
+ if (ret >= 0) {
+ handles[idx].valid = 1;
+ return idx;
+ } else {
+ ERROR("Server didn't like you");
+ }
+ } else {
+ ERROR("Couldn't contact RoT service. Does it exist?");
+
+ if (__psa_ff_client_security_state == 0) {
+ ERROR("Invalid SID");
+ }
+ }
+ }
+
+ INFO("Couldn't obtain a free handle");
+ return PSA_ERROR_CONNECTION_REFUSED;
+}
+
+uint32_t psa_version(uint32_t sid)
+{
+ int idx;
+ psa_status_t ret;
+ char pathname[PATHNAMESIZE] = { 0 };
+
+ idx = get_next_free_handle();
+
+ if (idx >= 0) {
+ snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid);
+ if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) {
+ ret = send(handles[idx].client_qid,
+ handles[idx].server_qid,
+ &handles[idx].internal_server_qid,
+ VERSION_REQUEST,
+ 0,
+ NULL);
+ INFO("psa_version: Recieved from server %d", ret);
+ if (ret > 0) {
+ return ret;
+ }
+ }
+ }
+ ERROR("psa_version failed: does the service exist?");
+ return PSA_VERSION_NONE;
+}
+
+psa_status_t psa_call(psa_handle_t handle,
+ int32_t type,
+ const psa_invec *in_vec,
+ size_t in_len,
+ psa_outvec *out_vec,
+ size_t out_len)
+{
+ handle_is_valid(handle);
+
+ if ((in_len + out_len) > PSA_MAX_IOVEC) {
+ ERROR("Too many iovecs: %lu + %lu", in_len, out_len);
+ }
+
+ vectors_t vecs = { 0 };
+ vecs.in_vec = in_vec;
+ vecs.in_len = in_len;
+ vecs.out_vec = out_vec;
+ vecs.out_len = out_len;
+
+ return send(handles[handle].client_qid,
+ handles[handle].server_qid,
+ &handles[handle].internal_server_qid,
+ type,
+ 0,
+ &vecs);
+}
+
+void psa_close(psa_handle_t handle)
+{
+ handle_is_valid(handle);
+ if (send(handles[handle].client_qid, handles[handle].server_qid,
+ &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) {
+ ERROR("ERROR: Couldn't send disconnect msg");
+ } else {
+ if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) {
+ ERROR("ERROR: Failed to delete msg queue");
+ }
+ }
+ INFO("Closing handle %u", handle);
+ handles[handle].valid = 0;
+}
diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c
new file mode 100644
index 0000000..b106092
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_ff_server.c
@@ -0,0 +1,655 @@
+/* PSA Firmware Framework service API */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <sys/types.h>
+#include <sys/ipc.h>
+#include <sys/msg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <strings.h>
+#include <unistd.h>
+#include <time.h>
+#include <assert.h>
+
+#include "service.h"
+#include "init.h"
+#include "error_ext.h"
+#include "common.h"
+#include "util.h"
+
+#define MAX_CLIENTS 128
+#define MAX_MESSAGES 32
+
+struct connection {
+ uint32_t client;
+ void *rhandle;
+ int client_to_server_q;
+};
+
+/* Note that this implementation is functional and not secure. */
+int __psa_ff_client_security_state = NON_SECURE;
+
+static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */
+static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */
+static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */
+static int nsacl[32];
+static int strict_policy[32] = { 0 };
+static uint32_t rot_svc_versions[32];
+static int rot_svc_incoming_queue[32] = { -1 };
+static struct connection connections[MAX_CLIENTS] = { { 0 } };
+
+static uint32_t exposed_signals = 0;
+
+void print_vectors(vector_sizes_t *sizes)
+{
+ INFO("Printing iovec sizes");
+ for (int j = 0; j < PSA_MAX_IOVEC; j++) {
+ INFO("Invec %d: %lu", j, sizes->invec_sizes[j]);
+ }
+
+ for (int j = 0; j < PSA_MAX_IOVEC; j++) {
+ INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]);
+ }
+}
+
+int find_connection(uint32_t client)
+{
+ for (int i = 1; i < MAX_CLIENTS; i++) {
+ if (client == connections[i].client) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+void destroy_connection(uint32_t client)
+{
+ int idx = find_connection(client);
+ if (idx >= 0) {
+ connections[idx].client = 0;
+ connections[idx].rhandle = 0;
+ INFO("Destroying connection");
+ } else {
+ ERROR("Couldn't destroy connection for %u", client);
+ }
+}
+
+int find_free_connection()
+{
+ INFO("Allocating connection");
+ return find_connection(0);
+}
+
+static void reply(psa_handle_t msg_handle, psa_status_t status)
+{
+ pending_message[msg_handle] = 1;
+ psa_reply(msg_handle, status);
+ pending_message[msg_handle] = 0;
+}
+
+psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout)
+{
+ psa_signal_t mask;
+ struct message msg;
+ vector_sizes_t sizes;
+ struct msqid_ds qinfo;
+ uint32_t requested_version;
+ ssize_t len;
+ int idx;
+
+ if (timeout == PSA_POLL) {
+ INFO("psa_wait: Called in polling mode");
+ }
+
+ do {
+ mask = signal_mask;
+
+ /* Check the status of each queue */
+ for (int i = 0; i < 32; i++) {
+ if (mask & 0x1) {
+ if (i < 3) {
+ // do nothing (reserved)
+ } else if (i == 3) {
+ // this must be psa doorbell
+ } else {
+ /* Check if this signal corresponds to a queue */
+ if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) {
+
+ /* AFAIK there is no "peek" method in SysV, so try to get a message */
+ len = msgrcv(rot_svc_incoming_queue[i],
+ &msg,
+ sizeof(struct message_text),
+ 0,
+ IPC_NOWAIT);
+ if (len > 0) {
+
+ INFO("Storing that QID in message_client[%d]", i);
+ INFO("The message handle will be %d", i);
+
+ msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo);
+ messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */
+ message_client[i] = msg.message_text.qid;
+ idx = find_connection(msg.message_text.qid);
+
+ if (msg.message_type & NON_SECURE) {
+ /* This is a non-secure message */
+
+ /* Check if NS client is allowed for this RoT service */
+ if (nsacl[i] <= 0) {
+#if 0
+ INFO(
+ "Rejecting non-secure client due to manifest security policy");
+ reply(i, PSA_ERROR_CONNECTION_REFUSED);
+ continue; /* Skip to next signal */
+#endif
+ }
+
+ msg.message_type &= ~(NON_SECURE); /* clear */
+ messages[i].client_id = messages[i].client_id * -1;
+ }
+
+ INFO("Got a message from client ID %d", messages[i].client_id);
+ INFO("Message type is %lu", msg.message_type);
+ INFO("PSA message type is %d", msg.message_text.psa_type);
+
+ messages[i].handle = i;
+
+ switch (msg.message_text.psa_type) {
+ case PSA_IPC_CONNECT:
+
+ if (len >= 16) {
+ memcpy(&requested_version, msg.message_text.buf,
+ sizeof(requested_version));
+ INFO("Requesting version %u", requested_version);
+ INFO("Implemented version %u", rot_svc_versions[i]);
+ /* TODO: need to check whether the policy is strict,
+ * and if so, then reject the client if the number doesn't match */
+
+ if (requested_version > rot_svc_versions[i]) {
+ INFO(
+ "Rejecting client because requested version that was too high");
+ reply(i, PSA_ERROR_CONNECTION_REFUSED);
+ continue; /* Skip to next signal */
+ }
+
+ if (strict_policy[i] == 1 &&
+ (requested_version != rot_svc_versions[i])) {
+ INFO(
+ "Rejecting client because enforcing a STRICT version policy");
+ reply(i, PSA_ERROR_CONNECTION_REFUSED);
+ continue; /* Skip to next signal */
+ } else {
+ INFO("Not rejecting client");
+ }
+ }
+
+ messages[i].type = PSA_IPC_CONNECT;
+
+ if (idx < 0) {
+ idx = find_free_connection();
+ }
+
+ if (idx >= 0) {
+ connections[idx].client = msg.message_text.qid;
+ } else {
+ /* We've run out of system wide connections */
+ reply(i, PSA_ERROR_CONNECTION_BUSY);
+ ERROR("Ran out of free connections");
+ continue;
+ }
+
+ break;
+ case PSA_IPC_DISCONNECT:
+ messages[i].type = PSA_IPC_DISCONNECT;
+ break;
+ case VERSION_REQUEST:
+ INFO("Got a version request");
+ reply(i, rot_svc_versions[i]);
+ continue; /* Skip to next signal */
+ break;
+
+ default:
+
+ /* PSA CALL */
+ if (msg.message_text.psa_type >= 0) {
+ messages[i].type = msg.message_text.psa_type;
+ memcpy(&sizes, msg.message_text.buf, sizeof(sizes));
+ print_vectors(&sizes);
+ memcpy(&messages[i].in_size, &sizes.invec_sizes,
+ (sizeof(size_t) * PSA_MAX_IOVEC));
+ memcpy(&messages[i].out_size, &sizes.outvec_sizes,
+ (sizeof(size_t) * PSA_MAX_IOVEC));
+ } else {
+ FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li",
+ msg.message_type);
+ }
+ break;
+ }
+ messages[i].handle = i;
+
+ /* Check if the client has a connection */
+ if (idx >= 0) {
+ messages[i].rhandle = connections[idx].rhandle;
+ } else {
+ /* Client is begging for a programmer error */
+ reply(i, PSA_ERROR_PROGRAMMER_ERROR);
+ continue;
+ }
+
+ /* House keeping */
+ pending_message[i] = 1; /* set message as pending */
+ exposed_signals |= (0x1 << i); /* assert the signal */
+ }
+ }
+ }
+ mask = mask >> 1;
+ }
+ }
+
+ if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) {
+ break;
+ } else {
+ /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */
+ }
+ } while (timeout == PSA_BLOCK);
+
+ /* Assert signals */
+ return signal_mask & exposed_signals;
+}
+
+static int signal_to_index(psa_signal_t signal)
+{
+ int i;
+ int count = 0;
+ int ret = -1;
+
+ for (i = 0; i < 32; i++) {
+ if (signal & 0x1) {
+ ret = i;
+ count++;
+ }
+ signal = signal >> 1;
+ }
+
+ if (count > 1) {
+ ERROR("ERROR: Too many signals");
+ return -1; /* Too many signals */
+ }
+ return ret;
+}
+
+static void clear_signal(psa_signal_t signal)
+{
+ exposed_signals = exposed_signals & ~signal;
+}
+
+void raise_signal(psa_signal_t signal)
+{
+ exposed_signals |= signal;
+}
+
+psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg)
+{
+ int index = signal_to_index(signal);
+ if (index < 0) {
+ ERROR("Bad signal");
+ }
+
+ clear_signal(signal);
+
+ assert(messages[index].handle != 0);
+
+ if (pending_message[index] == 1) {
+ INFO("There is a pending message!");
+ memcpy(msg, &messages[index], sizeof(struct psa_msg_t));
+ assert(msg->handle != 0);
+ return PSA_SUCCESS;
+ } else {
+ INFO("no pending message");
+ }
+
+ return PSA_ERROR_DOES_NOT_EXIST;
+}
+
+static inline int is_valid_msg_handle(psa_handle_t h)
+{
+ if (h > 0 && h < MAX_MESSAGES) {
+ return 1;
+ }
+ ERROR("Not a valid message handle");
+ return 0;
+}
+
+static inline int is_call_msg(psa_handle_t h)
+{
+ assert(messages[h].type >= PSA_IPC_CALL);
+ return 1;
+}
+
+void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle)
+{
+ is_valid_msg_handle(msg_handle);
+ int idx = find_connection(message_client[msg_handle]);
+ INFO("Setting rhandle to %p", rhandle);
+ assert(idx >= 0);
+ connections[idx].rhandle = rhandle;
+}
+
+/* Sends a message from the server to the client. Does not wait for a response */
+static void send_msg(psa_handle_t msg_handle,
+ int ctrl_msg,
+ psa_status_t status,
+ size_t amount,
+ const void *data,
+ size_t data_amount)
+{
+ struct message response;
+ int flags = 0;
+
+ assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */
+
+ response.message_type = ctrl_msg;
+ if (ctrl_msg == PSA_REPLY) {
+ memcpy(response.message_text.buf, &status, sizeof(psa_status_t));
+ } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) {
+ memcpy(response.message_text.buf, &status, sizeof(psa_status_t));
+ memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t));
+ if (ctrl_msg == WRITE_REQUEST) {
+ /* TODO: Check if too big */
+ memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount);
+ }
+ }
+
+ /* TODO: sizeof doesn't need to be so big here for small responses */
+ if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) {
+ ERROR("Failed to reply");
+ }
+}
+
+static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes)
+{
+ if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) {
+ messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] -
+ num_bytes;
+ return num_bytes;
+ } else {
+ if (num_bytes >= messages[msg_handle].in_size[invec_idx]) {
+ size_t ret = messages[msg_handle].in_size[invec_idx];
+ messages[msg_handle].in_size[invec_idx] = 0;
+ return ret;
+ } else {
+ return num_bytes;
+ }
+ }
+}
+
+size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx,
+ void *buffer, size_t num_bytes)
+{
+ size_t sofar = 0;
+ struct message msg = { 0 };
+ int idx;
+ ssize_t len;
+
+ is_valid_msg_handle(msg_handle);
+ is_call_msg(msg_handle);
+
+ if (invec_idx >= PSA_MAX_IOVEC) {
+ ERROR("Invalid iovec number");
+ }
+
+ /* If user wants more data than what's available, truncate their request */
+ if (num_bytes > messages[msg_handle].in_size[invec_idx]) {
+ num_bytes = messages[msg_handle].in_size[invec_idx];
+ }
+
+ while (sofar < num_bytes) {
+ INFO("Server: requesting %lu bytes from client", (num_bytes - sofar));
+ send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0);
+
+ idx = find_connection(message_client[msg_handle]);
+ assert(idx >= 0);
+
+ len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0);
+ len = (len - offsetof(struct message_text, buf));
+
+ if (len < 0) {
+ FATAL("Internal error: failed to dispatch read request to the client");
+ }
+
+ if (len > (num_bytes - sofar)) {
+ if ((num_bytes - sofar) > 0) {
+ memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar));
+ }
+ } else {
+ memcpy(buffer + sofar, msg.message_text.buf, len);
+ }
+
+ INFO("Printing what i got so far: %s", msg.message_text.buf);
+
+ sofar = sofar + len;
+ }
+
+ /* Update the seek count */
+ skip(msg_handle, invec_idx, num_bytes);
+ INFO("Finished psa_read");
+ return sofar;
+}
+
+void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx,
+ const void *buffer, size_t num_bytes)
+{
+ size_t sofar = 0;
+ struct message msg = { 0 };
+ int idx;
+ ssize_t len;
+
+ is_valid_msg_handle(msg_handle);
+ is_call_msg(msg_handle);
+
+ if (outvec_idx >= PSA_MAX_IOVEC) {
+ ERROR("Invalid iovec number");
+ }
+
+ if (num_bytes > messages[msg_handle].out_size[outvec_idx]) {
+ ERROR("Program tried to write too much data %lu/%lu", num_bytes,
+ messages[msg_handle].out_size[outvec_idx]);
+ }
+
+ while (sofar < num_bytes) {
+ size_t sending = (num_bytes - sofar);
+ if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) {
+ sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2);
+ }
+
+ INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long) sofar);
+
+ send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending);
+
+ idx = find_connection(message_client[msg_handle]);
+ assert(idx >= 0);
+
+ len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0);
+ if (len < 1) {
+ FATAL("Client didn't give me a full response");
+ }
+ sofar = sofar + sending;
+ }
+
+ /* Update the seek count */
+ messages[msg_handle].out_size[outvec_idx] -= num_bytes;
+}
+
+size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes)
+{
+ is_valid_msg_handle(msg_handle);
+ is_call_msg(msg_handle);
+
+ size_t ret = skip(msg_handle, invec_idx, num_bytes);
+
+ /* notify client to skip */
+ send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0);
+ return ret;
+}
+
+static void destroy_temporary_queue(int myqid)
+{
+ if (msgctl(myqid, IPC_RMID, NULL) != 0) {
+ INFO("ERROR: Failed to delete msg queue %d", myqid);
+ }
+}
+
+static int make_temporary_queue()
+{
+ int myqid;
+ if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) {
+ INFO("msgget: myqid");
+ return -1;
+ }
+ return myqid;
+}
+
+/**
+ * Assumes msg_handle is the index into the message array
+ */
+void psa_reply(psa_handle_t msg_handle, psa_status_t status)
+{
+ int idx, q;
+ is_valid_msg_handle(msg_handle);
+
+ if (pending_message[msg_handle] != 1) {
+ ERROR("Not a valid message handle");
+ }
+
+ if (messages[msg_handle].type == PSA_IPC_CONNECT) {
+ switch (status) {
+ case PSA_SUCCESS:
+ idx = find_connection(message_client[msg_handle]);
+ q = make_temporary_queue();
+ if (q > 0 && idx >= 0) {
+ connections[idx].client_to_server_q = q;
+ status = q;
+ } else {
+ FATAL("What happened?");
+ }
+ break;
+ case PSA_ERROR_CONNECTION_REFUSED:
+ destroy_connection(message_client[msg_handle]);
+ break;
+ case PSA_ERROR_CONNECTION_BUSY:
+ destroy_connection(message_client[msg_handle]);
+ break;
+ case PSA_ERROR_PROGRAMMER_ERROR:
+ destroy_connection(message_client[msg_handle]);
+ break;
+ default:
+ ERROR("Not a valid reply %d", status);
+ }
+ } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) {
+ idx = find_connection(message_client[msg_handle]);
+ if (idx >= 0) {
+ destroy_temporary_queue(connections[idx].client_to_server_q);
+ }
+ destroy_connection(message_client[msg_handle]);
+ }
+
+ send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0);
+
+ pending_message[msg_handle] = 0;
+ message_client[msg_handle] = 0;
+}
+
+/* TODO: make sure you only clear interrupt signals, and not others */
+void psa_eoi(psa_signal_t signal)
+{
+ int index = signal_to_index(signal);
+ if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) {
+ clear_signal(signal);
+ } else {
+ ERROR("Tried to EOI a signal that isn't an interrupt");
+ }
+}
+
+void psa_notify(int32_t partition_id)
+{
+ char pathname[PATHNAMESIZE] = { 0 };
+
+ if (partition_id < 0) {
+ ERROR("Not a valid secure partition");
+ }
+
+ snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id);
+ INFO("psa_notify: notifying partition %u using %s",
+ partition_id, pathname);
+ INFO("psa_notify is unimplemented");
+}
+
+void psa_clear(void)
+{
+ clear_signal(PSA_DOORBELL);
+}
+
+void __init_psasim(const char **array,
+ int size,
+ const int allow_ns_clients_array[32],
+ const uint32_t versions[32],
+ const int strict_policy_array[32])
+{
+ static uint8_t library_initialised = 0;
+ key_t key;
+ int qid;
+ FILE *fp;
+ char doorbell_path[PATHNAMESIZE] = { 0 };
+ char queue_path[PATHNAMESIZE];
+ snprintf(doorbell_path, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_notify_%u", getpid());
+
+ if (library_initialised > 0) {
+ return;
+ } else {
+ library_initialised = 1;
+ }
+
+ if (size != 32) {
+ FATAL("Unsupported value. Aborting.");
+ }
+
+ array[3] = doorbell_path;
+
+ for (int i = 0; i < 32; i++) {
+ if (strncmp(array[i], "", 1) != 0) {
+ INFO("Setting up %s", array[i]);
+ memset(queue_path, 0, sizeof(queue_path));
+ snprintf(queue_path, sizeof(queue_path), "%s%s", TMP_FILE_BASE_PATH, array[i]);
+
+ /* Create file if doesn't exist */
+ fp = fopen(queue_path, "ab+");
+ if (fp) {
+ fclose(fp);
+ }
+
+ if ((key = ftok(queue_path, PROJECT_ID)) == -1) {
+ FATAL("Error finding message queue during initialisation");
+ }
+
+ /* TODO: Investigate. Permissions are likely to be too relaxed */
+ if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) {
+ FATAL("Error opening message queue during initialisation");
+ } else {
+ rot_svc_incoming_queue[i] = qid;
+ }
+ }
+ }
+
+ memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32);
+ memcpy(strict_policy, strict_policy_array, sizeof(int) * 32);
+ memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32);
+ memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS);
+
+ __psa_ff_client_security_state = 0; /* Set the client status to SECURE */
+}
diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h
new file mode 100644
index 0000000..bc1b844
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h
@@ -0,0 +1,93 @@
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef _PSA_FUNCTIONS_CODES_H_
+#define _PSA_FUNCTIONS_CODES_H_
+
+enum {
+ /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT
+ * and VERSION_REQUEST */
+ PSA_CRYPTO_INIT = 100,
+ PSA_AEAD_ABORT,
+ PSA_AEAD_DECRYPT,
+ PSA_AEAD_DECRYPT_SETUP,
+ PSA_AEAD_ENCRYPT,
+ PSA_AEAD_ENCRYPT_SETUP,
+ PSA_AEAD_FINISH,
+ PSA_AEAD_GENERATE_NONCE,
+ PSA_AEAD_SET_LENGTHS,
+ PSA_AEAD_SET_NONCE,
+ PSA_AEAD_UPDATE,
+ PSA_AEAD_UPDATE_AD,
+ PSA_AEAD_VERIFY,
+ PSA_ASYMMETRIC_DECRYPT,
+ PSA_ASYMMETRIC_ENCRYPT,
+ PSA_CIPHER_ABORT,
+ PSA_CIPHER_DECRYPT,
+ PSA_CIPHER_DECRYPT_SETUP,
+ PSA_CIPHER_ENCRYPT,
+ PSA_CIPHER_ENCRYPT_SETUP,
+ PSA_CIPHER_FINISH,
+ PSA_CIPHER_GENERATE_IV,
+ PSA_CIPHER_SET_IV,
+ PSA_CIPHER_UPDATE,
+ PSA_COPY_KEY,
+ PSA_DESTROY_KEY,
+ PSA_EXPORT_KEY,
+ PSA_EXPORT_PUBLIC_KEY,
+ PSA_GENERATE_KEY,
+ PSA_GENERATE_KEY_EXT,
+ PSA_GENERATE_RANDOM,
+ PSA_GET_KEY_ATTRIBUTES,
+ PSA_HASH_ABORT,
+ PSA_HASH_CLONE,
+ PSA_HASH_COMPARE,
+ PSA_HASH_COMPUTE,
+ PSA_HASH_FINISH,
+ PSA_HASH_SETUP,
+ PSA_HASH_UPDATE,
+ PSA_HASH_VERIFY,
+ PSA_IMPORT_KEY,
+ PSA_INTERRUPTIBLE_GET_MAX_OPS,
+ PSA_INTERRUPTIBLE_SET_MAX_OPS,
+ PSA_KEY_DERIVATION_ABORT,
+ PSA_KEY_DERIVATION_GET_CAPACITY,
+ PSA_KEY_DERIVATION_INPUT_BYTES,
+ PSA_KEY_DERIVATION_INPUT_INTEGER,
+ PSA_KEY_DERIVATION_INPUT_KEY,
+ PSA_KEY_DERIVATION_KEY_AGREEMENT,
+ PSA_KEY_DERIVATION_OUTPUT_BYTES,
+ PSA_KEY_DERIVATION_OUTPUT_KEY,
+ PSA_KEY_DERIVATION_OUTPUT_KEY_EXT,
+ PSA_KEY_DERIVATION_SET_CAPACITY,
+ PSA_KEY_DERIVATION_SETUP,
+ PSA_MAC_ABORT,
+ PSA_MAC_COMPUTE,
+ PSA_MAC_SIGN_FINISH,
+ PSA_MAC_SIGN_SETUP,
+ PSA_MAC_UPDATE,
+ PSA_MAC_VERIFY,
+ PSA_MAC_VERIFY_FINISH,
+ PSA_MAC_VERIFY_SETUP,
+ PSA_PURGE_KEY,
+ PSA_RAW_KEY_AGREEMENT,
+ PSA_RESET_KEY_ATTRIBUTES,
+ PSA_SIGN_HASH,
+ PSA_SIGN_HASH_ABORT,
+ PSA_SIGN_HASH_COMPLETE,
+ PSA_SIGN_HASH_GET_NUM_OPS,
+ PSA_SIGN_HASH_START,
+ PSA_SIGN_MESSAGE,
+ PSA_VERIFY_HASH,
+ PSA_VERIFY_HASH_ABORT,
+ PSA_VERIFY_HASH_COMPLETE,
+ PSA_VERIFY_HASH_GET_NUM_OPS,
+ PSA_VERIFY_HASH_START,
+ PSA_VERIFY_MESSAGE,
+};
+
+#endif /* _PSA_FUNCTIONS_CODES_H_ */
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
new file mode 100644
index 0000000..4200f6c
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -0,0 +1,6778 @@
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
+
+/* client calls */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+
+/* Includes from psasim */
+#include <client.h>
+#include <util.h>
+#include "psa_manifest/sid.h"
+#include "psa_functions_codes.h"
+#include "psa_sim_serialise.h"
+
+/* Includes from mbedtls */
+#include "mbedtls/version.h"
+#include "psa/crypto.h"
+
+#define CLIENT_PRINT(fmt, ...) \
+ INFO("Client: " fmt, ##__VA_ARGS__)
+
+static psa_handle_t handle = -1;
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build"
+#endif
+
+int psa_crypto_call(int function,
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ // psa_outvec outvecs[1];
+ if (handle < 0) {
+ fprintf(stderr, "NOT CONNECTED\n");
+ exit(1);
+ }
+
+ psa_invec invec;
+ invec.base = in_params;
+ invec.len = in_params_len;
+
+ size_t max_receive = 24576;
+ uint8_t *receive = malloc(max_receive);
+ if (receive == NULL) {
+ fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive);
+ exit(1);
+ }
+
+ size_t actual_received = 0;
+
+ psa_outvec outvecs[2];
+ outvecs[0].base = &actual_received;
+ outvecs[0].len = sizeof(actual_received);
+ outvecs[1].base = receive;
+ outvecs[1].len = max_receive;
+
+ psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2);
+ if (status != PSA_SUCCESS) {
+ free(receive);
+ return 0;
+ }
+
+ *out_params = receive;
+ *out_params_len = actual_received;
+
+ return 1; // success
+}
+
+psa_status_t psa_crypto_init(void)
+{
+ char mbedtls_version[18];
+ uint8_t *result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_version_get_string_full(mbedtls_version);
+ CLIENT_PRINT("%s", mbedtls_version);
+
+ CLIENT_PRINT("My PID: %d", getpid());
+
+ CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID));
+ handle = psa_connect(PSA_SID_CRYPTO_SID, 1);
+
+ if (handle < 0) {
+ CLIENT_PRINT("Couldn't connect %d", handle);
+ return PSA_ERROR_COMMUNICATION_FAILURE;
+ }
+
+ int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length);
+ CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok);
+
+ if (!ok) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(result);
+
+ return status;
+}
+
+void mbedtls_psa_crypto_free(void)
+{
+ /* Do not try to close a connection that was never started.*/
+ if (handle == -1) {
+ return;
+ }
+
+ CLIENT_PRINT("Closing handle");
+ psa_close(handle);
+ handle = -1;
+}
+
+
+psa_status_t psa_aead_abort(
+ psa_aead_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_decrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *ciphertext, size_t ciphertext_length,
+ uint8_t *plaintext, size_t plaintext_size,
+ size_t *plaintext_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(nonce, nonce_length) +
+ psasim_serialise_buffer_needs(additional_data, additional_data_length) +
+ psasim_serialise_buffer_needs(ciphertext, ciphertext_length) +
+ psasim_serialise_buffer_needs(plaintext, plaintext_size) +
+ psasim_serialise_size_t_needs(*plaintext_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ nonce, nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ additional_data, additional_data_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ ciphertext, ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_DECRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_DECRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_decrypt_setup(
+ psa_aead_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_DECRYPT_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_encrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *nonce, size_t nonce_length,
+ const uint8_t *additional_data, size_t additional_data_length,
+ const uint8_t *plaintext, size_t plaintext_length,
+ uint8_t *ciphertext, size_t ciphertext_size,
+ size_t *ciphertext_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(nonce, nonce_length) +
+ psasim_serialise_buffer_needs(additional_data, additional_data_length) +
+ psasim_serialise_buffer_needs(plaintext, plaintext_length) +
+ psasim_serialise_buffer_needs(ciphertext, ciphertext_size) +
+ psasim_serialise_size_t_needs(*ciphertext_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ nonce, nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ additional_data, additional_data_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ plaintext, plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_ENCRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_ENCRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_encrypt_setup(
+ psa_aead_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_finish(
+ psa_aead_operation_t *operation,
+ uint8_t *ciphertext, size_t ciphertext_size,
+ size_t *ciphertext_length,
+ uint8_t *tag, size_t tag_size,
+ size_t *tag_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(ciphertext, ciphertext_size) +
+ psasim_serialise_size_t_needs(*ciphertext_length) +
+ psasim_serialise_buffer_needs(tag, tag_size) +
+ psasim_serialise_size_t_needs(*tag_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ tag, tag_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_FINISH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_FINISH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ tag, tag_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_generate_nonce(
+ psa_aead_operation_t *operation,
+ uint8_t *nonce, size_t nonce_size,
+ size_t *nonce_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(nonce, nonce_size) +
+ psasim_serialise_size_t_needs(*nonce_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ nonce, nonce_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_GENERATE_NONCE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ nonce, nonce_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_set_lengths(
+ psa_aead_operation_t *operation,
+ size_t ad_length,
+ size_t plaintext_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_size_t_needs(ad_length) +
+ psasim_serialise_size_t_needs(plaintext_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ ad_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_SET_LENGTHS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_set_nonce(
+ psa_aead_operation_t *operation,
+ const uint8_t *nonce, size_t nonce_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(nonce, nonce_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ nonce, nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_SET_NONCE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_SET_NONCE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_update(
+ psa_aead_operation_t *operation,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_UPDATE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_UPDATE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_update_ad(
+ psa_aead_operation_t *operation,
+ const uint8_t *input, size_t input_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(input, input_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_UPDATE_AD,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_UPDATE_AD server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_aead_verify(
+ psa_aead_operation_t *operation,
+ uint8_t *plaintext, size_t plaintext_size,
+ size_t *plaintext_length,
+ const uint8_t *tag, size_t tag_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_aead_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(plaintext, plaintext_size) +
+ psasim_serialise_size_t_needs(*plaintext_length) +
+ psasim_serialise_buffer_needs(tag, tag_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_aead_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ tag, tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_AEAD_VERIFY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_AEAD_VERIFY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_asymmetric_decrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(salt, salt_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ salt, salt_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_ASYMMETRIC_DECRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_ASYMMETRIC_DECRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_asymmetric_encrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *salt, size_t salt_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(salt, salt_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ salt, salt_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_ASYMMETRIC_ENCRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_ASYMMETRIC_ENCRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_abort(
+ psa_cipher_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_decrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_DECRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_DECRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_decrypt_setup(
+ psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_encrypt(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_ENCRYPT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_ENCRYPT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_encrypt_setup(
+ psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_finish(
+ psa_cipher_operation_t *operation,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_FINISH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_FINISH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_generate_iv(
+ psa_cipher_operation_t *operation,
+ uint8_t *iv, size_t iv_size,
+ size_t *iv_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(iv, iv_size) +
+ psasim_serialise_size_t_needs(*iv_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ iv, iv_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_GENERATE_IV server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ iv, iv_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_set_iv(
+ psa_cipher_operation_t *operation,
+ const uint8_t *iv, size_t iv_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(iv, iv_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ iv, iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_SET_IV,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_SET_IV server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_cipher_update(
+ psa_cipher_operation_t *operation,
+ const uint8_t *input, size_t input_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_cipher_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_CIPHER_UPDATE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_CIPHER_UPDATE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_copy_key(
+ mbedtls_svc_key_id_t source_key,
+ const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *target_key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ source_key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *target_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_COPY_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_COPY_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ target_key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_destroy_key(
+ mbedtls_svc_key_id_t key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_DESTROY_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_DESTROY_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_export_key(
+ mbedtls_svc_key_id_t key,
+ uint8_t *data, size_t data_size,
+ size_t *data_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_buffer_needs(data, data_size) +
+ psasim_serialise_size_t_needs(*data_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_EXPORT_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_EXPORT_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_export_public_key(
+ mbedtls_svc_key_id_t key,
+ uint8_t *data, size_t data_size,
+ size_t *data_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_buffer_needs(data, data_size) +
+ psasim_serialise_size_t_needs(*data_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_EXPORT_PUBLIC_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_generate_key(
+ const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_generate_key_ext(
+ const psa_key_attributes_t *attributes,
+ const psa_key_production_parameters_t *params, size_t params_data_length,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_production_parameters_t(
+ &pos, &remaining,
+ params, params_data_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY_EXT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY_EXT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_generate_random(
+ uint8_t *output, size_t output_size
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_buffer_needs(output, output_size);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_RANDOM,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_RANDOM server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_get_key_attributes(
+ mbedtls_svc_key_id_t key,
+ psa_key_attributes_t *attributes
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GET_KEY_ATTRIBUTES server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &rpos, &rremain,
+ attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_abort(
+ psa_hash_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_clone(
+ const psa_hash_operation_t *source_operation,
+ psa_hash_operation_t *target_operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*source_operation) +
+ psasim_serialise_psa_hash_operation_t_needs(*target_operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *source_operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *target_operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_CLONE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_CLONE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ target_operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_compare(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *hash, size_t hash_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(hash, hash_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_COMPARE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_COMPARE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size,
+ size_t *hash_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(hash, hash_size) +
+ psasim_serialise_size_t_needs(*hash_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_COMPUTE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_COMPUTE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_finish(
+ psa_hash_operation_t *operation,
+ uint8_t *hash, size_t hash_size,
+ size_t *hash_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(hash, hash_size) +
+ psasim_serialise_size_t_needs(*hash_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_FINISH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_FINISH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_setup(
+ psa_hash_operation_t *operation,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*operation) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_update(
+ psa_hash_operation_t *operation,
+ const uint8_t *input, size_t input_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(input, input_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_UPDATE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_UPDATE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_hash_verify(
+ psa_hash_operation_t *operation,
+ const uint8_t *hash, size_t hash_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_hash_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(hash, hash_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_hash_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_HASH_VERIFY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_HASH_VERIFY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data, size_t data_length,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_buffer_needs(data, data_length) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ data, data_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_IMPORT_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_IMPORT_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+uint32_t psa_interruptible_get_max_ops(
+ void
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ uint32_t value = 0;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ 0;
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ value = 0;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_INTERRUPTIBLE_GET_MAX_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_INTERRUPTIBLE_GET_MAX_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &rpos, &rremain,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return value;
+}
+
+
+void psa_interruptible_set_max_ops(
+ uint32_t max_ops
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(max_ops);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_uint32_t(
+ &pos, &remaining,
+ max_ops);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_INTERRUPTIBLE_SET_MAX_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_INTERRUPTIBLE_SET_MAX_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+}
+
+
+psa_status_t psa_key_derivation_abort(
+ psa_key_derivation_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_get_capacity(
+ const psa_key_derivation_operation_t *operation,
+ size_t *capacity
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_size_t_needs(*capacity);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_GET_CAPACITY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_GET_CAPACITY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_input_bytes(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ const uint8_t *data, size_t data_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_key_derivation_step_t_needs(step) +
+ psasim_serialise_buffer_needs(data, data_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ step);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ data, data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_BYTES,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_INPUT_BYTES server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_input_integer(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ uint64_t value
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_key_derivation_step_t_needs(step) +
+ psasim_serialise_uint64_t_needs(value);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ step);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_uint64_t(
+ &pos, &remaining,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_INTEGER,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_INPUT_INTEGER server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_input_key(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ mbedtls_svc_key_id_t key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_key_derivation_step_t_needs(step) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ step);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_INPUT_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_key_agreement(
+ psa_key_derivation_operation_t *operation,
+ psa_key_derivation_step_t step,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key, size_t peer_key_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_key_derivation_step_t_needs(step) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) +
+ psasim_serialise_buffer_needs(peer_key, peer_key_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ step);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ private_key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ peer_key, peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_KEY_AGREEMENT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_KEY_AGREEMENT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_output_bytes(
+ psa_key_derivation_operation_t *operation,
+ uint8_t *output, size_t output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(output, output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_BYTES,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_OUTPUT_BYTES server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_output_key(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_OUTPUT_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_output_key_ext(
+ const psa_key_attributes_t *attributes,
+ psa_key_derivation_operation_t *operation,
+ const psa_key_production_parameters_t *params, size_t params_data_length,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_production_parameters_t(
+ &pos, &remaining,
+ params, params_data_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_EXT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_OUTPUT_KEY_EXT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_set_capacity(
+ psa_key_derivation_operation_t *operation,
+ size_t capacity
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_size_t_needs(capacity);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_SET_CAPACITY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_SET_CAPACITY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_derivation_setup(
+ psa_key_derivation_operation_t *operation,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_derivation_operation_t_needs(*operation) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_DERIVATION_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_DERIVATION_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_abort(
+ psa_mac_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_compute(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *mac, size_t mac_size,
+ size_t *mac_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(mac, mac_size) +
+ psasim_serialise_size_t_needs(*mac_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_COMPUTE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_COMPUTE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_sign_finish(
+ psa_mac_operation_t *operation,
+ uint8_t *mac, size_t mac_size,
+ size_t *mac_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(mac, mac_size) +
+ psasim_serialise_size_t_needs(*mac_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_SIGN_FINISH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_SIGN_FINISH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_sign_setup(
+ psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_SIGN_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_SIGN_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_update(
+ psa_mac_operation_t *operation,
+ const uint8_t *input, size_t input_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(input, input_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_UPDATE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_UPDATE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_verify(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *mac, size_t mac_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(mac, mac_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ mac, mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_VERIFY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_VERIFY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_verify_finish(
+ psa_mac_operation_t *operation,
+ const uint8_t *mac, size_t mac_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(mac, mac_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ mac, mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_VERIFY_FINISH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_mac_verify_setup(
+ psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_mac_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_mac_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_MAC_VERIFY_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_purge_key(
+ mbedtls_svc_key_id_t key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_PURGE_KEY,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_PURGE_KEY server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_raw_key_agreement(
+ psa_algorithm_t alg,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key, size_t peer_key_length,
+ uint8_t *output, size_t output_size,
+ size_t *output_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) +
+ psasim_serialise_buffer_needs(peer_key, peer_key_length) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(*output_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ private_key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ peer_key, peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_RAW_KEY_AGREEMENT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_RAW_KEY_AGREEMENT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+void psa_reset_key_attributes(
+ psa_key_attributes_t *attributes
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_RESET_KEY_ATTRIBUTES,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_RESET_KEY_ATTRIBUTES server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &rpos, &rremain,
+ attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+}
+
+
+psa_status_t psa_sign_hash(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ uint8_t *signature, size_t signature_size,
+ size_t *signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(hash, hash_length) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(*signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_HASH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_HASH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_sign_hash_abort(
+ psa_sign_hash_interruptible_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_HASH_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_HASH_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_sign_hash_complete(
+ psa_sign_hash_interruptible_operation_t *operation,
+ uint8_t *signature, size_t signature_size,
+ size_t *signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(*signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_HASH_COMPLETE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_HASH_COMPLETE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+uint32_t psa_sign_hash_get_num_ops(
+ const psa_sign_hash_interruptible_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ uint32_t value = 0;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ value = 0;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_HASH_GET_NUM_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_HASH_GET_NUM_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &rpos, &rremain,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return value;
+}
+
+
+psa_status_t psa_sign_hash_start(
+ psa_sign_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(hash, hash_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_HASH_START,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_HASH_START server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_sign_message(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *signature, size_t signature_size,
+ size_t *signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(*signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_size_t(
+ &pos, &remaining,
+ *signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_SIGN_MESSAGE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_SIGN_MESSAGE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_verify_hash(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(hash, hash_length) +
+ psasim_serialise_buffer_needs(signature, signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_HASH,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_HASH server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_verify_hash_abort(
+ psa_verify_hash_interruptible_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_HASH_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_HASH_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_verify_hash_complete(
+ psa_verify_hash_interruptible_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_HASH_COMPLETE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_HASH_COMPLETE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+uint32_t psa_verify_hash_get_num_ops(
+ const psa_verify_hash_interruptible_operation_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ uint32_t value = 0;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ value = 0;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_HASH_GET_NUM_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_HASH_GET_NUM_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &rpos, &rremain,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return value;
+}
+
+
+psa_status_t psa_verify_hash_start(
+ psa_verify_hash_interruptible_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash, size_t hash_length,
+ const uint8_t *signature, size_t signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(hash, hash_length) +
+ psasim_serialise_buffer_needs(signature, signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ hash, hash_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_HASH_START,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_HASH_START server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_verify_message(
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ const uint8_t *signature, size_t signature_length
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_buffer_needs(input, input_length) +
+ psasim_serialise_buffer_needs(signature, signature_length);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ input, input_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ signature, signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_VERIFY_MESSAGE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_VERIFY_MESSAGE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
new file mode 100644
index 0000000..cab32c4
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
@@ -0,0 +1,7933 @@
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
+
+/* server implementations */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <psa/crypto.h>
+
+#include "psa_functions_codes.h"
+#include "psa_sim_serialise.h"
+
+#include "service.h"
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build"
+#endif
+
+// Returns 1 for success, 0 for failure
+int psa_crypto_init_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ uint8_t *result = NULL;
+ int ok;
+
+ // Now we call the actual target function
+
+ status = psa_crypto_init(
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_decrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *nonce = NULL;
+ size_t nonce_length;
+ uint8_t *additional_data = NULL;
+ size_t additional_data_length;
+ uint8_t *ciphertext = NULL;
+ size_t ciphertext_length;
+ uint8_t *plaintext = NULL;
+ size_t plaintext_size;
+ size_t plaintext_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &nonce, &nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &additional_data, &additional_data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &ciphertext, &ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &plaintext, &plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_decrypt(
+ key,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ ciphertext, ciphertext_length,
+ plaintext, plaintext_size,
+ &plaintext_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(plaintext, plaintext_size) +
+ psasim_serialise_size_t_needs(plaintext_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(nonce);
+ free(additional_data);
+ free(ciphertext);
+ free(plaintext);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(nonce);
+ free(additional_data);
+ free(ciphertext);
+ free(plaintext);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_decrypt_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_decrypt_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_encrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *nonce = NULL;
+ size_t nonce_length;
+ uint8_t *additional_data = NULL;
+ size_t additional_data_length;
+ uint8_t *plaintext = NULL;
+ size_t plaintext_length;
+ uint8_t *ciphertext = NULL;
+ size_t ciphertext_size;
+ size_t ciphertext_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &nonce, &nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &additional_data, &additional_data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &plaintext, &plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &ciphertext, &ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_encrypt(
+ key,
+ alg,
+ nonce, nonce_length,
+ additional_data, additional_data_length,
+ plaintext, plaintext_length,
+ ciphertext, ciphertext_size,
+ &ciphertext_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(ciphertext, ciphertext_size) +
+ psasim_serialise_size_t_needs(ciphertext_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(nonce);
+ free(additional_data);
+ free(plaintext);
+ free(ciphertext);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(nonce);
+ free(additional_data);
+ free(plaintext);
+ free(ciphertext);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_encrypt_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_encrypt_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_finish_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *ciphertext = NULL;
+ size_t ciphertext_size;
+ size_t ciphertext_length;
+ uint8_t *tag = NULL;
+ size_t tag_size;
+ size_t tag_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &ciphertext, &ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &tag, &tag_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_finish(
+ operation,
+ ciphertext, ciphertext_size,
+ &ciphertext_length,
+ tag, tag_size,
+ &tag_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(ciphertext, ciphertext_size) +
+ psasim_serialise_size_t_needs(ciphertext_length) +
+ psasim_serialise_buffer_needs(tag, tag_size) +
+ psasim_serialise_size_t_needs(tag_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ ciphertext, ciphertext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ ciphertext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ tag, tag_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(ciphertext);
+ free(tag);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(ciphertext);
+ free(tag);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_generate_nonce_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *nonce = NULL;
+ size_t nonce_size;
+ size_t nonce_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &nonce, &nonce_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_generate_nonce(
+ operation,
+ nonce, nonce_size,
+ &nonce_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(nonce, nonce_size) +
+ psasim_serialise_size_t_needs(nonce_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ nonce, nonce_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(nonce);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(nonce);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_set_lengths_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ size_t ad_length;
+ size_t plaintext_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &ad_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_set_lengths(
+ operation,
+ ad_length,
+ plaintext_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_set_nonce_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *nonce = NULL;
+ size_t nonce_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &nonce, &nonce_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_set_nonce(
+ operation,
+ nonce, nonce_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(nonce);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(nonce);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_update_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_update(
+ operation,
+ input, input_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_update_ad_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *input = NULL;
+ size_t input_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_update_ad(
+ operation,
+ input, input_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_aead_verify_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_aead_operation_t *operation;
+ uint8_t *plaintext = NULL;
+ size_t plaintext_size;
+ size_t plaintext_length;
+ uint8_t *tag = NULL;
+ size_t tag_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_aead_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &plaintext, &plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &tag, &tag_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_aead_verify(
+ operation,
+ plaintext, plaintext_size,
+ &plaintext_length,
+ tag, tag_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_aead_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(plaintext, plaintext_size) +
+ psasim_serialise_size_t_needs(plaintext_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_aead_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ plaintext, plaintext_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ plaintext_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(plaintext);
+ free(tag);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(plaintext);
+ free(tag);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_asymmetric_decrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *salt = NULL;
+ size_t salt_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &salt, &salt_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_asymmetric_decrypt(
+ key,
+ alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(salt);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(salt);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_asymmetric_encrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *salt = NULL;
+ size_t salt_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &salt, &salt_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_asymmetric_encrypt(
+ key,
+ alg,
+ input, input_length,
+ salt, salt_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(salt);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(salt);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_decrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_decrypt(
+ key,
+ alg,
+ input, input_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_decrypt_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_decrypt_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_encrypt_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_encrypt(
+ key,
+ alg,
+ input, input_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_encrypt_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_encrypt_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_finish_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_finish(
+ operation,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_generate_iv_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ uint8_t *iv = NULL;
+ size_t iv_size;
+ size_t iv_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &iv, &iv_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_generate_iv(
+ operation,
+ iv, iv_size,
+ &iv_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(iv, iv_size) +
+ psasim_serialise_size_t_needs(iv_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ iv, iv_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(iv);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(iv);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_set_iv_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ uint8_t *iv = NULL;
+ size_t iv_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &iv, &iv_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_set_iv(
+ operation,
+ iv, iv_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(iv);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(iv);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_cipher_update_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_cipher_operation_t *operation;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_cipher_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_cipher_update(
+ operation,
+ input, input_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_cipher_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_cipher_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_copy_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t source_key;
+ psa_key_attributes_t attributes;
+ mbedtls_svc_key_id_t target_key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &source_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &target_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_copy_key(
+ source_key,
+ &attributes,
+ &target_key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(target_key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ target_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_destroy_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_destroy_key(
+ key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_export_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ uint8_t *data = NULL;
+ size_t data_size;
+ size_t data_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &data, &data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_export_key(
+ key,
+ data, data_size,
+ &data_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(data, data_size) +
+ psasim_serialise_size_t_needs(data_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(data);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(data);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_export_public_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ uint8_t *data = NULL;
+ size_t data_size;
+ size_t data_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &data, &data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_export_public_key(
+ key,
+ data, data_size,
+ &data_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(data, data_size) +
+ psasim_serialise_size_t_needs(data_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ data, data_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(data);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(data);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_key(
+ &attributes,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_key_ext_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
+ psa_key_production_parameters_t *params = NULL;
+ size_t params_data_length;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_production_parameters_t(
+ &pos, &remaining,
+ ¶ms, ¶ms_data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_key_ext(
+ &attributes,
+ params, params_data_length,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(params);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(params);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_random_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ uint8_t *output = NULL;
+ size_t output_size;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_random(
+ output, output_size
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_get_key_attributes_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_key_attributes_t attributes;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_get_key_attributes(
+ key,
+ &attributes
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_key_attributes_t_needs(attributes);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_attributes_t(
+ &rpos, &rremain,
+ attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_clone_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *source_operation;
+ psa_hash_operation_t *target_operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &source_operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &target_operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_clone(
+ source_operation,
+ target_operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(target_operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ target_operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_compare_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_compare(
+ alg,
+ input, input_length,
+ hash, hash_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(hash);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(hash);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_compute_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *hash = NULL;
+ size_t hash_size;
+ size_t hash_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_compute(
+ alg,
+ input, input_length,
+ hash, hash_size,
+ &hash_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(hash, hash_size) +
+ psasim_serialise_size_t_needs(hash_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(hash);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(hash);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_finish_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *operation;
+ uint8_t *hash = NULL;
+ size_t hash_size;
+ size_t hash_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_finish(
+ operation,
+ hash, hash_size,
+ &hash_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(hash, hash_size) +
+ psasim_serialise_size_t_needs(hash_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ hash, hash_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *operation;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_setup(
+ operation,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_update_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *operation;
+ uint8_t *input = NULL;
+ size_t input_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_update(
+ operation,
+ input, input_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_hash_verify_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_hash_operation_t *operation;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_hash_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_hash_verify(
+ operation,
+ hash, hash_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_hash_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_hash_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_import_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
+ uint8_t *data = NULL;
+ size_t data_length;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &data, &data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_import_key(
+ &attributes,
+ data, data_length,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(data);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(data);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_interruptible_get_max_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t value = 0;
+
+ uint8_t *result = NULL;
+ int ok;
+
+ // Now we call the actual target function
+
+ value = psa_interruptible_get_max_ops(
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(value);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_uint32_t(
+ &rpos, &rremain,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_interruptible_set_max_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t max_ops;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &pos, &remaining,
+ &max_ops);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ psa_interruptible_set_max_ops(
+ max_ops
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs();
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_get_capacity_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ size_t capacity;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_get_capacity(
+ operation,
+ &capacity
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_size_t_needs(capacity);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_input_bytes_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ psa_key_derivation_step_t step;
+ uint8_t *data = NULL;
+ size_t data_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ &step);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &data, &data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_input_bytes(
+ operation,
+ step,
+ data, data_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(data);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(data);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_input_integer_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ psa_key_derivation_step_t step;
+ uint64_t value;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ &step);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint64_t(
+ &pos, &remaining,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_input_integer(
+ operation,
+ step,
+ value
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_input_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ psa_key_derivation_step_t step;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ &step);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_input_key(
+ operation,
+ step,
+ key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_key_agreement_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ psa_key_derivation_step_t step;
+ mbedtls_svc_key_id_t private_key;
+ uint8_t *peer_key = NULL;
+ size_t peer_key_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_derivation_step_t(
+ &pos, &remaining,
+ &step);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &private_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &peer_key, &peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_key_agreement(
+ operation,
+ step,
+ private_key,
+ peer_key, peer_key_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(peer_key);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(peer_key);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_output_bytes_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ uint8_t *output = NULL;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_output_bytes(
+ operation,
+ output, output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(output, output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_output_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
+ psa_key_derivation_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_output_key(
+ &attributes,
+ operation,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_output_key_ext_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
+ psa_key_derivation_operation_t *operation;
+ psa_key_production_parameters_t *params = NULL;
+ size_t params_data_length;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_production_parameters_t(
+ &pos, &remaining,
+ ¶ms, ¶ms_data_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_output_key_ext(
+ &attributes,
+ operation,
+ params, params_data_length,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(params);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(params);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_set_capacity_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ size_t capacity;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &capacity);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_set_capacity(
+ operation,
+ capacity
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_derivation_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_derivation_operation_t *operation;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_key_derivation_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_derivation_setup(
+ operation,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_key_derivation_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_key_derivation_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_compute_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *mac = NULL;
+ size_t mac_size;
+ size_t mac_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &mac, &mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_compute(
+ key,
+ alg,
+ input, input_length,
+ mac, mac_size,
+ &mac_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(mac, mac_size) +
+ psasim_serialise_size_t_needs(mac_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(mac);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(mac);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_sign_finish_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+ uint8_t *mac = NULL;
+ size_t mac_size;
+ size_t mac_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &mac, &mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_sign_finish(
+ operation,
+ mac, mac_size,
+ &mac_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(mac, mac_size) +
+ psasim_serialise_size_t_needs(mac_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ mac, mac_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(mac);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(mac);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_sign_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_sign_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_update_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+ uint8_t *input = NULL;
+ size_t input_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_update(
+ operation,
+ input, input_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_verify_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *mac = NULL;
+ size_t mac_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &mac, &mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_verify(
+ key,
+ alg,
+ input, input_length,
+ mac, mac_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(mac);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(mac);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_verify_finish_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+ uint8_t *mac = NULL;
+ size_t mac_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &mac, &mac_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_verify_finish(
+ operation,
+ mac, mac_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(mac);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(mac);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_mac_verify_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_mac_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_mac_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_mac_verify_setup(
+ operation,
+ key,
+ alg
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_mac_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_mac_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_purge_key_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_purge_key(
+ key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_raw_key_agreement_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_algorithm_t alg;
+ mbedtls_svc_key_id_t private_key;
+ uint8_t *peer_key = NULL;
+ size_t peer_key_length;
+ uint8_t *output = NULL;
+ size_t output_size;
+ size_t output_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &private_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &peer_key, &peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &output, &output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_raw_key_agreement(
+ alg,
+ private_key,
+ peer_key, peer_key_length,
+ output, output_size,
+ &output_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(output, output_size) +
+ psasim_serialise_size_t_needs(output_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ output, output_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ output_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(peer_key);
+ free(output);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(peer_key);
+ free(output);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_reset_key_attributes_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_key_attributes_t attributes;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ psa_reset_key_attributes(
+ &attributes
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_attributes_t_needs(attributes);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_attributes_t(
+ &rpos, &rremain,
+ attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_hash_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+ uint8_t *signature = NULL;
+ size_t signature_size;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_sign_hash(
+ key,
+ alg,
+ hash, hash_length,
+ signature, signature_size,
+ &signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(signature_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_hash_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_sign_hash_interruptible_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_sign_hash_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_hash_complete_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_sign_hash_interruptible_operation_t *operation;
+ uint8_t *signature = NULL;
+ size_t signature_size;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_sign_hash_complete(
+ operation,
+ signature, signature_size,
+ &signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(signature_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_hash_get_num_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t value = 0;
+ psa_sign_hash_interruptible_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ value = psa_sign_hash_get_num_ops(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(value);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_uint32_t(
+ &rpos, &rremain,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_hash_start_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_sign_hash_interruptible_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_sign_hash_start(
+ operation,
+ key,
+ alg,
+ hash, hash_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_sign_message_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *signature = NULL;
+ size_t signature_size;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_size_t(
+ &pos, &remaining,
+ &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_sign_message(
+ key,
+ alg,
+ input, input_length,
+ signature, signature_size,
+ &signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_buffer_needs(signature, signature_size) +
+ psasim_serialise_size_t_needs(signature_length);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ signature, signature_size);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_size_t(
+ &rpos, &rremain,
+ signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_hash_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+ uint8_t *signature = NULL;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_verify_hash(
+ key,
+ alg,
+ hash, hash_length,
+ signature, signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_hash_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_verify_hash_interruptible_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_verify_hash_abort(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 1);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_hash_complete_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_verify_hash_interruptible_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_verify_hash_complete(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_hash_get_num_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t value = 0;
+ psa_verify_hash_interruptible_operation_t *operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ value = psa_verify_hash_get_num_ops(
+ operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(value);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_uint32_t(
+ &rpos, &rremain,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_hash_start_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_verify_hash_interruptible_operation_t *operation;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *hash = NULL;
+ size_t hash_length;
+ uint8_t *signature = NULL;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &hash, &hash_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_verify_hash_start(
+ operation,
+ key,
+ alg,
+ hash, hash_length,
+ signature, signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
+ &rpos, &rremain,
+ operation, 0);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(hash);
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(hash);
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_verify_message_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t key;
+ psa_algorithm_t alg;
+ uint8_t *input = NULL;
+ size_t input_length;
+ uint8_t *signature = NULL;
+ size_t signature_length;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &input, &input_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &signature, &signature_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_verify_message(
+ key,
+ alg,
+ input, input_length,
+ signature, signature_length
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(input);
+ free(signature);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(input);
+ free(signature);
+
+ return 0; // This shouldn't happen!
+}
+
+psa_status_t psa_crypto_call(psa_msg_t msg)
+{
+ int ok = 0;
+
+ int func = msg.type;
+
+ /* We only expect a single input buffer, with everything serialised in it */
+ if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* We expect exactly 2 output buffers, one for size, the other for data */
+ if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 ||
+ msg.out_size[2] != 0 || msg.out_size[3] != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ uint8_t *in_params = NULL;
+ size_t in_params_len = 0;
+ uint8_t *out_params = NULL;
+ size_t out_params_len = 0;
+
+ in_params_len = msg.in_size[0];
+ in_params = malloc(in_params_len);
+ if (in_params == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ /* Read the bytes from the client */
+ size_t actual = psa_read(msg.handle, 0, in_params, in_params_len);
+ if (actual != in_params_len) {
+ free(in_params);
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+
+ switch (func) {
+ case PSA_CRYPTO_INIT:
+ ok = psa_crypto_init_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_ABORT:
+ ok = psa_aead_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_DECRYPT:
+ ok = psa_aead_decrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_DECRYPT_SETUP:
+ ok = psa_aead_decrypt_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_ENCRYPT:
+ ok = psa_aead_encrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_ENCRYPT_SETUP:
+ ok = psa_aead_encrypt_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_FINISH:
+ ok = psa_aead_finish_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_GENERATE_NONCE:
+ ok = psa_aead_generate_nonce_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_SET_LENGTHS:
+ ok = psa_aead_set_lengths_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_SET_NONCE:
+ ok = psa_aead_set_nonce_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_UPDATE:
+ ok = psa_aead_update_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_UPDATE_AD:
+ ok = psa_aead_update_ad_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_AEAD_VERIFY:
+ ok = psa_aead_verify_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_ASYMMETRIC_DECRYPT:
+ ok = psa_asymmetric_decrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_ASYMMETRIC_ENCRYPT:
+ ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_ABORT:
+ ok = psa_cipher_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_DECRYPT:
+ ok = psa_cipher_decrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_DECRYPT_SETUP:
+ ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_ENCRYPT:
+ ok = psa_cipher_encrypt_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_ENCRYPT_SETUP:
+ ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_FINISH:
+ ok = psa_cipher_finish_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_GENERATE_IV:
+ ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_SET_IV:
+ ok = psa_cipher_set_iv_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_CIPHER_UPDATE:
+ ok = psa_cipher_update_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_COPY_KEY:
+ ok = psa_copy_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_DESTROY_KEY:
+ ok = psa_destroy_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_EXPORT_KEY:
+ ok = psa_export_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_EXPORT_PUBLIC_KEY:
+ ok = psa_export_public_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_KEY:
+ ok = psa_generate_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_KEY_EXT:
+ ok = psa_generate_key_ext_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_RANDOM:
+ ok = psa_generate_random_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GET_KEY_ATTRIBUTES:
+ ok = psa_get_key_attributes_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_ABORT:
+ ok = psa_hash_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_CLONE:
+ ok = psa_hash_clone_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_COMPARE:
+ ok = psa_hash_compare_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_COMPUTE:
+ ok = psa_hash_compute_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_FINISH:
+ ok = psa_hash_finish_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_SETUP:
+ ok = psa_hash_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_UPDATE:
+ ok = psa_hash_update_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_HASH_VERIFY:
+ ok = psa_hash_verify_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_IMPORT_KEY:
+ ok = psa_import_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_INTERRUPTIBLE_GET_MAX_OPS:
+ ok = psa_interruptible_get_max_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_INTERRUPTIBLE_SET_MAX_OPS:
+ ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_ABORT:
+ ok = psa_key_derivation_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_GET_CAPACITY:
+ ok = psa_key_derivation_get_capacity_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_INPUT_BYTES:
+ ok = psa_key_derivation_input_bytes_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_INPUT_INTEGER:
+ ok = psa_key_derivation_input_integer_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_INPUT_KEY:
+ ok = psa_key_derivation_input_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_KEY_AGREEMENT:
+ ok = psa_key_derivation_key_agreement_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_OUTPUT_BYTES:
+ ok = psa_key_derivation_output_bytes_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_OUTPUT_KEY:
+ ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_OUTPUT_KEY_EXT:
+ ok = psa_key_derivation_output_key_ext_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_SET_CAPACITY:
+ ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_DERIVATION_SETUP:
+ ok = psa_key_derivation_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_ABORT:
+ ok = psa_mac_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_COMPUTE:
+ ok = psa_mac_compute_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_SIGN_FINISH:
+ ok = psa_mac_sign_finish_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_SIGN_SETUP:
+ ok = psa_mac_sign_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_UPDATE:
+ ok = psa_mac_update_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_VERIFY:
+ ok = psa_mac_verify_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_VERIFY_FINISH:
+ ok = psa_mac_verify_finish_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_MAC_VERIFY_SETUP:
+ ok = psa_mac_verify_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_PURGE_KEY:
+ ok = psa_purge_key_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_RAW_KEY_AGREEMENT:
+ ok = psa_raw_key_agreement_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_RESET_KEY_ATTRIBUTES:
+ ok = psa_reset_key_attributes_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_HASH:
+ ok = psa_sign_hash_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_HASH_ABORT:
+ ok = psa_sign_hash_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_HASH_COMPLETE:
+ ok = psa_sign_hash_complete_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_HASH_GET_NUM_OPS:
+ ok = psa_sign_hash_get_num_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_HASH_START:
+ ok = psa_sign_hash_start_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_SIGN_MESSAGE:
+ ok = psa_sign_message_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_HASH:
+ ok = psa_verify_hash_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_HASH_ABORT:
+ ok = psa_verify_hash_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_HASH_COMPLETE:
+ ok = psa_verify_hash_complete_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_HASH_GET_NUM_OPS:
+ ok = psa_verify_hash_get_num_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_HASH_START:
+ ok = psa_verify_hash_start_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_VERIFY_MESSAGE:
+ ok = psa_verify_message_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ }
+
+ free(in_params);
+
+ if (out_params_len > msg.out_size[1]) {
+ fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\n",
+ out_params_len, msg.out_size[1]);
+ exit(1);
+ }
+
+ /* Write the exact amount of data we're returning */
+ psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len));
+
+ /* And write the data itself */
+ if (out_params_len) {
+ psa_write(msg.handle, 1, out_params, out_params_len);
+ }
+
+ free(out_params);
+
+ return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR;
+}
+
+void psa_crypto_close(void)
+{
+ psa_sim_serialize_reset();
+}
diff --git a/include/psa/crypto.h b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
old mode 100644
new mode 100755
similarity index 86%
copy from include/psa/crypto.h
copy to tests/psa-client-server/psasim/src/psa_sim_generate.pl
index 7083bd9..dd2fe9e
--- a/include/psa/crypto.h
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -1,68 +1,1238 @@
-/**
- * \file psa/crypto.h
- * \brief Platform Security Architecture cryptography module
- */
+#!/usr/bin/env perl
+#
+# This is a proof-of-concept script to show that the client and server wrappers
+# can be created by a script. It is not hooked into the build, so is run
+# manually and the output files are what are to be reviewed. In due course
+# this will be replaced by a Python script.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+use strict;
+use Data::Dumper;
+use JSON qw(encode_json);
+
+my $debug = 0;
+
+# Globals (sorry!)
+my %functions = get_functions();
+my @functions = sort keys %functions;
+
+# We don't want these functions (e.g. because they are not implemented, etc)
+my @skip_functions = qw(
+ psa_key_derivation_verify_bytes
+ psa_key_derivation_verify_key
+);
+
+# Remove @skip_functions from @functions
+my %skip_functions = map { $_ => 1 } @skip_functions;
+@functions = grep(!exists($skip_functions{$_}), @functions);
+
+# get_functions(), called above, returns a data structure for each function
+# that we need to create client and server stubs for. In this example Perl script,
+# the function declarations we want are in the data section (after __END__ at
+# the bottom of this file), but a production Python version should process
+# psa_crypto.h.
+#
+# In this script, the data for psa_crypto_init() looks like:
+#
+# "psa_crypto_init": {
+# "return": { # Info on return type
+# "type": "psa_status_t", # Return type
+# "name": "status", # Name to be used for this in C code
+# "default": "PSA_ERROR_CORRUPTION_DETECTED" # Default value
+# },
+# "args": [], # void function, so args empty
+# }
+#
+# The data for psa_hash_compute() looks like:
+#
+# "psa_hash_compute": {
+# "return": { # Information on return type
+# "type": "psa_status_t",
+# "name": "status",
+# "default": "PSA_ERROR_CORRUPTION_DETECTED"
+# },
+# "args": [{
+# "type": "psa_algorithm_t", # Type of first argument
+# "ctypename": "psa_algorithm_t ", # C type with trailing spaces
+# # (so that e.g. `char *` looks ok)
+# "name": "alg",
+# "is_output": 0
+# }, {
+# "type": "const buffer", # Specially created
+# "ctypename": "", # (so no C type)
+# "name": "input, input_length", # A pair of arguments
+# "is_output": 0 # const, so not an output argument
+# }, {
+# "type": "buffer", # Specially created
+# "ctypename": "",
+# "name": "hash, hash_size",
+# "is_output": 1 # Not const, so output argument
+# }, {
+# "type": "size_t", # size_t *hash_length
+# "ctypename": "size_t ",
+# "name": "*hash_length", # * comes into the name
+# "is_output": 1
+# }
+# ],
+# },
+#
+# It's possible that a production version might not need both type and ctypename;
+# that was done for convenience and future-proofing during development.
+
+# We'll do psa_crypto_init() first
+put_crypto_init_first(\@functions);
+
+write_function_codes("psa_functions_codes.h");
+
+write_client_calls("psa_sim_crypto_client.c");
+
+write_server_implementations("psa_sim_crypto_server.c");
+
+sub write_function_codes
+{
+ my ($file) = @_;
+
+ open(my $fh, ">", $file) || die("$0: $file: $!\n");
+
+ # NOTE: psa_crypto_init() is written manually
+
+ print $fh <<EOF;
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
+
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-#ifndef PSA_CRYPTO_H
-#define PSA_CRYPTO_H
+#ifndef _PSA_FUNCTIONS_CODES_H_
+#define _PSA_FUNCTIONS_CODES_H_
-#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
-#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE
-#else
-#include "crypto_platform.h"
+enum {
+ /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT
+ * and VERSION_REQUEST */
+ PSA_CRYPTO_INIT = 100,
+EOF
+
+ for my $function (@functions) {
+ my $enum = uc($function);
+ if ($enum ne "PSA_CRYPTO_INIT") {
+ print $fh <<EOF;
+ $enum,
+EOF
+ }
+ }
+
+ print $fh <<EOF;
+};
+
+#endif /* _PSA_FUNCTIONS_CODES_H_ */
+EOF
+
+ close($fh);
+}
+
+sub write_client_calls
+{
+ my ($file) = @_;
+
+ open(my $fh, ">", $file) || die("$0: $file: $!\n");
+
+ print $fh client_calls_header();
+
+ for my $function (@functions) {
+ # psa_crypto_init() is hand written to establish connection to server
+ if ($function ne "psa_crypto_init") {
+ my $f = $functions{$function};
+ output_client($fh, $f, $function);
+ }
+ }
+
+ close($fh);
+}
+
+sub write_server_implementations
+{
+ my ($file) = @_;
+
+ open(my $fh, ">", $file) || die("$0: $file: $!\n");
+
+ print $fh server_implementations_header();
+
+ print $fh debug_functions() if $debug;
+
+ for my $function (@functions) {
+ my $f = $functions{$function};
+ output_server_wrapper($fh, $f, $function);
+ }
+
+ # Now output a switch statement that calls each of the wrappers
+
+ print $fh <<EOF;
+
+psa_status_t psa_crypto_call(psa_msg_t msg)
+{
+ int ok = 0;
+
+ int func = msg.type;
+
+ /* We only expect a single input buffer, with everything serialised in it */
+ if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* We expect exactly 2 output buffers, one for size, the other for data */
+ if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 ||
+ msg.out_size[2] != 0 || msg.out_size[3] != 0) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ uint8_t *in_params = NULL;
+ size_t in_params_len = 0;
+ uint8_t *out_params = NULL;
+ size_t out_params_len = 0;
+
+ in_params_len = msg.in_size[0];
+ in_params = malloc(in_params_len);
+ if (in_params == NULL) {
+ return PSA_ERROR_INSUFFICIENT_MEMORY;
+ }
+
+ /* Read the bytes from the client */
+ size_t actual = psa_read(msg.handle, 0, in_params, in_params_len);
+ if (actual != in_params_len) {
+ free(in_params);
+ return PSA_ERROR_CORRUPTION_DETECTED;
+ }
+
+ switch (func) {
+EOF
+
+ for my $function (@functions) {
+ my $f = $functions{$function};
+ my $enum = uc($function);
+
+ # Create this call, in a way acceptable to uncustify:
+ # ok = ${function}_wrapper(in_params, in_params_len,
+ # &out_params, &out_params_len);
+ my $first_line = " ok = ${function}_wrapper(in_params, in_params_len,";
+ my $idx = index($first_line, "(");
+ die("can't find (") if $idx < 0;
+ my $indent = " " x ($idx + 1);
+
+ print $fh <<EOF;
+ case $enum:
+$first_line
+$indent&out_params, &out_params_len);
+ break;
+EOF
+ }
+
+ print $fh <<EOF;
+ }
+
+ free(in_params);
+
+ if (out_params_len > msg.out_size[1]) {
+ fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\\n",
+ out_params_len, msg.out_size[1]);
+ exit(1);
+ }
+
+ /* Write the exact amount of data we're returning */
+ psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len));
+
+ /* And write the data itself */
+ if (out_params_len) {
+ psa_write(msg.handle, 1, out_params, out_params_len);
+ }
+
+ free(out_params);
+
+ return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR;
+}
+EOF
+
+ # Finally, add psa_crypto_close()
+
+ print $fh <<EOF;
+
+void psa_crypto_close(void)
+{
+ psa_sim_serialize_reset();
+}
+EOF
+
+ close($fh);
+}
+
+sub server_implementations_header
+{
+ return <<'EOF';
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
+
+/* server implementations */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <psa/crypto.h>
+
+#include "psa_functions_codes.h"
+#include "psa_sim_serialise.h"
+
+#include "service.h"
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C)
+#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build"
#endif
+EOF
+}
-#include <stddef.h>
+sub client_calls_header
+{
+ my $code = <<'EOF';
+/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */
-#ifdef __DOXYGEN_ONLY__
-/* This __DOXYGEN_ONLY__ block contains mock definitions for things that
- * must be defined in the crypto_platform.h header. These mock definitions
- * are present in this file as a convenience to generate pretty-printed
- * documentation that includes those definitions. */
+/* client calls */
-/** \defgroup platform Implementation-specific definitions
- * @{
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/
-/**@}*/
-#endif /* __DOXYGEN_ONLY__ */
+#include <stdio.h>
+#include <unistd.h>
-#ifdef __cplusplus
-extern "C" {
+/* Includes from psasim */
+#include <client.h>
+#include <util.h>
+#include "psa_manifest/sid.h"
+#include "psa_functions_codes.h"
+#include "psa_sim_serialise.h"
+
+/* Includes from mbedtls */
+#include "mbedtls/version.h"
+#include "psa/crypto.h"
+
+#define CLIENT_PRINT(fmt, ...) \
+ INFO("Client: " fmt, ##__VA_ARGS__)
+
+static psa_handle_t handle = -1;
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build"
#endif
+EOF
-/* The file "crypto_types.h" declares types that encode errors,
- * algorithms, key types, policies, etc. */
-#include "crypto_types.h"
+ $code .= debug_functions() if $debug;
-/** \defgroup version API version
- * @{
- */
+ $code .= <<'EOF';
-/**
- * The major version of this implementation of the PSA Crypto API
- */
-#define PSA_CRYPTO_API_VERSION_MAJOR 1
+int psa_crypto_call(int function,
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ // psa_outvec outvecs[1];
+ if (handle < 0) {
+ fprintf(stderr, "NOT CONNECTED\n");
+ exit(1);
+ }
-/**
- * The minor version of this implementation of the PSA Crypto API
- */
-#define PSA_CRYPTO_API_VERSION_MINOR 0
+ psa_invec invec;
+ invec.base = in_params;
+ invec.len = in_params_len;
-/**@}*/
+ size_t max_receive = 24576;
+ uint8_t *receive = malloc(max_receive);
+ if (receive == NULL) {
+ fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive);
+ exit(1);
+ }
-/* The file "crypto_values.h" declares macros to build and analyze values
- * of integral types defined in "crypto_types.h". */
-#include "crypto_values.h"
+ size_t actual_received = 0;
-/** \defgroup initialization Library initialization
- * @{
- */
+ psa_outvec outvecs[2];
+ outvecs[0].base = &actual_received;
+ outvecs[0].len = sizeof(actual_received);
+ outvecs[1].base = receive;
+ outvecs[1].len = max_receive;
+ psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2);
+ if (status != PSA_SUCCESS) {
+ free(receive);
+ return 0;
+ }
+
+ *out_params = receive;
+ *out_params_len = actual_received;
+
+ return 1; // success
+}
+
+psa_status_t psa_crypto_init(void)
+{
+ char mbedtls_version[18];
+ uint8_t *result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ mbedtls_version_get_string_full(mbedtls_version);
+ CLIENT_PRINT("%s", mbedtls_version);
+
+ CLIENT_PRINT("My PID: %d", getpid());
+
+ CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID));
+ handle = psa_connect(PSA_SID_CRYPTO_SID, 1);
+
+ if (handle < 0) {
+ CLIENT_PRINT("Couldn't connect %d", handle);
+ return PSA_ERROR_COMMUNICATION_FAILURE;
+ }
+
+ int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length);
+ CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok);
+
+ if (!ok) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(result);
+
+ return status;
+}
+
+void mbedtls_psa_crypto_free(void)
+{
+ /* Do not try to close a connection that was never started.*/
+ if (handle == -1) {
+ return;
+ }
+
+ CLIENT_PRINT("Closing handle");
+ psa_close(handle);
+ handle = -1;
+}
+EOF
+}
+
+sub debug_functions
+{
+ return <<EOF;
+
+static inline char hex_digit(char nibble) {
+ return (nibble < 10) ? (nibble + '0') : (nibble + 'a' - 10);
+}
+
+int hex_byte(char *p, uint8_t b)
+{
+ p[0] = hex_digit(b >> 4);
+ p[1] = hex_digit(b & 0x0F);
+
+ return 2;
+}
+
+int hex_uint16(char *p, uint16_t b)
+{
+ hex_byte(p, b >> 8);
+ hex_byte(p + 2, b & 0xFF);
+
+ return 4;
+}
+
+char human_char(uint8_t c)
+{
+ return (c >= ' ' && c <= '~') ? (char)c : '.';
+}
+
+void dump_buffer(const uint8_t *buffer, size_t len)
+{
+ char line[80];
+
+ const uint8_t *p = buffer;
+
+ size_t max = (len > 0xFFFF) ? 0xFFFF : len;
+
+ for (size_t i = 0; i < max; i += 16) {
+
+ char *q = line;
+
+ q += hex_uint16(q, (uint16_t)i);
+ *q++ = ' ';
+ *q++ = ' ';
+
+ size_t ll = (i + 16 > max) ? (max % 16) : 16;
+
+ size_t j;
+ for (j = 0; j < ll; j++) {
+ q += hex_byte(q, p[i + j]);
+ *q++ = ' ';
+ }
+
+ while (j++ < 16) {
+ *q++ = ' ';
+ *q++ = ' ';
+ *q++ = ' ';
+ }
+
+ *q++ = ' ';
+
+ for (j = 0; j < ll; j++) {
+ *q++ = human_char(p[i + j]);
+ }
+
+ *q = '\\0';
+
+ printf("%s\\n", line);
+ }
+}
+
+void hex_dump(uint8_t *p, size_t n)
+{
+ for (size_t i = 0; i < n; i++) {
+ printf("0x%02X ", p[i]);
+ }
+ printf("\\n");
+}
+EOF
+}
+
+sub output_server_wrapper
+{
+ my ($fh, $f, $name) = @_;
+
+ my $ret_type = $f->{return}->{type};
+ my $ret_name = $f->{return}->{name};
+ my $ret_default = $f->{return}->{default};
+
+ my @buffers = (); # We need to free() these on exit
+
+ print $fh <<EOF;
+
+// Returns 1 for success, 0 for failure
+int ${name}_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+EOF
+
+ print $fh <<EOF unless $ret_type eq "void";
+ $ret_type $ret_name = $ret_default;
+EOF
+ # Output the variables we will need when we call the target function
+
+ my $args = $f->{args};
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ $argtype =~ s/^const //;
+
+ if ($argtype =~ /^(const )?buffer$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh <<EOF;
+ uint8_t *$n1 = NULL;
+ size_t $n2;
+EOF
+ push(@buffers, $n1); # Add to the list to be free()d at end
+ } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh <<EOF;
+ psa_key_production_parameters_t *$n1 = NULL;
+ size_t $n2;
+EOF
+ push(@buffers, $n1); # Add to the list to be free()d at end
+ } else {
+ $argname =~ s/^\*//; # Remove any leading *
+ my $pointer = ($argtype =~ /^psa_\w+_operation_t/) ? "*" : "";
+ print $fh <<EOF;
+ $argtype $pointer$argname;
+EOF
+ }
+ }
+
+ print $fh "\n";
+
+ if ($#$args >= 0) { # If we have any args (>= 0)
+ print $fh <<EOF;
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+EOF
+ }
+
+ print $fh <<EOF;
+ uint8_t *result = NULL;
+ int ok;
+EOF
+
+ print $fh <<EOF if $debug;
+
+ printf("$name: server\\n");
+EOF
+ if ($#$args >= 0) { # If we have any args (>= 0)
+ print $fh <<EOF;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#$args) ? ";" : " +";
+ $argtype =~ s/^const //;
+
+ if ($argtype =~ /^(const )?buffer$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh <<EOF;
+
+ ok = psasim_deserialise_${argtype}(
+ &pos, &remaining,
+ &$n1, &$n2);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh <<EOF;
+
+ ok = psasim_deserialise_${argtype}(
+ &pos, &remaining,
+ &$n1, &$n2);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ } else {
+ $argname =~ s/^\*//; # Remove any leading *
+ my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : "";
+ print $fh <<EOF;
+
+ ok = psasim_${server_specific}deserialise_${argtype}(
+ &pos, &remaining,
+ &$argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+ }
+
+ print $fh <<EOF;
+
+ // Now we call the actual target function
+EOF
+ output_call($fh, $f, $name, 1);
+
+ my @outputs = grep($_->{is_output}, @$args);
+
+ my $sep1 = (($ret_type eq "void") and ($#outputs < 0)) ? ";" : " +";
+
+ print $fh <<EOF;
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs()$sep1
+EOF
+
+ if ($ret_type ne "void") {
+ my $sep = ($#outputs < 0) ? ";" : " +";
+ print $fh <<EOF;
+ psasim_serialise_${ret_type}_needs($ret_name)$sep
+EOF
+ }
+
+ for my $i (0 .. $#outputs) {
+ my $arg = $outputs[$i];
+ die("$i: this should have been filtered out by grep") unless $arg->{is_output};
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#outputs) ? ";" : " +";
+ $argtype =~ s/^const //;
+ $argname =~ s/^\*//; # Remove any leading *
+ my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : "";
+
+ print $fh <<EOF;
+ psasim_${server_specific}serialise_${argtype}_needs($argname)$sep
+EOF
+ }
+
+ print $fh <<EOF;
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+
+ if ($ret_type ne "void") {
+ print $fh <<EOF;
+
+ ok = psasim_serialise_${ret_type}(
+ &rpos, &rremain,
+ $ret_name);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+
+ my @outputs = grep($_->{is_output}, @$args);
+
+ for my $i (0 .. $#outputs) {
+ my $arg = $outputs[$i];
+ die("$i: this should have been filtered out by grep") unless $arg->{is_output};
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#outputs) ? ";" : " +";
+ $argtype =~ s/^const //;
+
+ if ($argtype eq "buffer") {
+ print $fh <<EOF;
+
+ ok = psasim_serialise_buffer(
+ &rpos, &rremain,
+ $argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ } elsif ($argtype eq "psa_key_production_parameters_t") {
+ print $fh <<EOF;
+
+ ok = psasim_serialise_psa_key_production_parameters_t(
+ &rpos, &rremain,
+ $argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ } else {
+ if ($argname =~ /^\*/) {
+ $argname =~ s/^\*//; # since it's already a pointer
+ } else {
+ die("$0: $argname: HOW TO OUTPUT?\n");
+ }
+
+ my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : "";
+
+ my $completed = ""; # Only needed on server serialise calls
+ if (length($server_specific)) {
+ # On server serialisation, which is only for operation types,
+ # we need to mark the operation as completed (variously called
+ # terminated or inactive in psa/crypto.h) on certain calls.
+ $completed = ($name =~ /_(abort|finish|hash_verify)$/) ? ", 1" : ", 0";
+ }
+
+ print $fh <<EOF;
+
+ ok = psasim_${server_specific}serialise_${argtype}(
+ &rpos, &rremain,
+ $argname$completed);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+ }
+
+ my $free_buffers = join("", map { " free($_);\n" } @buffers);
+ $free_buffers = "\n" . $free_buffers if length($free_buffers);
+
+ print $fh <<EOF;
+
+ *out_params = result;
+ *out_params_len = result_size;
+$free_buffers
+ return 1; // success
+
+fail:
+ free(result);
+$free_buffers
+ return 0; // This shouldn't happen!
+}
+EOF
+}
+
+sub output_client
+{
+ my ($fh, $f, $name) = @_;
+
+ print $fh "\n";
+
+ output_definition_begin($fh, $f, $name);
+
+ my $ret_type = $f->{return}->{type};
+ my $ret_name = $f->{return}->{name};
+ my $ret_default = $f->{return}->{default};
+
+ print $fh <<EOF;
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+EOF
+ print $fh <<EOF unless $ret_type eq "void";
+ $ret_type $ret_name = $ret_default;
+EOF
+
+ print $fh <<EOF if $debug;
+
+ printf("$name: client\\n");
+EOF
+
+ print $fh <<EOF;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+EOF
+
+ my $args = $f->{args};
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#$args) ? ";" : " +";
+ $argtype =~ s/^const //;
+
+ print $fh <<EOF;
+ psasim_serialise_${argtype}_needs($argname)$sep
+EOF
+ }
+
+ print $fh <<EOF if $#$args < 0;
+ 0;
+EOF
+
+ print $fh <<EOF;
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+EOF
+
+ if ($ret_type eq "psa_status_t") {
+ print $fh <<EOF if $;
+ $ret_name = PSA_ERROR_INSUFFICIENT_MEMORY;
+EOF
+ } elsif ($ret_type eq "uint32_t") {
+ print $fh <<EOF if $;
+ $ret_name = 0;
+EOF
+ }
+
+ print $fh <<EOF;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#$args) ? ";" : " +";
+ $argtype =~ s/^const //;
+
+ print $fh <<EOF;
+ ok = psasim_serialise_${argtype}(
+ &pos, &remaining,
+ $argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+
+ print $fh <<EOF if $debug;
+
+ printf("client sending %d:\\n", (int)(pos - ser_params));
+ dump_buffer(ser_params, (size_t)(pos - ser_params));
+EOF
+
+ my $enum = uc($name);
+
+ print $fh <<EOF;
+
+ ok = psa_crypto_call($enum,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("$enum server call failed\\n");
+ goto fail;
+ }
+EOF
+
+ print $fh <<EOF if $debug;
+
+ printf("client receiving %d:\\n", (int)result_length);
+ dump_buffer(ser_result, result_length);
+EOF
+
+ print $fh <<EOF;
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+
+ print $fh <<EOF if $ret_type ne "void";
+
+ ok = psasim_deserialise_$ret_type(
+ &rpos, &rremain,
+ &$ret_name);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+
+ my @outputs = grep($_->{is_output}, @$args);
+
+ for my $i (0 .. $#outputs) {
+ my $arg = $outputs[$i];
+ die("$i: this should have been filtered out by grep") unless $arg->{is_output};
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+ my $sep = ($i == $#outputs) ? ";" : " +";
+ $argtype =~ s/^const //;
+
+ if ($argtype eq "buffer") {
+ print $fh <<EOF;
+
+ ok = psasim_deserialise_return_buffer(
+ &rpos, &rremain,
+ $argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ } else {
+ if ($argname =~ /^\*/) {
+ $argname =~ s/^\*//; # since it's already a pointer
+ } else {
+ die("$0: $argname: HOW TO OUTPUT?\n");
+ }
+
+ print $fh <<EOF;
+
+ ok = psasim_deserialise_${argtype}(
+ &rpos, &rremain,
+ $argname);
+ if (!ok) {
+ goto fail;
+ }
+EOF
+ }
+ }
+ print $fh <<EOF;
+
+fail:
+ free(ser_params);
+ free(ser_result);
+EOF
+
+ print $fh <<EOF if $ret_type ne "void";
+
+ return $ret_name;
+EOF
+
+ print $fh <<EOF;
+}
+EOF
+}
+
+sub output_declaration
+{
+ my ($f, $name) = @_;
+
+ output_signature($f, $name, "declaration");
+}
+
+sub output_definition_begin
+{
+ my ($fh, $f, $name) = @_;
+
+ output_signature($fh, $f, $name, "definition");
+}
+
+sub output_call
+{
+ my ($fh, $f, $name, $is_server) = @_;
+
+ my $ret_type = $f->{return}->{type};
+ my $ret_name = $f->{return}->{name};
+ my $args = $f->{args};
+
+ if ($ret_type eq "void") {
+ print $fh "\n $name(\n";
+ } else {
+ print $fh "\n $ret_name = $name(\n";
+ }
+
+ print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $argname = $arg->{name};
+
+ if ($argtype =~ /^(const )?buffer$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh " $n1, $n2";
+ } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
+ my ($n1, $n2) = split(/,\s*/, $argname);
+ print $fh " $n1, $n2";
+ } else {
+ $argname =~ s/^\*/\&/; # Replace leading * with &
+ if ($is_server && $argtype =~ /^psa_\w+_operation_t/) {
+ $argname =~ s/^\&//; # Actually, for psa_XXX_operation_t, don't do this on the server side
+ }
+ print $fh " $argname";
+ }
+ my $sep = ($i == $#$args) ? "\n );" : ",";
+ print $fh "$sep\n";
+ }
+}
+
+sub output_signature
+{
+ my ($fh, $f, $name, $what) = @_;
+
+ my $ret_type = $f->{return}->{type};
+ my $args = $f->{args};
+
+ my $final_sep = ($what eq "declaration") ? "\n);" : "\n )";
+
+ print $fh "\n$ret_type $name(\n";
+
+ print $fh " void\n )\n" if $#$args < 0; # No arguments
+
+ for my $i (0 .. $#$args) {
+ my $arg = $args->[$i];
+ my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer"
+ my $ctypename = $arg->{ctypename}; # e.g. "int ", "char *"; empty for buffer
+ my $argname = $arg->{name};
+
+ if ($argtype =~ /^(const )?buffer$/) {
+ my $const = length($1) ? "const " : "";
+ my ($n1, $n2) = split(/,/, $argname);
+ print $fh " ${const}uint8_t *$n1, size_t $n2";
+ } elsif ($argtype =~ /^(const )?psa_key_production_parameters_t$/) {
+ my $const = length($1) ? "const " : "";
+ my ($n1, $n2) = split(/,/, $argname);
+ print $fh " ${const}psa_key_production_parameters_t *$n1, size_t $n2";
+ } else {
+ print $fh " $ctypename$argname";
+ }
+ my $sep = ($i == $#$args) ? $final_sep : ",";
+ print $fh "$sep\n";
+ }
+}
+
+sub get_functions
+{
+ my $src = "";
+ while (<DATA>) {
+ chomp;
+ s/\/\/.*//;
+ s/\s+^//;
+ s/\s+/ /g;
+ $_ .= "\n";
+ $src .= $_;
+ }
+
+ $src =~ s/\/\*.*?\*\///gs;
+
+ my @src = split(/\n+/, $src);
+
+ my @rebuild = ();
+ my %funcs = ();
+ for (my $i = 0; $i <= $#src; $i++) {
+ my $line = $src[$i];
+ if ($line =~ /^(psa_status_t|uint32_t|void) (psa_\w*)\(/) { # begin function definition
+ #print "have one $line\n";
+ while ($line !~ /;/) {
+ $line .= $src[$i + 1];
+ $i++;
+ }
+ $line =~ s/\s+/ /g;
+ if ($line =~ /(\w+)\s+\b(\w+)\s*\(\s*(.*\S)\s*\)\s*[;{]/s) {
+ my ($ret_type, $func, $args) = ($1, $2, $3);
+ my $copy = $line;
+ $copy =~ s/{$//;
+ my $f = {
+ "orig" => $copy,
+ };
+
+ my @args = split(/\s*,\s*/, $args);
+
+ my $ret_name = "";
+ $ret_name = "status" if $ret_type eq "psa_status_t";
+ $ret_name = "value" if $ret_type eq "uint32_t";
+ $ret_name = "(void)" if $ret_type eq "void";
+ die("ret_name for $ret_type?") unless length($ret_name);
+ my $ret_default = "";
+ $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t";
+ $ret_default = "0" if $ret_type eq "uint32_t";
+ $ret_default = "(void)" if $ret_type eq "void";
+ die("ret_default for $ret_type?") unless length($ret_default);
+
+ #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n";
+
+ $f->{return} = {
+ "type" => $ret_type,
+ "default" => $ret_default,
+ "name" => $ret_name,
+ };
+ $f->{args} = [];
+ # psa_algorithm_t alg; const uint8_t *input; size_t input_length; uint8_t *hash; size_t hash_size; size_t *hash_length
+ for (my $i = 0; $i <= $#args; $i++) {
+ my $arg = $args[$i];
+ # "type" => "psa_algorithm_t",
+ # "ctypename" => "psa_algorithm_t ",
+ # "name" => "alg",
+ # "is_output" => 0,
+ my ($type, $ctype, $name, $is_output);
+ if ($arg =~ /^(\w+)\s+(\w+)$/) { # e.g. psa_algorithm_t alg
+ ($type, $name) = ($1, $2);
+ $ctype = $type . " ";
+ $is_output = 0;
+ } elsif ($arg =~ /^((const)\s+)?uint8_t\s*\*\s*(\w+)$/) {
+ $type = "buffer";
+ $is_output = (length($1) == 0) ? 1 : 0;
+ $type = "const buffer" if !$is_output;
+ $ctype = "";
+ $name = $3;
+ #print("$arg: $name: might be a buffer?\n");
+ die("$arg: not a buffer 1!\n") if $i == $#args;
+ my $next = $args[$i + 1];
+ if ($func eq "psa_key_derivation_verify_bytes" &&
+ $arg eq "const uint8_t *expected_output" &&
+ $next eq "size_t output_length") {
+ $next = "size_t expected_output_length"; # doesn't follow naming convention, so override
+ }
+ die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/;
+ $i++; # We're using the next param here
+ my $nname = $1;
+ $name .= ", " . $nname;
+ } elsif ($arg =~ /^((const)\s+)?psa_key_production_parameters_t\s*\*\s*(\w+)$/) {
+ $type = "psa_key_production_parameters_t";
+ $is_output = (length($1) == 0) ? 1 : 0;
+ $type = "const psa_key_production_parameters_t" if !$is_output;
+ $ctype = "";
+ $name = $3;
+ #print("$arg: $name: might be a psa_key_production_parameters_t?\n");
+ die("$arg: not a psa_key_production_parameters_t 1!\n") if $i == $#args;
+ my $next = $args[$i + 1];
+ die("$arg: $func: $name: $next: not a psa_key_production_parameters_t 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/;
+ $i++; # We're using the next param here
+ my $nname = $1;
+ $name .= ", " . $nname;
+ } elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) {
+ ($type, $name) = ($3, "*" . $4);
+ $ctype = $1 . $type . " ";
+ $is_output = (length($1) == 0) ? 1 : 0;
+ } elsif ($arg eq "void") {
+ # we'll just ignore this one
+ } else {
+ die("ARG HELP $arg\n");
+ }
+ #print "$arg => <$type><$ctype><$name><$is_output>\n";
+ if ($arg ne "void") {
+ push(@{$f->{args}}, {
+ "type" => $type,
+ "ctypename" => $ctype,
+ "name" => $name,
+ "is_output" => $is_output,
+ });
+ }
+ }
+ $funcs{$func} = $f;
+ } else {
+ die("FAILED");
+ }
+ push(@rebuild, $line);
+ } elsif ($line =~ /^static psa_\w+_t (psa_\w*)\(/) { # begin function definition
+ # IGNORE static functions
+ } else {
+ if ($line =~ /psa_/) {
+ print "NOT PARSED: $line\n";
+ }
+ push(@rebuild, $line);
+ }
+ }
+
+ #print ::Dumper(\%funcs);
+ #exit;
+
+ return %funcs;
+}
+
+sub put_crypto_init_first
+{
+ my ($functions) = @_;
+
+ my $want_first = "psa_crypto_init";
+
+ my $idx = undef;
+ for my $i (0 .. $#$functions) {
+ if ($functions->[$i] eq $want_first) {
+ $idx = $i;
+ last;
+ }
+ }
+
+ if (defined($idx) && $idx != 0) { # Do nothing if already first
+ splice(@$functions, $idx, 1);
+ unshift(@$functions, $want_first);
+ }
+}
+
+__END__
/**
* \brief Library initialization.
*
@@ -93,739 +1263,6 @@
*/
psa_status_t psa_crypto_init(void);
-/**@}*/
-
-/** \addtogroup attributes
- * @{
- */
-
-/** \def PSA_KEY_ATTRIBUTES_INIT
- *
- * This macro returns a suitable initializer for a key attribute structure
- * of type #psa_key_attributes_t.
- */
-
-/** Return an initial value for a key attributes structure.
- */
-static psa_key_attributes_t psa_key_attributes_init(void);
-
-/** Declare a key as persistent and set its key identifier.
- *
- * If the attribute structure currently declares the key as volatile (which
- * is the default content of an attribute structure), this function sets
- * the lifetime attribute to #PSA_KEY_LIFETIME_PERSISTENT.
- *
- * This function does not access storage, it merely stores the given
- * value in the structure.
- * The persistent key will be written to storage when the attribute
- * structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
- * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
- * or psa_copy_key().
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param key The persistent identifier for the key.
- */
-static void psa_set_key_id(psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t key);
-
-#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
-/** Set the owner identifier of a key.
- *
- * When key identifiers encode key owner identifiers, psa_set_key_id() does
- * not allow to define in key attributes the owner of volatile keys as
- * psa_set_key_id() enforces the key to be persistent.
- *
- * This function allows to set in key attributes the owner identifier of a
- * key. It is intended to be used for volatile keys. For persistent keys,
- * it is recommended to use the PSA Cryptography API psa_set_key_id() to define
- * the owner of a key.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param owner The key owner identifier.
- */
-static void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
- mbedtls_key_owner_id_t owner);
-#endif
-
-/** Set the location of a persistent key.
- *
- * To make a key persistent, you must give it a persistent key identifier
- * with psa_set_key_id(). By default, a key that has a persistent identifier
- * is stored in the default storage area identifier by
- * #PSA_KEY_LIFETIME_PERSISTENT. Call this function to choose a storage
- * area, or to explicitly declare the key as volatile.
- *
- * This function does not access storage, it merely stores the given
- * value in the structure.
- * The persistent key will be written to storage when the attribute
- * structure is passed to a key creation function such as
- * psa_import_key(), psa_generate_key(), psa_generate_key_ext(),
- * psa_key_derivation_output_key(), psa_key_derivation_output_key_ext()
- * or psa_copy_key().
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param lifetime The lifetime for the key.
- * If this is #PSA_KEY_LIFETIME_VOLATILE, the
- * key will be volatile, and the key identifier
- * attribute is reset to 0.
- */
-static void psa_set_key_lifetime(psa_key_attributes_t *attributes,
- psa_key_lifetime_t lifetime);
-
-/** Retrieve the key identifier from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The persistent identifier stored in the attribute structure.
- * This value is unspecified if the attribute structure declares
- * the key as volatile.
- */
-static mbedtls_svc_key_id_t psa_get_key_id(
- const psa_key_attributes_t *attributes);
-
-/** Retrieve the lifetime from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The lifetime value stored in the attribute structure.
- */
-static psa_key_lifetime_t psa_get_key_lifetime(
- const psa_key_attributes_t *attributes);
-
-/** Declare usage flags for a key.
- *
- * Usage flags are part of a key's usage policy. They encode what
- * kind of operations are permitted on the key. For more details,
- * refer to the documentation of the type #psa_key_usage_t.
- *
- * This function overwrites any usage flags
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param usage_flags The usage flags to write.
- */
-static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
- psa_key_usage_t usage_flags);
-
-/** Retrieve the usage flags from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The usage flags stored in the attribute structure.
- */
-static psa_key_usage_t psa_get_key_usage_flags(
- const psa_key_attributes_t *attributes);
-
-/** Declare the permitted algorithm policy for a key.
- *
- * The permitted algorithm policy of a key encodes which algorithm or
- * algorithms are permitted to be used with this key. The following
- * algorithm policies are supported:
- * - 0 does not allow any cryptographic operation with the key. The key
- * may be used for non-cryptographic actions such as exporting (if
- * permitted by the usage flags).
- * - An algorithm value permits this particular algorithm.
- * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
- * signature scheme with any hash algorithm.
- * - An algorithm built from #PSA_ALG_AT_LEAST_THIS_LENGTH_MAC allows
- * any MAC algorithm from the same base class (e.g. CMAC) which
- * generates/verifies a MAC length greater than or equal to the length
- * encoded in the wildcard algorithm.
- * - An algorithm built from #PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG
- * allows any AEAD algorithm from the same base class (e.g. CCM) which
- * generates/verifies a tag length greater than or equal to the length
- * encoded in the wildcard algorithm.
- *
- * This function overwrites any algorithm policy
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param alg The permitted algorithm policy to write.
- */
-static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
- psa_algorithm_t alg);
-
-
-/** Retrieve the algorithm policy from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The algorithm stored in the attribute structure.
- */
-static psa_algorithm_t psa_get_key_algorithm(
- const psa_key_attributes_t *attributes);
-
-/** Declare the type of a key.
- *
- * This function overwrites any key type
- * previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param type The key type to write.
- * If this is 0, the key type in \p attributes
- * becomes unspecified.
- */
-static void psa_set_key_type(psa_key_attributes_t *attributes,
- psa_key_type_t type);
-
-
-/** Declare the size of a key.
- *
- * This function overwrites any key size previously set in \p attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate each of its arguments exactly once.
- *
- * \param[out] attributes The attribute structure to write to.
- * \param bits The key size in bits.
- * If this is 0, the key size in \p attributes
- * becomes unspecified. Keys of size 0 are
- * not supported.
- */
-static void psa_set_key_bits(psa_key_attributes_t *attributes,
- size_t bits);
-
-/** Retrieve the key type from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The key type stored in the attribute structure.
- */
-static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
-
-/** Retrieve the key size from key attributes.
- *
- * This function may be declared as `static` (i.e. without external
- * linkage). This function may be provided as a function-like macro,
- * but in this case it must evaluate its argument exactly once.
- *
- * \param[in] attributes The key attribute structure to query.
- *
- * \return The key size stored in the attribute structure, in bits.
- */
-static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
-
-/** Retrieve the attributes of a key.
- *
- * This function first resets the attribute structure as with
- * psa_reset_key_attributes(). It then copies the attributes of
- * the given key into the given attribute structure.
- *
- * \note This function may allocate memory or other resources.
- * Once you have called this function on an attribute structure,
- * you must call psa_reset_key_attributes() to free these resources.
- *
- * \param[in] key Identifier of the key to query.
- * \param[in,out] attributes On success, the attributes of the key.
- * On failure, equivalent to a
- * freshly-initialized structure.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
- psa_key_attributes_t *attributes);
-
-/** Reset a key attribute structure to a freshly initialized state.
- *
- * You must initialize the attribute structure as described in the
- * documentation of the type #psa_key_attributes_t before calling this
- * function. Once the structure has been initialized, you may call this
- * function at any time.
- *
- * This function frees any auxiliary resources that the structure
- * may contain.
- *
- * \param[in,out] attributes The attribute structure to reset.
- */
-void psa_reset_key_attributes(psa_key_attributes_t *attributes);
-
-/**@}*/
-
-/** \defgroup key_management Key management
- * @{
- */
-
-/** Remove non-essential copies of key material from memory.
- *
- * If the key identifier designates a volatile key, this functions does not do
- * anything and returns successfully.
- *
- * If the key identifier designates a persistent key, then this function will
- * free all resources associated with the key in volatile memory. The key
- * data in persistent storage is not affected and the key can still be used.
- *
- * \param key Identifier of the key to purge.
- *
- * \retval #PSA_SUCCESS
- * The key material will have been removed from memory if it is not
- * currently required.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not a valid key identifier.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
-
-/** Make a copy of a key.
- *
- * Copy key material from one location to another.
- *
- * This function is primarily useful to copy a key from one location
- * to another, since it populates a key using the material from
- * another key which may have a different lifetime.
- *
- * This function may be used to share a key with a different party,
- * subject to implementation-defined restrictions on key sharing.
- *
- * The policy on the source key must have the usage flag
- * #PSA_KEY_USAGE_COPY set.
- * This flag is sufficient to permit the copy if the key has the lifetime
- * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
- * Some secure elements do not provide a way to copy a key without
- * making it extractable from the secure element. If a key is located
- * in such a secure element, then the key must have both usage flags
- * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
- * a copy of the key outside the secure element.
- *
- * The resulting key may only be used in a way that conforms to
- * both the policy of the original key and the policy specified in
- * the \p attributes parameter:
- * - The usage flags on the resulting key are the bitwise-and of the
- * usage flags on the source policy and the usage flags in \p attributes.
- * - If both allow the same algorithm or wildcard-based
- * algorithm policy, the resulting key has the same algorithm policy.
- * - If either of the policies allows an algorithm and the other policy
- * allows a wildcard-based algorithm policy that includes this algorithm,
- * the resulting key allows the same algorithm.
- * - If the policies do not allow any algorithm in common, this function
- * fails with the status #PSA_ERROR_INVALID_ARGUMENT.
- *
- * The effect of this function on implementation-defined attributes is
- * implementation-defined.
- *
- * \param source_key The key to copy. It must allow the usage
- * #PSA_KEY_USAGE_COPY. If a private or secret key is
- * being copied outside of a secure element it must
- * also allow #PSA_KEY_USAGE_EXPORT.
- * \param[in] attributes The attributes for the new key.
- * They are used as follows:
- * - The key type and size may be 0. If either is
- * nonzero, it must match the corresponding
- * attribute of the source key.
- * - The key location (the lifetime and, for
- * persistent keys, the key identifier) is
- * used directly.
- * - The policy constraints (usage flags and
- * algorithm policy) are combined from
- * the source key and \p attributes so that
- * both sets of restrictions apply, as
- * described in the documentation of this function.
- * \param[out] target_key On success, an identifier for the newly created
- * key. For persistent keys, this is the key
- * identifier defined in \p attributes.
- * \c 0 on failure.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \p source_key is invalid.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * This is an attempt to create a persistent key, and there is
- * already a persistent key with the given identifier.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The lifetime or identifier in \p attributes are invalid, or
- * the policy constraints on the source and specified in
- * \p attributes are incompatible, or
- * \p attributes specifies a key type or key size
- * which does not match the attributes of the source key.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
- * the source key is not exportable and its lifetime does not
- * allow copying it to the target's lifetime.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
- const psa_key_attributes_t *attributes,
- mbedtls_svc_key_id_t *target_key);
-
-
-/**
- * \brief Destroy a key.
- *
- * This function destroys a key from both volatile
- * memory and, if applicable, non-volatile storage. Implementations shall
- * make a best effort to ensure that the key material cannot be recovered.
- *
- * This function also erases any metadata such as policies and frees
- * resources associated with the key.
- *
- * If a key is currently in use in a multipart operation, then destroying the
- * key will cause the multipart operation to fail.
- *
- * \warning We can only guarantee that the the key material will
- * eventually be wiped from memory. With threading enabled
- * and during concurrent execution, copies of the key material may
- * still exist until all threads have finished using the key.
- *
- * \param key Identifier of the key to erase. If this is \c 0, do nothing and
- * return #PSA_SUCCESS.
- *
- * \retval #PSA_SUCCESS
- * \p key was a valid identifier and the key material that it
- * referred to has been erased. Alternatively, \p key is \c 0.
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The key cannot be erased because it is
- * read-only, either due to a policy or due to physical restrictions.
- * \retval #PSA_ERROR_INVALID_HANDLE
- * \p key is not a valid identifier nor \c 0.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE
- * There was a failure in communication with the cryptoprocessor.
- * The key material may still be present in the cryptoprocessor.
- * \retval #PSA_ERROR_DATA_INVALID
- * This error is typically a result of either storage corruption on a
- * cleartext storage backend, or an attempt to read data that was
- * written by an incompatible version of the library.
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * The storage is corrupted. Implementations shall make a best effort
- * to erase key material even in this stage, however applications
- * should be aware that it may be impossible to guarantee that the
- * key material is not recoverable in such cases.
- * \retval #PSA_ERROR_CORRUPTION_DETECTED
- * An unexpected condition which is not a storage corruption or
- * a communication failure occurred. The cryptoprocessor may have
- * been compromised.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
-
-/**@}*/
-
-/** \defgroup import_export Key import and export
- * @{
- */
-
-/**
- * \brief Import a key in binary format.
- *
- * This function supports any output from psa_export_key(). Refer to the
- * documentation of psa_export_public_key() for the format of public keys
- * and to the documentation of psa_export_key() for the format for
- * other key types.
- *
- * The key data determines the key size. The attributes may optionally
- * specify a key size; in this case it must match the size determined
- * from the key data. A key size of 0 in \p attributes indicates that
- * the key size is solely determined by the key data.
- *
- * Implementations must reject an attempt to import a key of size 0.
- *
- * This specification supports a single format for each key type.
- * Implementations may support other formats as long as the standard
- * format is supported. Implementations that support other formats
- * should ensure that the formats are clearly unambiguous so as to
- * minimize the risk that an invalid input is accidentally interpreted
- * according to a different format.
- *
- * \param[in] attributes The attributes for the new key.
- * The key size is always determined from the
- * \p data buffer.
- * If the key size in \p attributes is nonzero,
- * it must be equal to the size from \p data.
- * \param[out] key On success, an identifier to the newly created key.
- * For persistent keys, this is the key identifier
- * defined in \p attributes.
- * \c 0 on failure.
- * \param[in] data Buffer containing the key data. The content of this
- * buffer is interpreted according to the type declared
- * in \p attributes.
- * All implementations must support at least the format
- * described in the documentation
- * of psa_export_key() or psa_export_public_key() for
- * the chosen type. Implementations may allow other
- * formats, but should be conservative: implementations
- * should err on the side of rejecting content if it
- * may be erroneous (e.g. wrong type or truncated data).
- * \param data_length Size of the \p data buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * If the key is persistent, the key material and the key's metadata
- * have been saved to persistent storage.
- * \retval #PSA_ERROR_ALREADY_EXISTS
- * This is an attempt to create a persistent key, and there is
- * already a persistent key with the given identifier.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * The key type or key size is not supported, either by the
- * implementation in general or in this particular persistent location.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key attributes, as a whole, are invalid, or
- * the key data is not correctly formatted, or
- * the size in \p attributes is nonzero and does not match the size
- * of the key data.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- mbedtls_svc_key_id_t *key);
-
-
-
-/**
- * \brief Export a key in binary format.
- *
- * The output of this function can be passed to psa_import_key() to
- * create an equivalent object.
- *
- * If the implementation of psa_import_key() supports other formats
- * beyond the format specified here, the output from psa_export_key()
- * must use the representation specified here, not the original
- * representation.
- *
- * For standard key types, the output format is as follows:
- *
- * - For symmetric keys (including MAC keys), the format is the
- * raw bytes of the key.
- * - For DES, the key data consists of 8 bytes. The parity bits must be
- * correct.
- * - For Triple-DES, the format is the concatenation of the
- * two or three DES keys.
- * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
- * is the non-encrypted DER encoding of the representation defined by
- * PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
- * ```
- * RSAPrivateKey ::= SEQUENCE {
- * version INTEGER, -- must be 0
- * modulus INTEGER, -- n
- * publicExponent INTEGER, -- e
- * privateExponent INTEGER, -- d
- * prime1 INTEGER, -- p
- * prime2 INTEGER, -- q
- * exponent1 INTEGER, -- d mod (p-1)
- * exponent2 INTEGER, -- d mod (q-1)
- * coefficient INTEGER, -- (inverse of q) mod p
- * }
- * ```
- * - For elliptic curve key pairs (key types for which
- * #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
- * a representation of the private value as a `ceiling(m/8)`-byte string
- * where `m` is the bit size associated with the curve, i.e. the bit size
- * of the order of the curve's coordinate field. This byte string is
- * in little-endian order for Montgomery curves (curve types
- * `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
- * curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
- * and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
- * For Weierstrass curves, this is the content of the `privateKey` field of
- * the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves,
- * the format is defined by RFC 7748, and output is masked according to §5.
- * For twisted Edwards curves, the private key is as defined by RFC 8032
- * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
- * - For Diffie-Hellman key exchange key pairs (key types for which
- * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
- * format is the representation of the private key `x` as a big-endian byte
- * string. The length of the byte string is the private key size in bytes
- * (leading zeroes are not stripped).
- * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
- * true), the format is the same as for psa_export_public_key().
- *
- * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
- *
- * \param key Identifier of the key to export. It must allow the
- * usage #PSA_KEY_USAGE_EXPORT, unless it is a public
- * key.
- * \param[out] data Buffer where the key data is to be written.
- * \param data_size Size of the \p data buffer in bytes.
- * \param[out] data_length On success, the number of bytes
- * that make up the key data.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The key does not have the #PSA_KEY_USAGE_EXPORT flag.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p data buffer is too small. You can determine a
- * sufficient buffer size by calling
- * #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
- * where \c type is the key type
- * and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length);
-
-/**
- * \brief Export a public key or the public part of a key pair in binary format.
- *
- * The output of this function can be passed to psa_import_key() to
- * create an object that is equivalent to the public key.
- *
- * This specification supports a single format for each key type.
- * Implementations may support other formats as long as the standard
- * format is supported. Implementations that support other formats
- * should ensure that the formats are clearly unambiguous so as to
- * minimize the risk that an invalid input is accidentally interpreted
- * according to a different format.
- *
- * For standard key types, the output format is as follows:
- * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
- * the representation defined by RFC 3279 §2.3.1 as `RSAPublicKey`.
- * ```
- * RSAPublicKey ::= SEQUENCE {
- * modulus INTEGER, -- n
- * publicExponent INTEGER } -- e
- * ```
- * - For elliptic curve keys on a twisted Edwards curve (key types for which
- * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
- * returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
- * by RFC 8032
- * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
- * - For other elliptic curve public keys (key types for which
- * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
- * representation defined by SEC1 §2.3.3 as the content of an ECPoint.
- * Let `m` be the bit size associated with the curve, i.e. the bit size of
- * `q` for a curve over `F_q`. The representation consists of:
- * - The byte 0x04;
- * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
- * - For Diffie-Hellman key exchange public keys (key types for which
- * #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
- * the format is the representation of the public key `y = g^x mod p` as a
- * big-endian byte string. The length of the byte string is the length of the
- * base prime `p` in bytes.
- *
- * Exporting a public key object or the public part of a key pair is
- * always permitted, regardless of the key's usage flags.
- *
- * \param key Identifier of the key to export.
- * \param[out] data Buffer where the key data is to be written.
- * \param data_size Size of the \p data buffer in bytes.
- * \param[out] data_length On success, the number of bytes
- * that make up the key data.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The key is neither a public key nor a key pair.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p data buffer is too small. You can determine a
- * sufficient buffer size by calling
- * #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
- * where \c type is the key type
- * and \c bits is the key size in bits.
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length);
-
-
-
-/**@}*/
-
-/** \defgroup hash Message digests
- * @{
- */
-
/** Calculate the hash (digest) of a message.
*
* \note To verify the hash of a message against an
@@ -864,80 +1301,16 @@
size_t hash_size,
size_t *hash_length);
-/** Calculate the hash (digest) of a message and compare it with a
- * reference value.
- *
- * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_HASH(\p alg) is true).
- * \param[in] input Buffer containing the message to hash.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[out] hash Buffer containing the expected hash value.
- * \param hash_length Size of the \p hash buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * The expected hash is identical to the actual hash of the input.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The hash of the message was calculated successfully, but it
- * differs from the expected hash.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a hash algorithm.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p input_length or \p hash_length do not match the hash size for \p alg
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_hash_compare(psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *hash,
- size_t hash_length);
-
-/** The type of the state data structure for multipart hash operations.
- *
- * Before calling any function on a hash operation object, the application must
- * initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_hash_operation_t operation;
- * memset(&operation, 0, sizeof(operation));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_hash_operation_t operation = {0};
- * \endcode
- * - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
- * for example:
- * \code
- * psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- * \endcode
- * - Assign the result of the function psa_hash_operation_init()
- * to the structure, for example:
- * \code
- * psa_hash_operation_t operation;
- * operation = psa_hash_operation_init();
- * \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure.
- * Implementation details can change in future versions without notice. */
-typedef struct psa_hash_operation_s psa_hash_operation_t;
-
-/** \def PSA_HASH_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a hash operation object
- * of type #psa_hash_operation_t.
+/* XXX We put this next one in place to check we ignore static functions
+ * when we eventually read all this from a real header file
*/
/** Return an initial value for a hash operation object.
*/
static psa_hash_operation_t psa_hash_operation_init(void);
+/* XXX Back to normal function declarations */
+
/** Set up a multipart hash operation.
*
* The sequence of operations to calculate a hash (message digest)
@@ -1160,887 +1533,39 @@
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation);
-/**@}*/
-
-/** \defgroup MAC Message authentication codes
- * @{
- */
-
-/** Calculate the MAC (message authentication code) of a message.
+/** Calculate the hash (digest) of a message and compare it with a
+ * reference value.
*
- * \note To verify the MAC of a message against an
- * expected value, use psa_mac_verify() instead.
- * Beware that comparing integrity or authenticity data such as
- * MAC values with a function such as \c memcmp is risky
- * because the time taken by the comparison may leak information
- * about the MAC value which could allow an attacker to guess
- * a valid MAC and thereby bypass security controls.
- *
- * \param key Identifier of the key to use for the operation. It
- * must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_MAC(\p alg) is true).
- * \param[in] input Buffer containing the input message.
+ * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_HASH(\p alg) is true).
+ * \param[in] input Buffer containing the message to hash.
* \param input_length Size of the \p input buffer in bytes.
- * \param[out] mac Buffer where the MAC value is to be written.
- * \param mac_size Size of the \p mac buffer in bytes.
- * \param[out] mac_length On success, the number of bytes
- * that make up the MAC value.
+ * \param[out] hash Buffer containing the expected hash value.
+ * \param hash_length Size of the \p hash buffer in bytes.
*
* \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * \p mac_size is too small
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-/** Calculate the MAC of a message and compare it with a reference value.
- *
- * \param key Identifier of the key to use for the operation. It
- * must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_MAC(\p alg) is true).
- * \param[in] input Buffer containing the input message.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[out] mac Buffer containing the expected MAC value.
- * \param mac_length Size of the \p mac buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * The expected MAC is identical to the actual MAC of the input.
+ * The expected hash is identical to the actual hash of the input.
* \retval #PSA_ERROR_INVALID_SIGNATURE
- * The MAC of the message was calculated successfully, but it
- * differs from the expected value.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
+ * The hash of the message was calculated successfully, but it
+ * differs from the expected hash.
* \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *mac,
- size_t mac_length);
-
-/** The type of the state data structure for multipart MAC operations.
- *
- * Before calling any function on a MAC operation object, the application must
- * initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_mac_operation_t operation;
- * memset(&operation, 0, sizeof(operation));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_mac_operation_t operation = {0};
- * \endcode
- * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
- * for example:
- * \code
- * psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- * \endcode
- * - Assign the result of the function psa_mac_operation_init()
- * to the structure, for example:
- * \code
- * psa_mac_operation_t operation;
- * operation = psa_mac_operation_init();
- * \endcode
- *
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure.
- * Implementation details can change in future versions without notice. */
-typedef struct psa_mac_operation_s psa_mac_operation_t;
-
-/** \def PSA_MAC_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a MAC operation object of type
- * #psa_mac_operation_t.
- */
-
-/** Return an initial value for a MAC operation object.
- */
-static psa_mac_operation_t psa_mac_operation_init(void);
-
-/** Set up a multipart MAC calculation operation.
- *
- * This function sets up the calculation of the MAC
- * (message authentication code) of a byte string.
- * To verify the MAC of a message against an
- * expected value, use psa_mac_verify_setup() instead.
- *
- * The sequence of operations to calculate a MAC is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
- * -# Call psa_mac_sign_setup() to specify the algorithm and key.
- * -# Call psa_mac_update() zero, one or more times, passing a fragment
- * of the message each time. The MAC that is calculated is the MAC
- * of the concatenation of these messages in order.
- * -# At the end of the message, call psa_mac_sign_finish() to finish
- * calculating the MAC value and retrieve it.
- *
- * If an error occurs at any step after a call to psa_mac_sign_setup(), the
- * operation will need to be reset by a call to psa_mac_abort(). The
- * application may call psa_mac_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_mac_sign_setup(), the application must
- * eventually terminate the operation through one of the following methods:
- * - A successful call to psa_mac_sign_finish().
- * - A call to psa_mac_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- * been initialized as per the documentation for
- * #psa_mac_operation_t and not yet in use.
- * \param key Identifier of the key to use for the operation. It
- * must remain valid until the operation terminates.
- * It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \p alg is not supported or is not a hash algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a MAC algorithm.
+ * \p input_length or \p hash_length do not match the hash size for \p alg
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive), or
- * the library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg);
-
-/** Set up a multipart MAC verification operation.
- *
- * This function sets up the verification of the MAC
- * (message authentication code) of a byte string against an expected value.
- *
- * The sequence of operations to verify a MAC is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
- * -# Call psa_mac_verify_setup() to specify the algorithm and key.
- * -# Call psa_mac_update() zero, one or more times, passing a fragment
- * of the message each time. The MAC that is calculated is the MAC
- * of the concatenation of these messages in order.
- * -# At the end of the message, call psa_mac_verify_finish() to finish
- * calculating the actual MAC of the message and verify it against
- * the expected value.
- *
- * If an error occurs at any step after a call to psa_mac_verify_setup(), the
- * operation will need to be reset by a call to psa_mac_abort(). The
- * application may call psa_mac_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_mac_verify_setup(), the application must
- * eventually terminate the operation through one of the following methods:
- * - A successful call to psa_mac_verify_finish().
- * - A call to psa_mac_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- * been initialized as per the documentation for
- * #psa_mac_operation_t and not yet in use.
- * \param key Identifier of the key to use for the operation. It
- * must remain valid until the operation terminates.
- * It must allow the usage
- * PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
- * such that #PSA_ALG_IS_MAC(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \c key is not compatible with \c alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \c alg is not supported or is not a MAC algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE
- * The key could not be retrieved from storage.
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive), or
- * the library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg);
-
-/** Add a message fragment to a multipart MAC operation.
- *
- * The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
- * before calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] input Buffer containing the message fragment to add to
- * the MAC calculation.
- * \param input_length Size of the \p input buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active), or
- * the library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_update(psa_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-/** Finish the calculation of the MAC of a message.
- *
- * The application must call psa_mac_sign_setup() before calling this function.
- * This function calculates the MAC of the message formed by concatenating
- * the inputs passed to preceding calls to psa_mac_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \warning Applications should not call this function if they expect
- * a specific value for the MAC. Call psa_mac_verify_finish() instead.
- * Beware that comparing integrity or authenticity data such as
- * MAC values with a function such as \c memcmp is risky
- * because the time taken by the comparison may leak information
- * about the MAC value which could allow an attacker to guess
- * a valid MAC and thereby bypass security controls.
- *
- * \param[in,out] operation Active MAC operation.
- * \param[out] mac Buffer where the MAC value is to be written.
- * \param mac_size Size of the \p mac buffer in bytes.
- * \param[out] mac_length On success, the number of bytes
- * that make up the MAC value. This is always
- * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
- * where \c key_type and \c key_bits are the type and
- * bit-size respectively of the key and \c alg is the
- * MAC algorithm that is calculated.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p mac buffer is too small. You can determine a
- * sufficient buffer size by calling PSA_MAC_LENGTH().
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac sign
- * operation), or the library has not been previously initialized
- * by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-/** Finish the calculation of the MAC of a message and compare it with
- * an expected value.
- *
- * The application must call psa_mac_verify_setup() before calling this function.
- * This function calculates the MAC of the message formed by concatenating
- * the inputs passed to preceding calls to psa_mac_update(). It then
- * compares the calculated MAC with the expected MAC passed as a
- * parameter to this function.
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_mac_abort().
- *
- * \note Implementations shall make the best effort to ensure that the
- * comparison between the actual MAC and the expected MAC is performed
- * in constant time.
- *
- * \param[in,out] operation Active MAC operation.
- * \param[in] mac Buffer containing the expected MAC value.
- * \param mac_length Size of the \p mac buffer in bytes.
- *
- * \retval #PSA_SUCCESS
- * The expected MAC is identical to the actual MAC of the message.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The MAC of the message was calculated successfully, but it
- * differs from the expected MAC.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active mac verify
- * operation), or the library has not been previously initialized
- * by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-/** Abort a MAC operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_mac_sign_setup() or psa_mac_verify_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized by one of the methods described in #psa_mac_operation_t.
- *
- * In particular, calling psa_mac_abort() after the operation has been
- * terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
- * psa_mac_verify_finish() is safe and has no effect.
- *
- * \param[in,out] operation Initialized MAC operation.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
-
-/**@}*/
-
-/** \defgroup cipher Symmetric ciphers
- * @{
- */
-
-/** Encrypt a message using a symmetric cipher.
- *
- * This function encrypts a message with a random IV (initialization
- * vector). Use the multipart operation interface with a
- * #psa_cipher_operation_t object to provide other forms of IV.
- *
- * \param key Identifier of the key to use for the operation.
- * It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
- * \param alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] input Buffer containing the message to encrypt.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[out] output Buffer where the output is to be written.
- * The output contains the IV followed by
- * the ciphertext proper.
- * \param output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the output.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/** Decrypt a message using a symmetric cipher.
- *
- * This function decrypts a message encrypted with a symmetric cipher.
- *
- * \param key Identifier of the key to use for the operation.
- * It must remain valid until the operation
- * terminates. It must allow the usage
- * #PSA_KEY_USAGE_DECRYPT.
- * \param alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- * \param[in] input Buffer containing the message to decrypt.
- * This consists of the IV followed by the
- * ciphertext proper.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[out] output Buffer where the plaintext is to be written.
- * \param output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the output.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/** The type of the state data structure for multipart cipher operations.
- *
- * Before calling any function on a cipher operation object, the application
- * must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_cipher_operation_t operation;
- * memset(&operation, 0, sizeof(operation));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_cipher_operation_t operation = {0};
- * \endcode
- * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
- * for example:
- * \code
- * psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- * \endcode
- * - Assign the result of the function psa_cipher_operation_init()
- * to the structure, for example:
- * \code
- * psa_cipher_operation_t operation;
- * operation = psa_cipher_operation_init();
- * \endcode
- *
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure.
- * Implementation details can change in future versions without notice. */
-typedef struct psa_cipher_operation_s psa_cipher_operation_t;
-
-/** \def PSA_CIPHER_OPERATION_INIT
- *
- * This macro returns a suitable initializer for a cipher operation object of
- * type #psa_cipher_operation_t.
- */
-
-/** Return an initial value for a cipher operation object.
- */
-static psa_cipher_operation_t psa_cipher_operation_init(void);
-
-/** Set the key for a multipart symmetric encryption operation.
- *
- * The sequence of operations to encrypt a message with a symmetric cipher
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_cipher_operation_t, e.g.
- * #PSA_CIPHER_OPERATION_INIT.
- * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
- * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
- * generate or set the IV (initialization vector). You should use
- * psa_cipher_generate_iv() unless the protocol you are implementing
- * requires a specific IV value.
- * -# Call psa_cipher_update() zero, one or more times, passing a fragment
- * of the message each time.
- * -# Call psa_cipher_finish().
- *
- * If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
- * the operation will need to be reset by a call to psa_cipher_abort(). The
- * application may call psa_cipher_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_cipher_encrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_cipher_finish().
- * - A call to psa_cipher_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- * been initialized as per the documentation for
- * #psa_cipher_operation_t and not yet in use.
- * \param key Identifier of the key to use for the operation.
- * It must remain valid until the operation
- * terminates. It must allow the usage
- * #PSA_KEY_USAGE_ENCRYPT.
- * \param alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive), or
- * the library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg);
-
-/** Set the key for a multipart symmetric decryption operation.
- *
- * The sequence of operations to decrypt a message with a symmetric cipher
- * is as follows:
- * -# Allocate an operation object which will be passed to all the functions
- * listed here.
- * -# Initialize the operation object with one of the methods described in the
- * documentation for #psa_cipher_operation_t, e.g.
- * #PSA_CIPHER_OPERATION_INIT.
- * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
- * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
- * decryption. If the IV is prepended to the ciphertext, you can call
- * psa_cipher_update() on a buffer containing the IV followed by the
- * beginning of the message.
- * -# Call psa_cipher_update() zero, one or more times, passing a fragment
- * of the message each time.
- * -# Call psa_cipher_finish().
- *
- * If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
- * the operation will need to be reset by a call to psa_cipher_abort(). The
- * application may call psa_cipher_abort() at any time after the operation
- * has been initialized.
- *
- * After a successful call to psa_cipher_decrypt_setup(), the application must
- * eventually terminate the operation. The following events terminate an
- * operation:
- * - A successful call to psa_cipher_finish().
- * - A call to psa_cipher_abort().
- *
- * \param[in,out] operation The operation object to set up. It must have
- * been initialized as per the documentation for
- * #psa_cipher_operation_t and not yet in use.
- * \param key Identifier of the key to use for the operation.
- * It must remain valid until the operation
- * terminates. It must allow the usage
- * #PSA_KEY_USAGE_DECRYPT.
- * \param alg The cipher algorithm to compute
- * (\c PSA_ALG_XXX value such that
- * #PSA_ALG_IS_CIPHER(\p alg) is true).
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * \p key is not compatible with \p alg.
- * \retval #PSA_ERROR_NOT_SUPPORTED
- * \p alg is not supported or is not a cipher algorithm.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be inactive), or
- * the library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg);
-
-/** Generate an IV for a symmetric encryption operation.
- *
- * This function generates a random IV (initialization vector), nonce
- * or initial counter value for the encryption operation as appropriate
- * for the chosen algorithm, key type and key size.
- *
- * The application must call psa_cipher_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation Active cipher operation.
- * \param[out] iv Buffer where the generated IV is to be written.
- * \param iv_size Size of the \p iv buffer in bytes.
- * \param[out] iv_length On success, the number of bytes of the
- * generated IV.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p iv buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with no IV set),
- * or the library has not been previously initialized
- * by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
- uint8_t *iv,
- size_t iv_size,
- size_t *iv_length);
-
-/** Set the IV for a symmetric encryption or decryption operation.
- *
- * This function sets the IV (initialization vector), nonce
- * or initial counter value for the encryption or decryption operation.
- *
- * The application must call psa_cipher_encrypt_setup() before
- * calling this function.
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \note When encrypting, applications should use psa_cipher_generate_iv()
- * instead of this function, unless implementing a protocol that requires
- * a non-random IV.
- *
- * \param[in,out] operation Active cipher operation.
- * \param[in] iv Buffer containing the IV to use.
- * \param iv_length Size of the IV in bytes.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The size of \p iv is not acceptable for the chosen algorithm,
- * or the chosen algorithm does not use an IV.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be an active cipher
- * encrypt operation, with no IV set), or the library has not been
- * previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length);
-
-/** Encrypt or decrypt a message fragment in an active cipher operation.
- *
- * Before calling this function, you must:
- * 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
- * The choice of setup function determines whether this function
- * encrypts or decrypts its input.
- * 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
- * (recommended when encrypting) or psa_cipher_set_iv().
- *
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation Active cipher operation.
- * \param[in] input Buffer containing the message fragment to
- * encrypt or decrypt.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[out] output Buffer where the output is to be written.
- * \param output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm), or the library has not been
- * previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/** Finish encrypting or decrypting a message in a cipher operation.
- *
- * The application must call psa_cipher_encrypt_setup() or
- * psa_cipher_decrypt_setup() before calling this function. The choice
- * of setup function determines whether this function encrypts or
- * decrypts its input.
- *
- * This function finishes the encryption or decryption of the message
- * formed by concatenating the inputs passed to preceding calls to
- * psa_cipher_update().
- *
- * When this function returns successfully, the operation becomes inactive.
- * If this function returns an error status, the operation enters an error
- * state and must be aborted by calling psa_cipher_abort().
- *
- * \param[in,out] operation Active cipher operation.
- * \param[out] output Buffer where the output is to be written.
- * \param output_size Size of the \p output buffer in bytes.
- * \param[out] output_length On success, the number of bytes
- * that make up the returned output.
- *
- * \retval #PSA_SUCCESS
- * Success.
- * \retval #PSA_ERROR_INVALID_ARGUMENT
- * The total input size passed to this operation is not valid for
- * this particular algorithm. For example, the algorithm is a based
- * on block cipher and requires a whole number of blocks, but the
- * total input size is not a multiple of the block size.
- * \retval #PSA_ERROR_INVALID_PADDING
- * This is a decryption operation for an algorithm that includes
- * padding, and the ciphertext does not contain valid padding.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small.
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The operation state is not valid (it must be active, with an IV set
- * if required for the algorithm), or the library has not been
- * previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/** Abort a cipher operation.
- *
- * Aborting an operation frees all associated resources except for the
- * \p operation structure itself. Once aborted, the operation object
- * can be reused for another operation by calling
- * psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
- *
- * You may call this function any time after the operation object has
- * been initialized as described in #psa_cipher_operation_t.
- *
- * In particular, calling psa_cipher_abort() after the operation has been
- * terminated by a call to psa_cipher_abort() or psa_cipher_finish()
- * is safe and has no effect.
- *
- * \param[in,out] operation Initialized cipher operation.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
-
-/**@}*/
-
-/** \defgroup aead Authenticated encryption with associated data (AEAD)
- * @{
- */
+psa_status_t psa_hash_compare(psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *hash,
+ size_t hash_length);
/** Process an authenticated encryption operation.
*
@@ -2819,356 +2344,1055 @@
*/
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
-/**@}*/
-
-/** \defgroup asymmetric Asymmetric cryptography
- * @{
+/**
+ * \brief Import a key in binary format.
+ *
+ * This function supports any output from psa_export_key(). Refer to the
+ * documentation of psa_export_public_key() for the format of public keys
+ * and to the documentation of psa_export_key() for the format for
+ * other key types.
+ *
+ * The key data determines the key size. The attributes may optionally
+ * specify a key size; in this case it must match the size determined
+ * from the key data. A key size of 0 in \p attributes indicates that
+ * the key size is solely determined by the key data.
+ *
+ * Implementations must reject an attempt to import a key of size 0.
+ *
+ * This specification supports a single format for each key type.
+ * Implementations may support other formats as long as the standard
+ * format is supported. Implementations that support other formats
+ * should ensure that the formats are clearly unambiguous so as to
+ * minimize the risk that an invalid input is accidentally interpreted
+ * according to a different format.
+ *
+ * \param[in] attributes The attributes for the new key.
+ * The key size is always determined from the
+ * \p data buffer.
+ * If the key size in \p attributes is nonzero,
+ * it must be equal to the size from \p data.
+ * \param[out] key On success, an identifier to the newly created key.
+ * For persistent keys, this is the key identifier
+ * defined in \p attributes.
+ * \c 0 on failure.
+ * \param[in] data Buffer containing the key data. The content of this
+ * buffer is interpreted according to the type declared
+ * in \p attributes.
+ * All implementations must support at least the format
+ * described in the documentation
+ * of psa_export_key() or psa_export_public_key() for
+ * the chosen type. Implementations may allow other
+ * formats, but should be conservative: implementations
+ * should err on the side of rejecting content if it
+ * may be erroneous (e.g. wrong type or truncated data).
+ * \param data_length Size of the \p data buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * If the key is persistent, the key material and the key's metadata
+ * have been saved to persistent storage.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * The key type or key size is not supported, either by the
+ * implementation in general or in this particular persistent location.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key attributes, as a whole, are invalid, or
+ * the key data is not correctly formatted, or
+ * the size in \p attributes is nonzero and does not match the size
+ * of the key data.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
+psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ mbedtls_svc_key_id_t *key);
+
+/** Retrieve the attributes of a key.
+ *
+ * This function first resets the attribute structure as with
+ * psa_reset_key_attributes(). It then copies the attributes of
+ * the given key into the given attribute structure.
+ *
+ * \note This function may allocate memory or other resources.
+ * Once you have called this function on an attribute structure,
+ * you must call psa_reset_key_attributes() to free these resources.
+ *
+ * \param[in] key Identifier of the key to query.
+ * \param[in,out] attributes On success, the attributes of the key.
+ * On failure, equivalent to a
+ * freshly-initialized structure.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
+ psa_key_attributes_t *attributes);
/**
- * \brief Sign a message with a private key. For hash-and-sign algorithms,
- * this includes the hashing step.
+ * \brief Destroy a key.
*
- * \note To perform a multi-part hash-and-sign signature algorithm, first use
- * a multi-part hash operation and then pass the resulting hash to
- * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
- * hash algorithm to use.
+ * This function destroys a key from both volatile
+ * memory and, if applicable, non-volatile storage. Implementations shall
+ * make a best effort to ensure that the key material cannot be recovered.
*
- * \param[in] key Identifier of the key to use for the operation.
- * It must be an asymmetric key pair. The key must
- * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
- * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
- * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
- * is true), that is compatible with the type of
- * \p key.
- * \param[in] input The input message to sign.
- * \param[in] input_length Size of the \p input buffer in bytes.
- * \param[out] signature Buffer where the signature is to be written.
- * \param[in] signature_size Size of the \p signature buffer in bytes. This
- * must be appropriate for the selected
- * algorithm and key:
- * - The required signature size is
- * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and
- * bit-size respectively of key.
- * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
- * maximum signature size of any supported
- * signature algorithm.
- * \param[out] signature_length On success, the number of bytes that make up
- * the returned signature value.
+ * This function also erases any metadata such as policies and frees
+ * resources associated with the key.
*
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * If a key is currently in use in a multipart operation, then destroying the
+ * key will cause the multipart operation to fail.
+ *
+ * \warning We can only guarantee that the the key material will
+ * eventually be wiped from memory. With threading enabled
+ * and during concurrent execution, copies of the key material may
+ * still exist until all threads have finished using the key.
+ *
+ * \param key Identifier of the key to erase. If this is \c 0, do nothing and
+ * return #PSA_SUCCESS.
+ *
+ * \retval #PSA_SUCCESS
+ * \p key was a valid identifier and the key material that it
+ * referred to has been erased. Alternatively, \p key is \c 0.
* \retval #PSA_ERROR_NOT_PERMITTED
- * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
- * or it does not permit the requested algorithm.
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p signature buffer is too small. You can
- * determine a sufficient buffer size by calling
- * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * The key cannot be erased because it is
+ * read-only, either due to a policy or due to physical restrictions.
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \p key is not a valid identifier nor \c 0.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE
+ * There was a failure in communication with the cryptoprocessor.
+ * The key material may still be present in the cryptoprocessor.
+ * \retval #PSA_ERROR_DATA_INVALID
+ * This error is typically a result of either storage corruption on a
+ * cleartext storage backend, or an attempt to read data that was
+ * written by an incompatible version of the library.
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The storage is corrupted. Implementations shall make a best effort
+ * to erase key material even in this stage, however applications
+ * should be aware that it may be impossible to guarantee that the
+ * key material is not recoverable in such cases.
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED
+ * An unexpected condition which is not a storage corruption or
+ * a communication failure occurred. The cryptoprocessor may have
+ * been compromised.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
+psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key);
-/** \brief Verify the signature of a message with a public key, using
- * a hash-and-sign verification algorithm.
+/**
+ * \brief Generate random bytes.
*
- * \note To perform a multi-part hash-and-sign signature verification
- * algorithm, first use a multi-part hash operation to hash the message
- * and then pass the resulting hash to psa_verify_hash().
- * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
- * to use.
+ * \warning This function **can** fail! Callers MUST check the return status
+ * and MUST NOT use the content of the output buffer if the return
+ * status is not #PSA_SUCCESS.
*
- * \param[in] key Identifier of the key to use for the operation.
- * It must be a public key or an asymmetric key
- * pair. The key must allow the usage
- * #PSA_KEY_USAGE_VERIFY_MESSAGE.
- * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
- * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
- * is true), that is compatible with the type of
- * \p key.
- * \param[in] input The message whose signature is to be verified.
- * \param[in] input_length Size of the \p input buffer in bytes.
- * \param[out] signature Buffer containing the signature to verify.
- * \param[in] signature_length Size of the \p signature buffer in bytes.
+ * \note To generate a key, use psa_generate_key() instead.
+ *
+ * \param[out] output Output buffer for the generated data.
+ * \param output_size Number of bytes to generate and output.
*
* \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED
- * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
- * or it does not permit the requested algorithm.
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was performed successfully, but the passed signature
- * is not a valid signature.
* \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
- * \retval #PSA_ERROR_DATA_INVALID \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+psa_status_t psa_generate_random(uint8_t *output,
+ size_t output_size);
+
+/** Calculate the MAC (message authentication code) of a message.
+ *
+ * \note To verify the MAC of a message against an
+ * expected value, use psa_mac_verify() instead.
+ * Beware that comparing integrity or authenticity data such as
+ * MAC values with a function such as \c memcmp is risky
+ * because the time taken by the comparison may leak information
+ * about the MAC value which could allow an attacker to guess
+ * a valid MAC and thereby bypass security controls.
+ *
+ * \param key Identifier of the key to use for the operation. It
+ * must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ * \param[in] input Buffer containing the input message.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Size of the \p mac buffer in bytes.
+ * \param[out] mac_length On success, the number of bytes
+ * that make up the MAC value.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * \p mac_size is too small
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The key could not be retrieved from storage.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+/** Calculate the MAC of a message and compare it with a reference value.
+ *
+ * \param key Identifier of the key to use for the operation. It
+ * must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ * \param[in] input Buffer containing the input message.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] mac Buffer containing the expected MAC value.
+ * \param mac_length Size of the \p mac buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected MAC is identical to the actual MAC of the input.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The MAC of the message was calculated successfully, but it
+ * differs from the expected value.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The key could not be retrieved from storage.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *mac,
+ size_t mac_length);
+
+/** The type of the state data structure for multipart MAC operations.
+ *
+ * Before calling any function on a MAC operation object, the application must
+ * initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_mac_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_mac_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_mac_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_mac_operation_t operation;
+ * operation = psa_mac_operation_init();
+ * \endcode
+ *
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_mac_operation_s psa_mac_operation_t;
+
+/** \def PSA_MAC_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a MAC operation object of type
+ * #psa_mac_operation_t.
+ */
+
+/** Return an initial value for a MAC operation object.
+ */
+static psa_mac_operation_t psa_mac_operation_init(void);
+
+/** Set up a multipart MAC calculation operation.
+ *
+ * This function sets up the calculation of the MAC
+ * (message authentication code) of a byte string.
+ * To verify the MAC of a message against an
+ * expected value, use psa_mac_verify_setup() instead.
+ *
+ * The sequence of operations to calculate a MAC is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+ * -# Call psa_mac_sign_setup() to specify the algorithm and key.
+ * -# Call psa_mac_update() zero, one or more times, passing a fragment
+ * of the message each time. The MAC that is calculated is the MAC
+ * of the concatenation of these messages in order.
+ * -# At the end of the message, call psa_mac_sign_finish() to finish
+ * calculating the MAC value and retrieve it.
+ *
+ * If an error occurs at any step after a call to psa_mac_sign_setup(), the
+ * operation will need to be reset by a call to psa_mac_abort(). The
+ * application may call psa_mac_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_mac_sign_setup(), the application must
+ * eventually terminate the operation through one of the following methods:
+ * - A successful call to psa_mac_sign_finish().
+ * - A call to psa_mac_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_mac_operation_t and not yet in use.
+ * \param key Identifier of the key to use for the operation. It
+ * must remain valid until the operation terminates.
+ * It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The key could not be retrieved from storage.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg);
+
+/** Set up a multipart MAC verification operation.
+ *
+ * This function sets up the verification of the MAC
+ * (message authentication code) of a byte string against an expected value.
+ *
+ * The sequence of operations to verify a MAC is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT.
+ * -# Call psa_mac_verify_setup() to specify the algorithm and key.
+ * -# Call psa_mac_update() zero, one or more times, passing a fragment
+ * of the message each time. The MAC that is calculated is the MAC
+ * of the concatenation of these messages in order.
+ * -# At the end of the message, call psa_mac_verify_finish() to finish
+ * calculating the actual MAC of the message and verify it against
+ * the expected value.
+ *
+ * If an error occurs at any step after a call to psa_mac_verify_setup(), the
+ * operation will need to be reset by a call to psa_mac_abort(). The
+ * application may call psa_mac_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_mac_verify_setup(), the application must
+ * eventually terminate the operation through one of the following methods:
+ * - A successful call to psa_mac_verify_finish().
+ * - A call to psa_mac_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_mac_operation_t and not yet in use.
+ * \param key Identifier of the key to use for the operation. It
+ * must remain valid until the operation terminates.
+ * It must allow the usage
+ * PSA_KEY_USAGE_VERIFY_MESSAGE.
+ * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
+ * such that #PSA_ALG_IS_MAC(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \c key is not compatible with \c alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \c alg is not supported or is not a MAC algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE
+ * The key could not be retrieved from storage.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg);
+
+/** Add a message fragment to a multipart MAC operation.
+ *
+ * The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
+ * before calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] input Buffer containing the message fragment to add to
+ * the MAC calculation.
+ * \param input_length Size of the \p input buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active), or
+ * the library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_update(psa_mac_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length);
+
+/** Finish the calculation of the MAC of a message.
+ *
+ * The application must call psa_mac_sign_setup() before calling this function.
+ * This function calculates the MAC of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_mac_update().
+ *
+ * When this function returns successfully, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
+ *
+ * \warning Applications should not call this function if they expect
+ * a specific value for the MAC. Call psa_mac_verify_finish() instead.
+ * Beware that comparing integrity or authenticity data such as
+ * MAC values with a function such as \c memcmp is risky
+ * because the time taken by the comparison may leak information
+ * about the MAC value which could allow an attacker to guess
+ * a valid MAC and thereby bypass security controls.
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[out] mac Buffer where the MAC value is to be written.
+ * \param mac_size Size of the \p mac buffer in bytes.
+ * \param[out] mac_length On success, the number of bytes
+ * that make up the MAC value. This is always
+ * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg)
+ * where \c key_type and \c key_bits are the type and
+ * bit-size respectively of the key and \c alg is the
+ * MAC algorithm that is calculated.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p mac buffer is too small. You can determine a
+ * sufficient buffer size by calling PSA_MAC_LENGTH().
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be an active mac sign
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
+ uint8_t *mac,
+ size_t mac_size,
+ size_t *mac_length);
+
+/** Finish the calculation of the MAC of a message and compare it with
+ * an expected value.
+ *
+ * The application must call psa_mac_verify_setup() before calling this function.
+ * This function calculates the MAC of the message formed by concatenating
+ * the inputs passed to preceding calls to psa_mac_update(). It then
+ * compares the calculated MAC with the expected MAC passed as a
+ * parameter to this function.
+ *
+ * When this function returns successfully, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_mac_abort().
+ *
+ * \note Implementations shall make the best effort to ensure that the
+ * comparison between the actual MAC and the expected MAC is performed
+ * in constant time.
+ *
+ * \param[in,out] operation Active MAC operation.
+ * \param[in] mac Buffer containing the expected MAC value.
+ * \param mac_length Size of the \p mac buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The expected MAC is identical to the actual MAC of the message.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The MAC of the message was calculated successfully, but it
+ * differs from the expected MAC.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be an active mac verify
+ * operation), or the library has not been previously initialized
+ * by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
+ const uint8_t *mac,
+ size_t mac_length);
+
+/** Abort a MAC operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_mac_sign_setup() or psa_mac_verify_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized by one of the methods described in #psa_mac_operation_t.
+ *
+ * In particular, calling psa_mac_abort() after the operation has been
+ * terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
+ * psa_mac_verify_finish() is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized MAC operation.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
+
+/** Encrypt a message using a symmetric cipher.
+ *
+ * This function encrypts a message with a random IV (initialization
+ * vector). Use the multipart operation interface with a
+ * #psa_cipher_operation_t object to provide other forms of IV.
+ *
+ * \param key Identifier of the key to use for the operation.
+ * It must allow the usage #PSA_KEY_USAGE_ENCRYPT.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the message to encrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
+ * The output contains the IV followed by
+ * the ciphertext proper.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the output.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
-/**
- * \brief Sign a hash or short message with a private key.
+/** Decrypt a message using a symmetric cipher.
*
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
- * Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
+ * This function decrypts a message encrypted with a symmetric cipher.
*
* \param key Identifier of the key to use for the operation.
- * It must be an asymmetric key pair. The key must
- * allow the usage #PSA_KEY_USAGE_SIGN_HASH.
- * \param alg A signature algorithm (PSA_ALG_XXX
- * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
- * is true), that is compatible with
- * the type of \p key.
- * \param[in] hash The hash or message to sign.
- * \param hash_length Size of the \p hash buffer in bytes.
- * \param[out] signature Buffer where the signature is to be written.
- * \param signature_size Size of the \p signature buffer in bytes.
- * \param[out] signature_length On success, the number of bytes
- * that make up the returned signature value.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p signature buffer is too small. You can
- * determine a sufficient buffer size by calling
- * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-/**
- * \brief Verify the signature of a hash or short message using a public key.
- *
- * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
- * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
- * Then pass the resulting hash as the \p hash
- * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
- * to determine the hash algorithm to use.
- *
- * \param key Identifier of the key to use for the operation. It
- * must be a public key or an asymmetric key pair. The
- * key must allow the usage
- * #PSA_KEY_USAGE_VERIFY_HASH.
- * \param alg A signature algorithm (PSA_ALG_XXX
- * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
- * is true), that is compatible with
- * the type of \p key.
- * \param[in] hash The hash or message whose signature is to be
- * verified.
- * \param hash_length Size of the \p hash buffer in bytes.
- * \param[in] signature Buffer containing the signature to verify.
- * \param signature_length Size of the \p signature buffer in bytes.
+ * It must remain valid until the operation
+ * terminates. It must allow the usage
+ * #PSA_KEY_USAGE_DECRYPT.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ * \param[in] input Buffer containing the message to decrypt.
+ * This consists of the IV followed by the
+ * ciphertext proper.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the plaintext is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the output.
*
* \retval #PSA_SUCCESS
- * The signature is valid.
+ * Success.
* \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
* \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
- * \retval #PSA_ERROR_INVALID_SIGNATURE
- * The calculation was performed successfully, but the passed
- * signature is not a valid signature.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** The type of the state data structure for multipart cipher operations.
+ *
+ * Before calling any function on a cipher operation object, the application
+ * must initialize it by any of the following means:
+ * - Set the structure to all-bits-zero, for example:
+ * \code
+ * psa_cipher_operation_t operation;
+ * memset(&operation, 0, sizeof(operation));
+ * \endcode
+ * - Initialize the structure to logical zero values, for example:
+ * \code
+ * psa_cipher_operation_t operation = {0};
+ * \endcode
+ * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
+ * for example:
+ * \code
+ * psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ * \endcode
+ * - Assign the result of the function psa_cipher_operation_init()
+ * to the structure, for example:
+ * \code
+ * psa_cipher_operation_t operation;
+ * operation = psa_cipher_operation_init();
+ * \endcode
+ *
+ * This is an implementation-defined \c struct. Applications should not
+ * make any assumptions about the content of this structure.
+ * Implementation details can change in future versions without notice. */
+typedef struct psa_cipher_operation_s psa_cipher_operation_t;
+
+/** \def PSA_CIPHER_OPERATION_INIT
+ *
+ * This macro returns a suitable initializer for a cipher operation object of
+ * type #psa_cipher_operation_t.
+ */
+
+/** Return an initial value for a cipher operation object.
+ */
+static psa_cipher_operation_t psa_cipher_operation_init(void);
+
+/** Set the key for a multipart symmetric encryption operation.
+ *
+ * The sequence of operations to encrypt a message with a symmetric cipher
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_cipher_operation_t, e.g.
+ * #PSA_CIPHER_OPERATION_INIT.
+ * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
+ * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
+ * generate or set the IV (initialization vector). You should use
+ * psa_cipher_generate_iv() unless the protocol you are implementing
+ * requires a specific IV value.
+ * -# Call psa_cipher_update() zero, one or more times, passing a fragment
+ * of the message each time.
+ * -# Call psa_cipher_finish().
+ *
+ * If an error occurs at any step after a call to psa_cipher_encrypt_setup(),
+ * the operation will need to be reset by a call to psa_cipher_abort(). The
+ * application may call psa_cipher_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_cipher_encrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A successful call to psa_cipher_finish().
+ * - A call to psa_cipher_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_cipher_operation_t and not yet in use.
+ * \param key Identifier of the key to use for the operation.
+ * It must remain valid until the operation
+ * terminates. It must allow the usage
+ * #PSA_KEY_USAGE_ENCRYPT.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length);
+psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg);
-/**
- * \brief Encrypt a short message with a public key.
+/** Set the key for a multipart symmetric decryption operation.
*
+ * The sequence of operations to decrypt a message with a symmetric cipher
+ * is as follows:
+ * -# Allocate an operation object which will be passed to all the functions
+ * listed here.
+ * -# Initialize the operation object with one of the methods described in the
+ * documentation for #psa_cipher_operation_t, e.g.
+ * #PSA_CIPHER_OPERATION_INIT.
+ * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
+ * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
+ * decryption. If the IV is prepended to the ciphertext, you can call
+ * psa_cipher_update() on a buffer containing the IV followed by the
+ * beginning of the message.
+ * -# Call psa_cipher_update() zero, one or more times, passing a fragment
+ * of the message each time.
+ * -# Call psa_cipher_finish().
+ *
+ * If an error occurs at any step after a call to psa_cipher_decrypt_setup(),
+ * the operation will need to be reset by a call to psa_cipher_abort(). The
+ * application may call psa_cipher_abort() at any time after the operation
+ * has been initialized.
+ *
+ * After a successful call to psa_cipher_decrypt_setup(), the application must
+ * eventually terminate the operation. The following events terminate an
+ * operation:
+ * - A successful call to psa_cipher_finish().
+ * - A call to psa_cipher_abort().
+ *
+ * \param[in,out] operation The operation object to set up. It must have
+ * been initialized as per the documentation for
+ * #psa_cipher_operation_t and not yet in use.
* \param key Identifier of the key to use for the operation.
- * It must be a public key or an asymmetric key
- * pair. It must allow the usage
- * #PSA_KEY_USAGE_ENCRYPT.
- * \param alg An asymmetric encryption algorithm that is
- * compatible with the type of \p key.
- * \param[in] input The message to encrypt.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[in] salt A salt or label, if supported by the
- * encryption algorithm.
- * If the algorithm does not support a
- * salt, pass \c NULL.
- * If the algorithm supports an optional
- * salt and you do not want to pass a salt,
- * pass \c NULL.
+ * It must remain valid until the operation
+ * terminates. It must allow the usage
+ * #PSA_KEY_USAGE_DECRYPT.
+ * \param alg The cipher algorithm to compute
+ * (\c PSA_ALG_XXX value such that
+ * #PSA_ALG_IS_CIPHER(\p alg) is true).
*
- * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- * supported.
- * \param salt_length Size of the \p salt buffer in bytes.
- * If \p salt is \c NULL, pass 0.
- * \param[out] output Buffer where the encrypted message is to
- * be written.
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not compatible with \p alg.
+ * \retval #PSA_ERROR_NOT_SUPPORTED
+ * \p alg is not supported or is not a cipher algorithm.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be inactive), or
+ * the library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
+ mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg);
+
+/** Generate an IV for a symmetric encryption operation.
+ *
+ * This function generates a random IV (initialization vector), nonce
+ * or initial counter value for the encryption operation as appropriate
+ * for the chosen algorithm, key type and key size.
+ *
+ * The application must call psa_cipher_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] iv Buffer where the generated IV is to be written.
+ * \param iv_size Size of the \p iv buffer in bytes.
+ * \param[out] iv_length On success, the number of bytes of the
+ * generated IV.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p iv buffer is too small.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, with no IV set),
+ * or the library has not been previously initialized
+ * by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
+ uint8_t *iv,
+ size_t iv_size,
+ size_t *iv_length);
+
+/** Set the IV for a symmetric encryption or decryption operation.
+ *
+ * This function sets the IV (initialization vector), nonce
+ * or initial counter value for the encryption or decryption operation.
+ *
+ * The application must call psa_cipher_encrypt_setup() before
+ * calling this function.
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
+ *
+ * \note When encrypting, applications should use psa_cipher_generate_iv()
+ * instead of this function, unless implementing a protocol that requires
+ * a non-random IV.
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] iv Buffer containing the IV to use.
+ * \param iv_length Size of the IV in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The size of \p iv is not acceptable for the chosen algorithm,
+ * or the chosen algorithm does not use an IV.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be an active cipher
+ * encrypt operation, with no IV set), or the library has not been
+ * previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
+ const uint8_t *iv,
+ size_t iv_length);
+
+/** Encrypt or decrypt a message fragment in an active cipher operation.
+ *
+ * Before calling this function, you must:
+ * 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
+ * The choice of setup function determines whether this function
+ * encrypts or decrypts its input.
+ * 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
+ * (recommended when encrypting) or psa_cipher_set_iv().
+ *
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[in] input Buffer containing the message fragment to
+ * encrypt or decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_SUCCESS
+ * Success.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small. You can
- * determine a sufficient buffer size by calling
- * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
* \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
+psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
-/**
- * \brief Decrypt a short message with a private key.
+/** Finish encrypting or decrypting a message in a cipher operation.
*
- * \param key Identifier of the key to use for the operation.
- * It must be an asymmetric key pair. It must
- * allow the usage #PSA_KEY_USAGE_DECRYPT.
- * \param alg An asymmetric encryption algorithm that is
- * compatible with the type of \p key.
- * \param[in] input The message to decrypt.
- * \param input_length Size of the \p input buffer in bytes.
- * \param[in] salt A salt or label, if supported by the
- * encryption algorithm.
- * If the algorithm does not support a
- * salt, pass \c NULL.
- * If the algorithm supports an optional
- * salt and you do not want to pass a salt,
- * pass \c NULL.
+ * The application must call psa_cipher_encrypt_setup() or
+ * psa_cipher_decrypt_setup() before calling this function. The choice
+ * of setup function determines whether this function encrypts or
+ * decrypts its input.
*
- * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
- * supported.
- * \param salt_length Size of the \p salt buffer in bytes.
- * If \p salt is \c NULL, pass 0.
- * \param[out] output Buffer where the decrypted message is to
- * be written.
- * \param output_size Size of the \c output buffer in bytes.
+ * This function finishes the encryption or decryption of the message
+ * formed by concatenating the inputs passed to preceding calls to
+ * psa_cipher_update().
+ *
+ * When this function returns successfully, the operation becomes inactive.
+ * If this function returns an error status, the operation enters an error
+ * state and must be aborted by calling psa_cipher_abort().
+ *
+ * \param[in,out] operation Active cipher operation.
+ * \param[out] output Buffer where the output is to be written.
+ * \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
- * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_SUCCESS
+ * Success.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The total input size passed to this operation is not valid for
+ * this particular algorithm. For example, the algorithm is a based
+ * on block cipher and requires a whole number of blocks, but the
+ * total input size is not a multiple of the block size.
+ * \retval #PSA_ERROR_INVALID_PADDING
+ * This is a decryption operation for an algorithm that includes
+ * padding, and the ciphertext does not contain valid padding.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
- * The size of the \p output buffer is too small. You can
- * determine a sufficient buffer size by calling
- * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
- * where \c key_type and \c key_bits are the type and bit-size
- * respectively of \p key.
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
* \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
- * \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The operation state is not valid (it must be active, with an IV set
+ * if required for the algorithm), or the library has not been
+ * previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Abort a cipher operation.
+ *
+ * Aborting an operation frees all associated resources except for the
+ * \p operation structure itself. Once aborted, the operation object
+ * can be reused for another operation by calling
+ * psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
+ *
+ * You may call this function any time after the operation object has
+ * been initialized as described in #psa_cipher_operation_t.
+ *
+ * In particular, calling psa_cipher_abort() after the operation has been
+ * terminated by a call to psa_cipher_abort() or psa_cipher_finish()
+ * is safe and has no effect.
+ *
+ * \param[in,out] operation Initialized cipher operation.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
-psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *salt,
- size_t salt_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-/**@}*/
+psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
/** \defgroup key_derivation Key derivation and pseudorandom generation
* @{
@@ -4047,39 +4271,6 @@
size_t output_size,
size_t *output_length);
-/**@}*/
-
-/** \defgroup random Random generation
- * @{
- */
-
-/**
- * \brief Generate random bytes.
- *
- * \warning This function **can** fail! Callers MUST check the return status
- * and MUST NOT use the content of the output buffer if the return
- * status is not #PSA_SUCCESS.
- *
- * \note To generate a key, use psa_generate_key() instead.
- *
- * \param[out] output Output buffer for the generated data.
- * \param output_size Number of bytes to generate and output.
- *
- * \retval #PSA_SUCCESS \emptydescription
- * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
- * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
- * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
- * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
- * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
- * \retval #PSA_ERROR_BAD_STATE
- * The library has not been previously initialized by psa_crypto_init().
- * It is implementation-dependent whether a failure to initialize
- * results in this error code.
- */
-psa_status_t psa_generate_random(uint8_t *output,
- size_t output_size);
-
/**
* \brief Generate a key or key pair.
*
@@ -4185,77 +4376,539 @@
size_t params_data_length,
mbedtls_svc_key_id_t *key);
-/**@}*/
-
-/** \defgroup interruptible_hash Interruptible sign/verify hash
- * @{
+/**
+ * \brief Sign a message with a private key. For hash-and-sign algorithms,
+ * this includes the hashing step.
+ *
+ * \note To perform a multi-part hash-and-sign signature algorithm, first use
+ * a multi-part hash operation and then pass the resulting hash to
+ * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the
+ * hash algorithm to use.
+ *
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. The key must
+ * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The input message to sign.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param[in] signature_size Size of the \p signature buffer in bytes. This
+ * must be appropriate for the selected
+ * algorithm and key:
+ * - The required signature size is
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and
+ * bit-size respectively of key.
+ * - #PSA_SIGNATURE_MAX_SIZE evaluates to the
+ * maximum signature size of any supported
+ * signature algorithm.
+ * \param[out] signature_length On success, the number of bytes that make up
+ * the returned signature value.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
*/
+psa_status_t psa_sign_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
-/** The type of the state data structure for interruptible hash
- * signing operations.
+/** \brief Verify the signature of a message with a public key, using
+ * a hash-and-sign verification algorithm.
*
- * Before calling any function on a sign hash operation object, the
- * application must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_sign_hash_interruptible_operation_t operation;
- * memset(&operation, 0, sizeof(operation));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_sign_hash_interruptible_operation_t operation = {0};
- * \endcode
- * - Initialize the structure to the initializer
- * #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
- * \code
- * psa_sign_hash_interruptible_operation_t operation =
- * PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT;
- * \endcode
- * - Assign the result of the function
- * psa_sign_hash_interruptible_operation_init() to the structure, for
- * example:
- * \code
- * psa_sign_hash_interruptible_operation_t operation;
- * operation = psa_sign_hash_interruptible_operation_init();
- * \endcode
+ * \note To perform a multi-part hash-and-sign signature verification
+ * algorithm, first use a multi-part hash operation to hash the message
+ * and then pass the resulting hash to psa_verify_hash().
+ * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm
+ * to use.
*
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure.
- * Implementation details can change in future versions without notice. */
-typedef struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_t;
+ * \param[in] key Identifier of the key to use for the operation.
+ * It must be a public key or an asymmetric key
+ * pair. The key must allow the usage
+ * #PSA_KEY_USAGE_VERIFY_MESSAGE.
+ * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg)
+ * is true), that is compatible with the type of
+ * \p key.
+ * \param[in] input The message whose signature is to be verified.
+ * \param[in] input_length Size of the \p input buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param[in] signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag,
+ * or it does not permit the requested algorithm.
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed signature
+ * is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_message(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *signature,
+ size_t signature_length);
-/** The type of the state data structure for interruptible hash
- * verification operations.
+/**
+ * \brief Sign a hash or short message with a private key.
*
- * Before calling any function on a sign hash operation object, the
- * application must initialize it by any of the following means:
- * - Set the structure to all-bits-zero, for example:
- * \code
- * psa_verify_hash_interruptible_operation_t operation;
- * memset(&operation, 0, sizeof(operation));
- * \endcode
- * - Initialize the structure to logical zero values, for example:
- * \code
- * psa_verify_hash_interruptible_operation_t operation = {0};
- * \endcode
- * - Initialize the structure to the initializer
- * #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example:
- * \code
- * psa_verify_hash_interruptible_operation_t operation =
- * PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT;
- * \endcode
- * - Assign the result of the function
- * psa_verify_hash_interruptible_operation_init() to the structure, for
- * example:
- * \code
- * psa_verify_hash_interruptible_operation_t operation;
- * operation = psa_verify_hash_interruptible_operation_init();
- * \endcode
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+ * Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
*
- * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure.
- * Implementation details can change in future versions without notice. */
-typedef struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_t;
+ * \param key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. The key must
+ * allow the usage #PSA_KEY_USAGE_SIGN_HASH.
+ * \param alg A signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash or message to sign.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[out] signature Buffer where the signature is to be written.
+ * \param signature_size Size of the \p signature buffer in bytes.
+ * \param[out] signature_length On success, the number of bytes
+ * that make up the returned signature value.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p signature buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ uint8_t *signature,
+ size_t signature_size,
+ size_t *signature_length);
+
+/**
+ * \brief Verify the signature of a hash or short message using a public key.
+ *
+ * Note that to perform a hash-and-sign signature algorithm, you must
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
+ * and psa_hash_finish(), or alternatively by calling psa_hash_compute().
+ * Then pass the resulting hash as the \p hash
+ * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
+ * to determine the hash algorithm to use.
+ *
+ * \param key Identifier of the key to use for the operation. It
+ * must be a public key or an asymmetric key pair. The
+ * key must allow the usage
+ * #PSA_KEY_USAGE_VERIFY_HASH.
+ * \param alg A signature algorithm (PSA_ALG_XXX
+ * value such that #PSA_ALG_IS_SIGN_HASH(\p alg)
+ * is true), that is compatible with
+ * the type of \p key.
+ * \param[in] hash The hash or message whose signature is to be
+ * verified.
+ * \param hash_length Size of the \p hash buffer in bytes.
+ * \param[in] signature Buffer containing the signature to verify.
+ * \param signature_length Size of the \p signature buffer in bytes.
+ *
+ * \retval #PSA_SUCCESS
+ * The signature is valid.
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_SIGNATURE
+ * The calculation was performed successfully, but the passed
+ * signature is not a valid signature.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+ size_t signature_length);
+
+/**
+ * \brief Encrypt a short message with a public key.
+ *
+ * \param key Identifier of the key to use for the operation.
+ * It must be a public key or an asymmetric key
+ * pair. It must allow the usage
+ * #PSA_KEY_USAGE_ENCRYPT.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \p key.
+ * \param[in] input The message to encrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the encrypted message is to
+ * be written.
+ * \param output_size Size of the \p output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/**
+ * \brief Decrypt a short message with a private key.
+ *
+ * \param key Identifier of the key to use for the operation.
+ * It must be an asymmetric key pair. It must
+ * allow the usage #PSA_KEY_USAGE_DECRYPT.
+ * \param alg An asymmetric encryption algorithm that is
+ * compatible with the type of \p key.
+ * \param[in] input The message to decrypt.
+ * \param input_length Size of the \p input buffer in bytes.
+ * \param[in] salt A salt or label, if supported by the
+ * encryption algorithm.
+ * If the algorithm does not support a
+ * salt, pass \c NULL.
+ * If the algorithm supports an optional
+ * salt and you do not want to pass a salt,
+ * pass \c NULL.
+ *
+ * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
+ * supported.
+ * \param salt_length Size of the \p salt buffer in bytes.
+ * If \p salt is \c NULL, pass 0.
+ * \param[out] output Buffer where the decrypted message is to
+ * be written.
+ * \param output_size Size of the \c output buffer in bytes.
+ * \param[out] output_length On success, the number of bytes
+ * that make up the returned output.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p output buffer is too small. You can
+ * determine a sufficient buffer size by calling
+ * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
+ * where \c key_type and \c key_bits are the type and bit-size
+ * respectively of \p key.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription
+ * \retval #PSA_ERROR_INVALID_PADDING \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *input,
+ size_t input_length,
+ const uint8_t *salt,
+ size_t salt_length,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_length);
+
+/** Remove non-essential copies of key material from memory.
+ *
+ * If the key identifier designates a volatile key, this functions does not do
+ * anything and returns successfully.
+ *
+ * If the key identifier designates a persistent key, then this function will
+ * free all resources associated with the key in volatile memory. The key
+ * data in persistent storage is not affected and the key can still be used.
+ *
+ * \param key Identifier of the key to purge.
+ *
+ * \retval #PSA_SUCCESS
+ * The key material will have been removed from memory if it is not
+ * currently required.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * \p key is not a valid key identifier.
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_purge_key(mbedtls_svc_key_id_t key);
+
+/**
+ * \brief Export a key in binary format.
+ *
+ * The output of this function can be passed to psa_import_key() to
+ * create an equivalent object.
+ *
+ * If the implementation of psa_import_key() supports other formats
+ * beyond the format specified here, the output from psa_export_key()
+ * must use the representation specified here, not the original
+ * representation.
+ *
+ * For standard key types, the output format is as follows:
+ *
+ * - For symmetric keys (including MAC keys), the format is the
+ * raw bytes of the key.
+ * - For DES, the key data consists of 8 bytes. The parity bits must be
+ * correct.
+ * - For Triple-DES, the format is the concatenation of the
+ * two or three DES keys.
+ * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format
+ * is the non-encrypted DER encoding of the representation defined by
+ * PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
+ * ```
+ * RSAPrivateKey ::= SEQUENCE {
+ * version INTEGER, -- must be 0
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * }
+ * ```
+ * - For elliptic curve key pairs (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is
+ * a representation of the private value as a `ceiling(m/8)`-byte string
+ * where `m` is the bit size associated with the curve, i.e. the bit size
+ * of the order of the curve's coordinate field. This byte string is
+ * in little-endian order for Montgomery curves (curve types
+ * `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass
+ * curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX`
+ * and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`).
+ * For Weierstrass curves, this is the content of the `privateKey` field of
+ * the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves,
+ * the format is defined by RFC 7748, and output is masked according to §5.
+ * For twisted Edwards curves, the private key is as defined by RFC 8032
+ * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+ * - For Diffie-Hellman key exchange key pairs (key types for which
+ * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the
+ * format is the representation of the private key `x` as a big-endian byte
+ * string. The length of the byte string is the private key size in bytes
+ * (leading zeroes are not stripped).
+ * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
+ * true), the format is the same as for psa_export_public_key().
+ *
+ * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set.
+ *
+ * \param key Identifier of the key to export. It must allow the
+ * usage #PSA_KEY_USAGE_EXPORT, unless it is a public
+ * key.
+ * \param[out] data Buffer where the key data is to be written.
+ * \param data_size Size of the \p data buffer in bytes.
+ * \param[out] data_length On success, the number of bytes
+ * that make up the key data.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The key does not have the #PSA_KEY_USAGE_EXPORT flag.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p data buffer is too small. You can determine a
+ * sufficient buffer size by calling
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits)
+ * where \c type is the key type
+ * and \c bits is the key size in bits.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
+
+/**
+ * \brief Export a public key or the public part of a key pair in binary format.
+ *
+ * The output of this function can be passed to psa_import_key() to
+ * create an object that is equivalent to the public key.
+ *
+ * This specification supports a single format for each key type.
+ * Implementations may support other formats as long as the standard
+ * format is supported. Implementations that support other formats
+ * should ensure that the formats are clearly unambiguous so as to
+ * minimize the risk that an invalid input is accidentally interpreted
+ * according to a different format.
+ *
+ * For standard key types, the output format is as follows:
+ * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
+ * the representation defined by RFC 3279 §2.3.1 as `RSAPublicKey`.
+ * ```
+ * RSAPublicKey ::= SEQUENCE {
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER } -- e
+ * ```
+ * - For elliptic curve keys on a twisted Edwards curve (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY
+ * returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined
+ * by RFC 8032
+ * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448).
+ * - For other elliptic curve public keys (key types for which
+ * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
+ * representation defined by SEC1 §2.3.3 as the content of an ECPoint.
+ * Let `m` be the bit size associated with the curve, i.e. the bit size of
+ * `q` for a curve over `F_q`. The representation consists of:
+ * - The byte 0x04;
+ * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
+ * - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
+ * - For Diffie-Hellman key exchange public keys (key types for which
+ * #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true),
+ * the format is the representation of the public key `y = g^x mod p` as a
+ * big-endian byte string. The length of the byte string is the length of the
+ * base prime `p` in bytes.
+ *
+ * Exporting a public key object or the public part of a key pair is
+ * always permitted, regardless of the key's usage flags.
+ *
+ * \param key Identifier of the key to export.
+ * \param[out] data Buffer where the key data is to be written.
+ * \param data_size Size of the \p data buffer in bytes.
+ * \param[out] data_length On success, the number of bytes
+ * that make up the key data.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The key is neither a public key nor a key pair.
+ * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription
+ * \retval #PSA_ERROR_BUFFER_TOO_SMALL
+ * The size of the \p data buffer is too small. You can determine a
+ * sufficient buffer size by calling
+ * #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits)
+ * where \c type is the key type
+ * and \c bits is the key size in bits.
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
+ uint8_t *data,
+ size_t data_size,
+ size_t *data_length);
/**
* \brief Set the maximum number of ops allowed to be
@@ -4809,27 +5462,108 @@
psa_status_t psa_verify_hash_abort(
psa_verify_hash_interruptible_operation_t *operation);
+/** Make a copy of a key.
+ *
+ * Copy key material from one location to another.
+ *
+ * This function is primarily useful to copy a key from one location
+ * to another, since it populates a key using the material from
+ * another key which may have a different lifetime.
+ *
+ * This function may be used to share a key with a different party,
+ * subject to implementation-defined restrictions on key sharing.
+ *
+ * The policy on the source key must have the usage flag
+ * #PSA_KEY_USAGE_COPY set.
+ * This flag is sufficient to permit the copy if the key has the lifetime
+ * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT.
+ * Some secure elements do not provide a way to copy a key without
+ * making it extractable from the secure element. If a key is located
+ * in such a secure element, then the key must have both usage flags
+ * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make
+ * a copy of the key outside the secure element.
+ *
+ * The resulting key may only be used in a way that conforms to
+ * both the policy of the original key and the policy specified in
+ * the \p attributes parameter:
+ * - The usage flags on the resulting key are the bitwise-and of the
+ * usage flags on the source policy and the usage flags in \p attributes.
+ * - If both allow the same algorithm or wildcard-based
+ * algorithm policy, the resulting key has the same algorithm policy.
+ * - If either of the policies allows an algorithm and the other policy
+ * allows a wildcard-based algorithm policy that includes this algorithm,
+ * the resulting key allows the same algorithm.
+ * - If the policies do not allow any algorithm in common, this function
+ * fails with the status #PSA_ERROR_INVALID_ARGUMENT.
+ *
+ * The effect of this function on implementation-defined attributes is
+ * implementation-defined.
+ *
+ * \param source_key The key to copy. It must allow the usage
+ * #PSA_KEY_USAGE_COPY. If a private or secret key is
+ * being copied outside of a secure element it must
+ * also allow #PSA_KEY_USAGE_EXPORT.
+ * \param[in] attributes The attributes for the new key.
+ * They are used as follows:
+ * - The key type and size may be 0. If either is
+ * nonzero, it must match the corresponding
+ * attribute of the source key.
+ * - The key location (the lifetime and, for
+ * persistent keys, the key identifier) is
+ * used directly.
+ * - The policy constraints (usage flags and
+ * algorithm policy) are combined from
+ * the source key and \p attributes so that
+ * both sets of restrictions apply, as
+ * described in the documentation of this function.
+ * \param[out] target_key On success, an identifier for the newly created
+ * key. For persistent keys, this is the key
+ * identifier defined in \p attributes.
+ * \c 0 on failure.
+ *
+ * \retval #PSA_SUCCESS \emptydescription
+ * \retval #PSA_ERROR_INVALID_HANDLE
+ * \p source_key is invalid.
+ * \retval #PSA_ERROR_ALREADY_EXISTS
+ * This is an attempt to create a persistent key, and there is
+ * already a persistent key with the given identifier.
+ * \retval #PSA_ERROR_INVALID_ARGUMENT
+ * The lifetime or identifier in \p attributes are invalid, or
+ * the policy constraints on the source and specified in
+ * \p attributes are incompatible, or
+ * \p attributes specifies a key type or key size
+ * which does not match the attributes of the source key.
+ * \retval #PSA_ERROR_NOT_PERMITTED
+ * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or
+ * the source key is not exportable and its lifetime does not
+ * allow copying it to the target's lifetime.
+ * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
+ * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription
+ * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription
+ * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_DATA_INVALID \emptydescription
+ * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
+ * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription
+ * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription
+ * \retval #PSA_ERROR_BAD_STATE
+ * The library has not been previously initialized by psa_crypto_init().
+ * It is implementation-dependent whether a failure to initialize
+ * results in this error code.
+ */
+psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
+ const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *target_key);
-/**@}*/
-
-#ifdef __cplusplus
-}
-#endif
-
-/* The file "crypto_sizes.h" contains definitions for size calculation
- * macros whose definitions are implementation-specific. */
-#include "crypto_sizes.h"
-
-/* The file "crypto_struct.h" contains definitions for
- * implementation-specific structs that are declared above. */
-#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE)
-#include MBEDTLS_PSA_CRYPTO_STRUCT_FILE
-#else
-#include "crypto_struct.h"
-#endif
-
-/* The file "crypto_extra.h" contains vendor-specific definitions. This
- * can include vendor-defined algorithms, extra functions, etc. */
-#include "crypto_extra.h"
-
-#endif /* PSA_CRYPTO_H */
+/** Reset a key attribute structure to a freshly initialized state.
+ *
+ * You must initialize the attribute structure as described in the
+ * documentation of the type #psa_key_attributes_t before calling this
+ * function. Once the structure has been initialized, you may call this
+ * function at any time.
+ *
+ * This function frees any auxiliary resources that the structure
+ * may contain.
+ *
+ * \param[in,out] attributes The attribute structure to reset.
+ */
+void psa_reset_key_attributes(psa_key_attributes_t *attributes);
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
new file mode 100644
index 0000000..92ecdd2
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
@@ -0,0 +1,1715 @@
+/**
+ * \file psa_sim_serialise.c
+ *
+ * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa_sim_serialise.h"
+#include "util.h"
+#include <stdlib.h>
+#include <string.h>
+
+/* Basic idea:
+ *
+ * All arguments to a function will be serialised into a single buffer to
+ * be sent to the server with the PSA crypto function to be called.
+ *
+ * All returned data (the function's return value and any values returned
+ * via `out` parameters) will similarly be serialised into a buffer to be
+ * sent back to the client from the server.
+ *
+ * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer"
+ * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions,
+ * psasim_serialise_foo() and psasim_deserialise_foo().
+ *
+ * We also have psasim_serialise_foo_needs() functions, which return a
+ * size_t giving the number of bytes that serialising that instance of that
+ * type will need. This allows callers to size buffers for serialisation.
+ *
+ * Each serialised buffer starts with a version byte, bytes that indicate
+ * the size of basic C types, and four bytes that indicate the endianness
+ * (to avoid incompatibilities if we ever run this over a network - we are
+ * not aiming for universality, just for correctness and simplicity).
+ *
+ * Most types are serialised as a fixed-size (per type) octet string, with
+ * no type indication. This is acceptable as (a) this is for the test PSA crypto
+ * simulator only, not production, and (b) these functions are called by
+ * code that itself is written by script.
+ *
+ * We also want to keep serialised data reasonably compact as communication
+ * between client and server goes in messages of less than 200 bytes each.
+ *
+ * Many serialisation functions can be created by a script; an exemplar Perl
+ * script is included. It is not hooked into the build and so must be run
+ * manually, but is expected to be replaced by a Python script in due course.
+ * Types that can have their functions created by script include plain old C
+ * data types (e.g. int), types typedef'd to those, and even structures that
+ * don't contain pointers.
+ */
+
+/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t;
+ * but we don't get it on server builds, so redefine it here with a unique type name
+ */
+typedef uint32_t psasim_client_handle_t;
+
+typedef struct psasim_operation_s {
+ psasim_client_handle_t handle;
+} psasim_operation_t;
+
+#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */
+
+static psa_hash_operation_t hash_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t hash_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_hash_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_hash_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_hash_operation_handle++;
+ if (next_hash_operation_handle == 0) { /* wrapped around */
+ FATAL("Hash operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (hash_operation_handles[i] == 0) {
+ hash_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (hash_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_aead_operation_t aead_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t aead_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_aead_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_aead_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_aead_operation_handle++;
+ if (next_aead_operation_handle == 0) { /* wrapped around */
+ FATAL("Aead operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (aead_operation_handles[i] == 0) {
+ aead_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (aead_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_mac_operation_t mac_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t mac_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_mac_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_mac_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_mac_operation_handle++;
+ if (next_mac_operation_handle == 0) { /* wrapped around */
+ FATAL("Mac operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (mac_operation_handles[i] == 0) {
+ mac_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (mac_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_cipher_operation_t cipher_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t cipher_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_cipher_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_cipher_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_cipher_operation_handle++;
+ if (next_cipher_operation_handle == 0) { /* wrapped around */
+ FATAL("Cipher operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (cipher_operation_handles[i] == 0) {
+ cipher_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (cipher_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_key_derivation_operation_t key_derivation_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t key_derivation_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_key_derivation_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_key_derivation_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_key_derivation_operation_handle++;
+ if (next_key_derivation_operation_handle == 0) { /* wrapped around */
+ FATAL("Key_derivation operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (key_derivation_operation_handles[i] == 0) {
+ key_derivation_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (key_derivation_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t sign_hash_interruptible_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_sign_hash_interruptible_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_sign_hash_interruptible_operation_handle++;
+ if (next_sign_hash_interruptible_operation_handle == 0) { /* wrapped around */
+ FATAL("Sign_hash_interruptible operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (sign_hash_interruptible_operation_handles[i] == 0) {
+ sign_hash_interruptible_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (sign_hash_interruptible_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t verify_hash_interruptible_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_verify_hash_interruptible_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_verify_hash_interruptible_operation_handle++;
+ if (next_verify_hash_interruptible_operation_handle == 0) { /* wrapped around */
+ FATAL("Verify_hash_interruptible operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (verify_hash_interruptible_operation_handles[i] == 0) {
+ verify_hash_interruptible_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_verify_hash_interruptible_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (verify_hash_interruptible_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+
+size_t psasim_serialise_begin_needs(void)
+{
+ /* The serialisation buffer will
+ * start with a byte of 0 to indicate version 0,
+ * then have 1 byte each for length of int, long, void *,
+ * then have 4 bytes to indicate endianness. */
+ return 4 + sizeof(uint32_t);
+}
+
+int psasim_serialise_begin(uint8_t **pos, size_t *remaining)
+{
+ uint32_t endian = 0x1234;
+
+ if (*remaining < 4 + sizeof(endian)) {
+ return 0;
+ }
+
+ *(*pos)++ = 0; /* version */
+ *(*pos)++ = (uint8_t) sizeof(int);
+ *(*pos)++ = (uint8_t) sizeof(long);
+ *(*pos)++ = (uint8_t) sizeof(void *);
+
+ memcpy(*pos, &endian, sizeof(endian));
+
+ *pos += sizeof(endian);
+
+ return 1;
+}
+
+int psasim_deserialise_begin(uint8_t **pos, size_t *remaining)
+{
+ uint8_t version = 255;
+ uint8_t int_size = 0;
+ uint8_t long_size = 0;
+ uint8_t ptr_size = 0;
+ uint32_t endian;
+
+ if (*remaining < 4 + sizeof(endian)) {
+ return 0;
+ }
+
+ memcpy(&version, (*pos)++, sizeof(version));
+ if (version != 0) {
+ return 0;
+ }
+
+ memcpy(&int_size, (*pos)++, sizeof(int_size));
+ if (int_size != sizeof(int)) {
+ return 0;
+ }
+
+ memcpy(&long_size, (*pos)++, sizeof(long_size));
+ if (long_size != sizeof(long)) {
+ return 0;
+ }
+
+ memcpy(&ptr_size, (*pos)++, sizeof(ptr_size));
+ if (ptr_size != sizeof(void *)) {
+ return 0;
+ }
+
+ *remaining -= 4;
+
+ memcpy(&endian, *pos, sizeof(endian));
+ if (endian != 0x1234) {
+ return 0;
+ }
+
+ *pos += sizeof(endian);
+ *remaining -= sizeof(endian);
+
+ return 1;
+}
+
+size_t psasim_serialise_unsigned_int_needs(
+ unsigned int value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_unsigned_int(uint8_t **pos,
+ size_t *remaining,
+ unsigned int value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_unsigned_int(uint8_t **pos,
+ size_t *remaining,
+ unsigned int *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_int_needs(
+ int value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_int(uint8_t **pos,
+ size_t *remaining,
+ int value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_int(uint8_t **pos,
+ size_t *remaining,
+ int *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_size_t_needs(
+ size_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_size_t(uint8_t **pos,
+ size_t *remaining,
+ size_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_size_t(uint8_t **pos,
+ size_t *remaining,
+ size_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_uint16_t_needs(
+ uint16_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_uint16_t(uint8_t **pos,
+ size_t *remaining,
+ uint16_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_uint16_t(uint8_t **pos,
+ size_t *remaining,
+ uint16_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_uint32_t_needs(
+ uint32_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_uint32_t(uint8_t **pos,
+ size_t *remaining,
+ uint32_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_uint32_t(uint8_t **pos,
+ size_t *remaining,
+ uint32_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_uint64_t_needs(
+ uint64_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_uint64_t(uint8_t **pos,
+ size_t *remaining,
+ uint64_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_uint64_t(uint8_t **pos,
+ size_t *remaining,
+ uint64_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size)
+{
+ (void) buffer;
+ return sizeof(buffer_size) + buffer_size;
+}
+
+int psasim_serialise_buffer(uint8_t **pos,
+ size_t *remaining,
+ const uint8_t *buffer,
+ size_t buffer_length)
+{
+ if (*remaining < sizeof(buffer_length) + buffer_length) {
+ return 0;
+ }
+
+ memcpy(*pos, &buffer_length, sizeof(buffer_length));
+ *pos += sizeof(buffer_length);
+
+ if (buffer_length > 0) { // To be able to serialise (NULL, 0)
+ memcpy(*pos, buffer, buffer_length);
+ *pos += buffer_length;
+ }
+
+ return 1;
+}
+
+int psasim_deserialise_buffer(uint8_t **pos,
+ size_t *remaining,
+ uint8_t **buffer,
+ size_t *buffer_length)
+{
+ if (*remaining < sizeof(*buffer_length)) {
+ return 0;
+ }
+
+ memcpy(buffer_length, *pos, sizeof(*buffer_length));
+
+ *pos += sizeof(buffer_length);
+ *remaining -= sizeof(buffer_length);
+
+ if (*buffer_length == 0) { // Deserialise (NULL, 0)
+ *buffer = NULL;
+ return 1;
+ }
+
+ if (*remaining < *buffer_length) {
+ return 0;
+ }
+
+ uint8_t *data = malloc(*buffer_length);
+ if (data == NULL) {
+ return 0;
+ }
+
+ memcpy(data, *pos, *buffer_length);
+ *pos += *buffer_length;
+ *remaining -= *buffer_length;
+
+ *buffer = data;
+
+ return 1;
+}
+
+/* When the client is deserialising a buffer returned from the server, it needs
+ * to use this function to deserialised the returned buffer. It should use the
+ * usual \c psasim_serialise_buffer() function to serialise the outbound
+ * buffer. */
+int psasim_deserialise_return_buffer(uint8_t **pos,
+ size_t *remaining,
+ uint8_t *buffer,
+ size_t buffer_length)
+{
+ if (*remaining < sizeof(buffer_length)) {
+ return 0;
+ }
+
+ size_t length_check;
+
+ memcpy(&length_check, *pos, sizeof(buffer_length));
+
+ *pos += sizeof(buffer_length);
+ *remaining -= sizeof(buffer_length);
+
+ if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server
+ return 0;
+ }
+
+ if (length_check == 0) { // Deserialise (NULL, 0)
+ return 1;
+ }
+
+ if (*remaining < buffer_length) {
+ return 0;
+ }
+
+ memcpy(buffer, *pos, buffer_length);
+ *pos += buffer_length;
+ *remaining -= buffer_length;
+
+ return 1;
+}
+
+#define SER_TAG_SIZE 4
+
+size_t psasim_serialise_psa_key_production_parameters_t_needs(
+ const psa_key_production_parameters_t *params,
+ size_t data_length)
+{
+ /* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning,
+ * followed by size_t data_length, then the actual data from the structure.
+ */
+ return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length;
+}
+
+int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ const psa_key_production_parameters_t *params,
+ size_t data_length)
+{
+ if (data_length > UINT32_MAX / 2) { /* arbitrary limit */
+ return 0; /* too big to serialise */
+ }
+
+ /* We use 32-bit lengths, which should be enough for any reasonable usage :) */
+ /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */
+ uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length);
+ if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) {
+ return 0;
+ }
+
+ char tag[SER_TAG_SIZE] = "PKPP";
+
+ memcpy(*pos, tag, sizeof(tag));
+ memcpy(*pos + sizeof(tag), &len, sizeof(len));
+ *pos += sizeof(tag) + sizeof(len);
+ *remaining -= sizeof(tag) + sizeof(len);
+
+ memcpy(*pos, &data_length, sizeof(data_length));
+ memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length);
+ *pos += sizeof(data_length) + sizeof(*params) + data_length;
+ *remaining -= sizeof(data_length) + sizeof(*params) + data_length;
+
+ return 1;
+}
+
+int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_production_parameters_t **params,
+ size_t *data_length)
+{
+ if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) {
+ return 0; /* can't even be an empty serialisation */
+ }
+
+ char tag[SER_TAG_SIZE] = "PKPP"; /* expected */
+ uint32_t len;
+
+ memcpy(&len, *pos + sizeof(tag), sizeof(len));
+
+ if (memcmp(*pos, tag, sizeof(tag)) != 0) {
+ return 0; /* wrong tag */
+ }
+
+ *pos += sizeof(tag) + sizeof(len);
+ *remaining -= sizeof(tag) + sizeof(len);
+
+ if (*remaining < sizeof(*data_length)) {
+ return 0; /* missing data_length */
+ }
+ memcpy(data_length, *pos, sizeof(*data_length));
+
+ if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) {
+ return 0; /* wrong length */
+ }
+
+ if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) {
+ return 0; /* not enough data provided */
+ }
+
+ *pos += sizeof(data_length);
+ *remaining -= sizeof(data_length);
+
+ psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length);
+ if (out == NULL) {
+ return 0; /* allocation failure */
+ }
+
+ memcpy(out, *pos, sizeof(*out) + *data_length);
+ *pos += sizeof(*out) + *data_length;
+ *remaining -= sizeof(*out) + *data_length;
+
+ *params = out;
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_status_t_needs(
+ psa_status_t value)
+{
+ return psasim_serialise_int_needs(value);
+}
+
+int psasim_serialise_psa_status_t(uint8_t **pos,
+ size_t *remaining,
+ psa_status_t value)
+{
+ return psasim_serialise_int(pos, remaining, value);
+}
+
+int psasim_deserialise_psa_status_t(uint8_t **pos,
+ size_t *remaining,
+ psa_status_t *value)
+{
+ return psasim_deserialise_int(pos, remaining, value);
+}
+
+size_t psasim_serialise_psa_algorithm_t_needs(
+ psa_algorithm_t value)
+{
+ return psasim_serialise_unsigned_int_needs(value);
+}
+
+int psasim_serialise_psa_algorithm_t(uint8_t **pos,
+ size_t *remaining,
+ psa_algorithm_t value)
+{
+ return psasim_serialise_unsigned_int(pos, remaining, value);
+}
+
+int psasim_deserialise_psa_algorithm_t(uint8_t **pos,
+ size_t *remaining,
+ psa_algorithm_t *value)
+{
+ return psasim_deserialise_unsigned_int(pos, remaining, value);
+}
+
+size_t psasim_serialise_psa_key_derivation_step_t_needs(
+ psa_key_derivation_step_t value)
+{
+ return psasim_serialise_uint16_t_needs(value);
+}
+
+int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_step_t value)
+{
+ return psasim_serialise_uint16_t(pos, remaining, value);
+}
+
+int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_step_t *value)
+{
+ return psasim_deserialise_uint16_t(pos, remaining, value);
+}
+
+size_t psasim_serialise_psa_hash_operation_t_needs(
+ psa_hash_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_hash_operation_t_needs(
+ psa_hash_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - hash_operations;
+
+ if (completed) {
+ memset(&hash_operations[slot],
+ 0,
+ sizeof(psa_hash_operation_t));
+ hash_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = hash_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_hash_operation_slot();
+ } else {
+ slot = find_hash_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &hash_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_aead_operation_t_needs(
+ psa_aead_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_aead_operation_t_needs(
+ psa_aead_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - aead_operations;
+
+ if (completed) {
+ memset(&aead_operations[slot],
+ 0,
+ sizeof(psa_aead_operation_t));
+ aead_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = aead_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_aead_operation_slot();
+ } else {
+ slot = find_aead_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &aead_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_key_attributes_t_needs(
+ psa_key_attributes_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_key_attributes_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_attributes_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_key_attributes_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_attributes_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_mac_operation_t_needs(
+ psa_mac_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_mac_operation_t_needs(
+ psa_mac_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - mac_operations;
+
+ if (completed) {
+ memset(&mac_operations[slot],
+ 0,
+ sizeof(psa_mac_operation_t));
+ mac_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = mac_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_mac_operation_slot();
+ } else {
+ slot = find_mac_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &mac_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_cipher_operation_t_needs(
+ psa_cipher_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_cipher_operation_t_needs(
+ psa_cipher_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - cipher_operations;
+
+ if (completed) {
+ memset(&cipher_operations[slot],
+ 0,
+ sizeof(psa_cipher_operation_t));
+ cipher_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = cipher_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_cipher_operation_slot();
+ } else {
+ slot = find_cipher_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &cipher_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_key_derivation_operation_t_needs(
+ psa_key_derivation_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(
+ psa_key_derivation_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - key_derivation_operations;
+
+ if (completed) {
+ memset(&key_derivation_operations[slot],
+ 0,
+ sizeof(psa_key_derivation_operation_t));
+ key_derivation_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = key_derivation_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_key_derivation_operation_slot();
+ } else {
+ slot = find_key_derivation_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &key_derivation_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(
+ psa_sign_hash_interruptible_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(
+ psa_sign_hash_interruptible_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - sign_hash_interruptible_operations;
+
+ if (completed) {
+ memset(&sign_hash_interruptible_operations[slot],
+ 0,
+ sizeof(psa_sign_hash_interruptible_operation_t));
+ sign_hash_interruptible_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = sign_hash_interruptible_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_sign_hash_interruptible_operation_slot();
+ } else {
+ slot = find_sign_hash_interruptible_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &sign_hash_interruptible_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(
+ psa_verify_hash_interruptible_operation_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(
+ psa_verify_hash_interruptible_operation_t *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+
+int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - verify_hash_interruptible_operations;
+
+ if (completed) {
+ memset(&verify_hash_interruptible_operations[slot],
+ 0,
+ sizeof(psa_verify_hash_interruptible_operation_t));
+ verify_hash_interruptible_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = verify_hash_interruptible_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+
+int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_verify_hash_interruptible_operation_slot();
+ } else {
+ slot = find_verify_hash_interruptible_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &verify_hash_interruptible_operations[slot];
+
+ return 1;
+}
+
+size_t psasim_serialise_mbedtls_svc_key_id_t_needs(
+ mbedtls_svc_key_id_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos,
+ size_t *remaining,
+ mbedtls_svc_key_id_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos,
+ size_t *remaining,
+ mbedtls_svc_key_id_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
+void psa_sim_serialize_reset(void)
+{
+ memset(hash_operation_handles, 0,
+ sizeof(hash_operation_handles));
+ memset(hash_operations, 0,
+ sizeof(hash_operations));
+ memset(aead_operation_handles, 0,
+ sizeof(aead_operation_handles));
+ memset(aead_operations, 0,
+ sizeof(aead_operations));
+ memset(mac_operation_handles, 0,
+ sizeof(mac_operation_handles));
+ memset(mac_operations, 0,
+ sizeof(mac_operations));
+ memset(cipher_operation_handles, 0,
+ sizeof(cipher_operation_handles));
+ memset(cipher_operations, 0,
+ sizeof(cipher_operations));
+ memset(key_derivation_operation_handles, 0,
+ sizeof(key_derivation_operation_handles));
+ memset(key_derivation_operations, 0,
+ sizeof(key_derivation_operations));
+ memset(sign_hash_interruptible_operation_handles, 0,
+ sizeof(sign_hash_interruptible_operation_handles));
+ memset(sign_hash_interruptible_operations, 0,
+ sizeof(sign_hash_interruptible_operations));
+ memset(verify_hash_interruptible_operation_handles, 0,
+ sizeof(verify_hash_interruptible_operation_handles));
+ memset(verify_hash_interruptible_operations, 0,
+ sizeof(verify_hash_interruptible_operations));
+}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
new file mode 100644
index 0000000..f60e371
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
@@ -0,0 +1,1310 @@
+/**
+ * \file psa_sim_serialise.h
+ *
+ * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "psa/crypto.h"
+#include "psa/crypto_types.h"
+#include "psa/crypto_values.h"
+
+/* Basic idea:
+ *
+ * All arguments to a function will be serialised into a single buffer to
+ * be sent to the server with the PSA crypto function to be called.
+ *
+ * All returned data (the function's return value and any values returned
+ * via `out` parameters) will similarly be serialised into a buffer to be
+ * sent back to the client from the server.
+ *
+ * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer"
+ * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions,
+ * psasim_serialise_foo() and psasim_deserialise_foo().
+ *
+ * We also have psasim_serialise_foo_needs() functions, which return a
+ * size_t giving the number of bytes that serialising that instance of that
+ * type will need. This allows callers to size buffers for serialisation.
+ *
+ * Each serialised buffer starts with a version byte, bytes that indicate
+ * the size of basic C types, and four bytes that indicate the endianness
+ * (to avoid incompatibilities if we ever run this over a network - we are
+ * not aiming for universality, just for correctness and simplicity).
+ *
+ * Most types are serialised as a fixed-size (per type) octet string, with
+ * no type indication. This is acceptable as (a) this is for the test PSA crypto
+ * simulator only, not production, and (b) these functions are called by
+ * code that itself is written by script.
+ *
+ * We also want to keep serialised data reasonably compact as communication
+ * between client and server goes in messages of less than 200 bytes each.
+ *
+ * Many serialisation functions can be created by a script; an exemplar Perl
+ * script is included. It is not hooked into the build and so must be run
+ * manually, but is expected to be replaced by a Python script in due course.
+ * Types that can have their functions created by script include plain old C
+ * data types (e.g. int), types typedef'd to those, and even structures that
+ * don't contain pointers.
+ */
+
+/** Reset all operation slots.
+ *
+ * Should be called when all clients have disconnected.
+ */
+void psa_sim_serialize_reset(void);
+
+/** Return how much buffer space is needed by \c psasim_serialise_begin().
+ *
+ * \return The number of bytes needed in the buffer for
+ * \c psasim_serialise_begin()'s output.
+ */
+size_t psasim_serialise_begin_needs(void);
+
+/** Begin serialisation into a buffer.
+ *
+ * This must be the first serialisation API called
+ * on a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error (likely
+ * no space).
+ */
+int psasim_serialise_begin(uint8_t **pos, size_t *remaining);
+
+/** Begin deserialisation of a buffer.
+ *
+ * This must be the first deserialisation API called
+ * on a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_begin(uint8_t **pos, size_t *remaining);
+
+/** Return how much buffer space is needed by \c psasim_serialise_unsigned_int()
+ * to serialise an `unsigned int`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_unsigned_int() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_unsigned_int_needs(
+ unsigned int value);
+
+/** Serialise an `unsigned int` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_unsigned_int(uint8_t **pos,
+ size_t *remaining,
+ unsigned int value);
+
+/** Deserialise an `unsigned int` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to an `unsigned int` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_unsigned_int(uint8_t **pos,
+ size_t *remaining,
+ unsigned int *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_int()
+ * to serialise an `int`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_int() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_int_needs(
+ int value);
+
+/** Serialise an `int` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_int(uint8_t **pos,
+ size_t *remaining,
+ int value);
+
+/** Deserialise an `int` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to an `int` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_int(uint8_t **pos,
+ size_t *remaining,
+ int *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_size_t()
+ * to serialise a `size_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_size_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_size_t_needs(
+ size_t value);
+
+/** Serialise a `size_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_size_t(uint8_t **pos,
+ size_t *remaining,
+ size_t value);
+
+/** Deserialise a `size_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `size_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_size_t(uint8_t **pos,
+ size_t *remaining,
+ size_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_uint16_t()
+ * to serialise an `uint16_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_uint16_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_uint16_t_needs(
+ uint16_t value);
+
+/** Serialise an `uint16_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_uint16_t(uint8_t **pos,
+ size_t *remaining,
+ uint16_t value);
+
+/** Deserialise an `uint16_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to an `uint16_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_uint16_t(uint8_t **pos,
+ size_t *remaining,
+ uint16_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_uint32_t()
+ * to serialise an `uint32_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_uint32_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_uint32_t_needs(
+ uint32_t value);
+
+/** Serialise an `uint32_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_uint32_t(uint8_t **pos,
+ size_t *remaining,
+ uint32_t value);
+
+/** Deserialise an `uint32_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to an `uint32_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_uint32_t(uint8_t **pos,
+ size_t *remaining,
+ uint32_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_uint64_t()
+ * to serialise an `uint64_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_uint64_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_uint64_t_needs(
+ uint64_t value);
+
+/** Serialise an `uint64_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_uint64_t(uint8_t **pos,
+ size_t *remaining,
+ uint64_t value);
+
+/** Deserialise an `uint64_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to an `uint64_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_uint64_t(uint8_t **pos,
+ size_t *remaining,
+ uint64_t *value);
+
+/** Return how much space is needed by \c psasim_serialise_buffer()
+ * to serialise a buffer: a (`uint8_t *`, `size_t`) pair.
+ *
+ * \param buffer Pointer to the buffer to be serialised
+ * (needed in case some serialisations are value-
+ * dependent).
+ * \param buffer_size Number of bytes in the buffer to be serialised.
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_buffer() to serialise
+ * the specified buffer.
+ */
+size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size);
+
+/** Serialise a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param buffer Pointer to the buffer to be serialised.
+ * \param buffer_length Number of bytes in the buffer to be serialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_buffer(uint8_t **pos, size_t *remaining,
+ const uint8_t *buffer, size_t buffer_length);
+
+/** Deserialise a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param buffer Pointer to a `uint8_t *` to receive the address
+ * of a newly-allocated buffer, which the caller
+ * must `free()`.
+ * \param buffer_length Pointer to a `size_t` to receive the number of
+ * bytes in the deserialised buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining,
+ uint8_t **buffer, size_t *buffer_length);
+
+/** Deserialise a buffer returned from the server.
+ *
+ * When the client is deserialising a buffer returned from the server, it needs
+ * to use this function to deserialised the returned buffer. It should use the
+ * usual \c psasim_serialise_buffer() function to serialise the outbound
+ * buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param buffer Pointer to a `uint8_t *` to receive the address
+ * of a newly-allocated buffer, which the caller
+ * must `free()`.
+ * \param buffer_length Pointer to a `size_t` to receive the number of
+ * bytes in the deserialised buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
+ uint8_t *buffer, size_t buffer_length);
+
+/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
+ * to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
+ *
+ * \param params Pointer to the struct to be serialised
+ * (needed in case some serialisations are value-
+ * dependent).
+ * \param data_length Number of bytes in the data[] of the struct to be serialised.
+ *
+ * \return The number of bytes needed in the serialisation buffer by
+ * \c psasim_serialise_psa_key_production_parameters_t() to serialise
+ * the specified structure.
+ */
+size_t psasim_serialise_psa_key_production_parameters_t_needs(
+ const psa_key_production_parameters_t *params,
+ size_t buffer_size);
+
+/** Serialise a psa_key_production_parameters_t.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param params Pointer to the structure to be serialised.
+ * \param data_length Number of bytes in the data[] of the struct to be serialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ const psa_key_production_parameters_t *params,
+ size_t data_length);
+
+/** Deserialise a psa_key_production_parameters_t.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param params Pointer to a `psa_key_production_parameters_t *` to
+ * receive the address of a newly-allocated structure,
+ * which the caller must `free()`.
+ * \param data_length Pointer to a `size_t` to receive the number of
+ * bytes in the data[] member of the structure deserialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
+ psa_key_production_parameters_t **params,
+ size_t *buffer_length);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t()
+ * to serialise a `psa_status_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_status_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_status_t_needs(
+ psa_status_t value);
+
+/** Serialise a `psa_status_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_status_t(uint8_t **pos,
+ size_t *remaining,
+ psa_status_t value);
+
+/** Deserialise a `psa_status_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_status_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_status_t(uint8_t **pos,
+ size_t *remaining,
+ psa_status_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t()
+ * to serialise a `psa_algorithm_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_algorithm_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_algorithm_t_needs(
+ psa_algorithm_t value);
+
+/** Serialise a `psa_algorithm_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_algorithm_t(uint8_t **pos,
+ size_t *remaining,
+ psa_algorithm_t value);
+
+/** Deserialise a `psa_algorithm_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_algorithm_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_algorithm_t(uint8_t **pos,
+ size_t *remaining,
+ psa_algorithm_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t()
+ * to serialise a `psa_key_derivation_step_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_key_derivation_step_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_key_derivation_step_t_needs(
+ psa_key_derivation_step_t value);
+
+/** Serialise a `psa_key_derivation_step_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_step_t value);
+
+/** Deserialise a `psa_key_derivation_step_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_key_derivation_step_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_step_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t()
+ * to serialise a `psa_hash_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_hash_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_hash_operation_t_needs(
+ psa_hash_operation_t value);
+
+/** Serialise a `psa_hash_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t value);
+
+/** Deserialise a `psa_hash_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_hash_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_hash_operation_t()
+ * to serialise a `psa_hash_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_hash_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_hash_operation_t_needs(
+ psa_hash_operation_t *value);
+
+/** Serialise a `psa_hash_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_hash_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_hash_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_hash_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_aead_operation_t()
+ * to serialise a `psa_aead_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_aead_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_aead_operation_t_needs(
+ psa_aead_operation_t value);
+
+/** Serialise a `psa_aead_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t value);
+
+/** Deserialise a `psa_aead_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_aead_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_aead_operation_t()
+ * to serialise a `psa_aead_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_aead_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_aead_operation_t_needs(
+ psa_aead_operation_t *value);
+
+/** Serialise a `psa_aead_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_aead_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_aead_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_aead_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_key_attributes_t()
+ * to serialise a `psa_key_attributes_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_key_attributes_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_key_attributes_t_needs(
+ psa_key_attributes_t value);
+
+/** Serialise a `psa_key_attributes_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_key_attributes_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_attributes_t value);
+
+/** Deserialise a `psa_key_attributes_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_key_attributes_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_key_attributes_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_attributes_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t()
+ * to serialise a `psa_mac_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_mac_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_mac_operation_t_needs(
+ psa_mac_operation_t value);
+
+/** Serialise a `psa_mac_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t value);
+
+/** Deserialise a `psa_mac_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_mac_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t()
+ * to serialise a `psa_mac_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_mac_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_mac_operation_t_needs(
+ psa_mac_operation_t *value);
+
+/** Serialise a `psa_mac_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_mac_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_mac_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_mac_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t()
+ * to serialise a `psa_cipher_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_cipher_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_cipher_operation_t_needs(
+ psa_cipher_operation_t value);
+
+/** Serialise a `psa_cipher_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t value);
+
+/** Deserialise a `psa_cipher_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_cipher_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t()
+ * to serialise a `psa_cipher_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_cipher_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_cipher_operation_t_needs(
+ psa_cipher_operation_t *value);
+
+/** Serialise a `psa_cipher_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_cipher_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_cipher_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t()
+ * to serialise a `psa_key_derivation_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_key_derivation_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_key_derivation_operation_t_needs(
+ psa_key_derivation_operation_t value);
+
+/** Serialise a `psa_key_derivation_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t value);
+
+/** Deserialise a `psa_key_derivation_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t()
+ * to serialise a `psa_key_derivation_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_key_derivation_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(
+ psa_key_derivation_operation_t *value);
+
+/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_derivation_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t()
+ * to serialise a `psa_sign_hash_interruptible_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(
+ psa_sign_hash_interruptible_operation_t value);
+
+/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t value);
+
+/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t()
+ * to serialise a `psa_sign_hash_interruptible_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(
+ psa_sign_hash_interruptible_operation_t *value);
+
+/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_sign_hash_interruptible_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t()
+ * to serialise a `psa_verify_hash_interruptible_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(
+ psa_verify_hash_interruptible_operation_t value);
+
+/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t value);
+
+/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t *value);
+
+/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t()
+ * to serialise a `psa_verify_hash_interruptible_operation_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise
+ * the given value.
+ */
+size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(
+ psa_verify_hash_interruptible_operation_t *value);
+
+/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t *value,
+ int completed);
+
+/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
+ size_t *remaining,
+ psa_verify_hash_interruptible_operation_t **value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t()
+ * to serialise a `mbedtls_svc_key_id_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_mbedtls_svc_key_id_t_needs(
+ mbedtls_svc_key_id_t value);
+
+/** Serialise a `mbedtls_svc_key_id_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos,
+ size_t *remaining,
+ mbedtls_svc_key_id_t value);
+
+/** Deserialise a `mbedtls_svc_key_id_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `mbedtls_svc_key_id_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos,
+ size_t *remaining,
+ mbedtls_svc_key_id_t *value);
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
new file mode 100755
index 0000000..75e6cd0
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
@@ -0,0 +1,1204 @@
+#!/usr/bin/env perl
+#
+# psa_sim_serialise.pl - Sample Perl script to show how many serialisation
+# functions can be created by templated scripting.
+#
+# This is an example only, and is expected to be replaced by a Python script
+# for production use. It is not hooked into the build: it needs to be run
+# manually:
+#
+# perl psa_sim_serialise.pl h > psa_sim_serialise.h
+# perl psa_sim_serialise.pl c > psa_sim_serialise.c
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+use strict;
+
+my $usage = "$0: usage: $0 c|h\n";
+my $which = lc(shift) || die($usage);
+die($usage) unless $which eq "c" || $which eq "h";
+
+# Most types are serialised as a fixed-size (per type) octet string, with
+# no type indication. This is acceptable as (a) this is for the test PSA crypto
+# simulator only, not production, and (b) these functions are called by
+# code that itself is written by script.
+#
+# We also want to keep serialised data reasonably compact as communication
+# between client and server goes in messages of less than 200 bytes each.
+#
+# This script is able to create serialisation functions for plain old C data
+# types (e.g. unsigned int), types typedef'd to those, and even structures
+# that don't contain pointers.
+#
+# Structures that contain pointers will need to have their serialisation and
+# deserialisation functions written manually (like those for the "buffer" type
+# are).
+#
+my @types = qw(unsigned-int int size_t
+ uint16_t uint32_t uint64_t
+ buffer
+ psa_key_production_parameters_t
+ psa_status_t psa_algorithm_t psa_key_derivation_step_t
+ psa_hash_operation_t
+ psa_aead_operation_t
+ psa_key_attributes_t
+ psa_mac_operation_t
+ psa_cipher_operation_t
+ psa_key_derivation_operation_t
+ psa_sign_hash_interruptible_operation_t
+ psa_verify_hash_interruptible_operation_t
+ mbedtls_svc_key_id_t);
+
+grep(s/-/ /g, @types);
+
+# IS-A: Some data types are typedef'd; we serialise them as the other type
+my %isa = (
+ "psa_status_t" => "int",
+ "psa_algorithm_t" => "unsigned int",
+ "psa_key_derivation_step_t" => "uint16_t",
+);
+
+if ($which eq "h") {
+
+ print h_header();
+
+ for my $type (@types) {
+ if ($type eq "buffer") {
+ print declare_buffer_functions();
+ } elsif ($type eq "psa_key_production_parameters_t") {
+ print declare_psa_key_production_parameters_t_functions();
+ } else {
+ print declare_needs($type, "");
+ print declare_serialise($type, "");
+ print declare_deserialise($type, "");
+
+ if ($type =~ /^psa_\w+_operation_t$/) {
+ print declare_needs($type, "server_");
+ print declare_serialise($type, "server_");
+ print declare_deserialise($type, "server_");
+ }
+ }
+ }
+
+} elsif ($which eq "c") {
+
+ my $have_operation_types = (grep(/psa_\w+_operation_t/, @types)) ? 1 : 0;
+
+ print c_header();
+ print c_define_types_for_operation_types() if $have_operation_types;
+
+ for my $type (@types) {
+ next unless $type =~ /^psa_(\w+)_operation_t$/;
+ print define_operation_type_data_and_functions($1);
+ }
+
+ print c_define_begins();
+
+ for my $type (@types) {
+ if ($type eq "buffer") {
+ print define_buffer_functions();
+ } elsif ($type eq "psa_key_production_parameters_t") {
+ print define_psa_key_production_parameters_t_functions();
+ } elsif (exists($isa{$type})) {
+ print define_needs_isa($type, $isa{$type});
+ print define_serialise_isa($type, $isa{$type});
+ print define_deserialise_isa($type, $isa{$type});
+ } else {
+ print define_needs($type);
+ print define_serialise($type);
+ print define_deserialise($type);
+
+ if ($type =~ /^psa_\w+_operation_t$/) {
+ print define_server_needs($type);
+ print define_server_serialise($type);
+ print define_server_deserialise($type);
+ }
+ }
+ }
+
+ print define_server_serialize_reset(@types);
+} else {
+ die("internal error - shouldn't happen");
+}
+
+sub declare_needs
+{
+ my ($type, $server) = @_;
+
+ my $an = ($type =~ /^[ui]/) ? "an" : "a";
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ my $ptr = (length($server)) ? "*" : "";
+
+ return <<EOF;
+
+/** Return how much buffer space is needed by \\c psasim_${server}serialise_$type_d()
+ * to serialise $an `$type`.
+ *
+ * \\param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \\return The number of bytes needed in the buffer by
+ * \\c psasim_serialise_$type_d() to serialise
+ * the given value.
+ */
+size_t psasim_${server}serialise_${type_d}_needs(
+ $type ${ptr}value);
+EOF
+}
+
+sub declare_serialise
+{
+ my ($type, $server) = @_;
+
+ my $an = ($type =~ /^[ui]/) ? "an" : "a";
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ if (length($server) && $type !~ /^psa_(\w+)_operation_t$/) {
+ die("$0: declare_server_serialise: $type: not supported\n");
+ }
+
+ my $server_side = (length($server)) ? " on the server side" : "";
+
+ my $ptr = (length($server)) ? "*" : "";
+
+ my $code = <<EOF;
+
+/** Serialise $an `$type` into a buffer${server_side}.
+ *
+ * \\param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \\param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \\param value The value to serialise into the buffer.
+EOF
+
+ $code .= <<EOF if length($server);
+ * \\param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+EOF
+
+ my $value_sep = (length($server)) ? "," : ");";
+
+ $code .= <<EOF;
+ *
+ * \\return \\c 1 on success ("okay"), \\c 0 on error.
+ */
+int psasim_${server}serialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type ${ptr}value$value_sep
+EOF
+
+ $code .= <<EOF if length($server);
+ int completed);
+EOF
+
+ return align_declaration($code);
+}
+
+sub declare_deserialise
+{
+ my ($type, $server) = @_;
+
+ my $an = ($type =~ /^[ui]/) ? "an" : "a";
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ my $server_side = (length($server)) ? " on the server side" : "";
+
+ my $ptr = (length($server)) ? "*" : "";
+
+ return align_declaration(<<EOF);
+
+/** Deserialise $an `$type` from a buffer${server_side}.
+ *
+ * \\param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \\param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \\param value Pointer to $an `$type` to receive the value
+ * deserialised from the buffer.
+ *
+ * \\return \\c 1 on success ("okay"), \\c 0 on error.
+ */
+int psasim_${server}deserialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type ${ptr}*value);
+EOF
+}
+
+sub declare_buffer_functions
+{
+ return <<'EOF';
+
+/** Return how much space is needed by \c psasim_serialise_buffer()
+ * to serialise a buffer: a (`uint8_t *`, `size_t`) pair.
+ *
+ * \param buffer Pointer to the buffer to be serialised
+ * (needed in case some serialisations are value-
+ * dependent).
+ * \param buffer_size Number of bytes in the buffer to be serialised.
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_buffer() to serialise
+ * the specified buffer.
+ */
+size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size);
+
+/** Serialise a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param buffer Pointer to the buffer to be serialised.
+ * \param buffer_length Number of bytes in the buffer to be serialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_buffer(uint8_t **pos, size_t *remaining,
+ const uint8_t *buffer, size_t buffer_length);
+
+/** Deserialise a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param buffer Pointer to a `uint8_t *` to receive the address
+ * of a newly-allocated buffer, which the caller
+ * must `free()`.
+ * \param buffer_length Pointer to a `size_t` to receive the number of
+ * bytes in the deserialised buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining,
+ uint8_t **buffer, size_t *buffer_length);
+
+/** Deserialise a buffer returned from the server.
+ *
+ * When the client is deserialising a buffer returned from the server, it needs
+ * to use this function to deserialised the returned buffer. It should use the
+ * usual \c psasim_serialise_buffer() function to serialise the outbound
+ * buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param buffer Pointer to a `uint8_t *` to receive the address
+ * of a newly-allocated buffer, which the caller
+ * must `free()`.
+ * \param buffer_length Pointer to a `size_t` to receive the number of
+ * bytes in the deserialised buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining,
+ uint8_t *buffer, size_t buffer_length);
+EOF
+}
+
+sub declare_psa_key_production_parameters_t_functions
+{
+ return <<'EOF';
+
+/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t()
+ * to serialise a psa_key_production_parameters_t (a structure with a flexible array member).
+ *
+ * \param params Pointer to the struct to be serialised
+ * (needed in case some serialisations are value-
+ * dependent).
+ * \param data_length Number of bytes in the data[] of the struct to be serialised.
+ *
+ * \return The number of bytes needed in the serialisation buffer by
+ * \c psasim_serialise_psa_key_production_parameters_t() to serialise
+ * the specified structure.
+ */
+size_t psasim_serialise_psa_key_production_parameters_t_needs(
+ const psa_key_production_parameters_t *params,
+ size_t buffer_size);
+
+/** Serialise a psa_key_production_parameters_t.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param params Pointer to the structure to be serialised.
+ * \param data_length Number of bytes in the data[] of the struct to be serialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ const psa_key_production_parameters_t *params,
+ size_t data_length);
+
+/** Deserialise a psa_key_production_parameters_t.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the serialisation buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the serialisation buffer.
+ * \param params Pointer to a `psa_key_production_parameters_t *` to
+ * receive the address of a newly-allocated structure,
+ * which the caller must `free()`.
+ * \param data_length Pointer to a `size_t` to receive the number of
+ * bytes in the data[] member of the structure deserialised.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining,
+ psa_key_production_parameters_t **params,
+ size_t *buffer_length);
+EOF
+}
+
+sub h_header
+{
+ return <<'EOF';
+/**
+ * \file psa_sim_serialise.h
+ *
+ * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <stdint.h>
+#include <stddef.h>
+
+#include "psa/crypto.h"
+#include "psa/crypto_types.h"
+#include "psa/crypto_values.h"
+
+/* Basic idea:
+ *
+ * All arguments to a function will be serialised into a single buffer to
+ * be sent to the server with the PSA crypto function to be called.
+ *
+ * All returned data (the function's return value and any values returned
+ * via `out` parameters) will similarly be serialised into a buffer to be
+ * sent back to the client from the server.
+ *
+ * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer"
+ * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions,
+ * psasim_serialise_foo() and psasim_deserialise_foo().
+ *
+ * We also have psasim_serialise_foo_needs() functions, which return a
+ * size_t giving the number of bytes that serialising that instance of that
+ * type will need. This allows callers to size buffers for serialisation.
+ *
+ * Each serialised buffer starts with a version byte, bytes that indicate
+ * the size of basic C types, and four bytes that indicate the endianness
+ * (to avoid incompatibilities if we ever run this over a network - we are
+ * not aiming for universality, just for correctness and simplicity).
+ *
+ * Most types are serialised as a fixed-size (per type) octet string, with
+ * no type indication. This is acceptable as (a) this is for the test PSA crypto
+ * simulator only, not production, and (b) these functions are called by
+ * code that itself is written by script.
+ *
+ * We also want to keep serialised data reasonably compact as communication
+ * between client and server goes in messages of less than 200 bytes each.
+ *
+ * Many serialisation functions can be created by a script; an exemplar Perl
+ * script is included. It is not hooked into the build and so must be run
+ * manually, but is expected to be replaced by a Python script in due course.
+ * Types that can have their functions created by script include plain old C
+ * data types (e.g. int), types typedef'd to those, and even structures that
+ * don't contain pointers.
+ */
+
+/** Reset all operation slots.
+ *
+ * Should be called when all clients have disconnected.
+ */
+void psa_sim_serialize_reset(void);
+
+/** Return how much buffer space is needed by \c psasim_serialise_begin().
+ *
+ * \return The number of bytes needed in the buffer for
+ * \c psasim_serialise_begin()'s output.
+ */
+size_t psasim_serialise_begin_needs(void);
+
+/** Begin serialisation into a buffer.
+ *
+ * This must be the first serialisation API called
+ * on a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error (likely
+ * no space).
+ */
+int psasim_serialise_begin(uint8_t **pos, size_t *remaining);
+
+/** Begin deserialisation of a buffer.
+ *
+ * This must be the first deserialisation API called
+ * on a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_begin(uint8_t **pos, size_t *remaining);
+EOF
+}
+
+sub define_needs
+{
+ my ($type) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return <<EOF;
+
+size_t psasim_serialise_${type_d}_needs(
+ $type value)
+{
+ return sizeof(value);
+}
+EOF
+}
+
+sub define_server_needs
+{
+ my ($type) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return <<EOF;
+
+size_t psasim_server_serialise_${type_d}_needs(
+ $type *operation)
+{
+ (void) operation;
+
+ /* We will actually return a handle */
+ return sizeof(psasim_operation_t);
+}
+EOF
+}
+
+sub define_needs_isa
+{
+ my ($type, $isa) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ my $isa_d = $isa;
+ $isa_d =~ s/ /_/g;
+
+ return <<EOF;
+
+size_t psasim_serialise_${type_d}_needs(
+ $type value)
+{
+ return psasim_serialise_${isa_d}_needs(value);
+}
+EOF
+}
+
+sub define_serialise
+{
+ my ($type) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_serialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+EOF
+}
+
+sub define_server_serialise
+{
+ my ($type) = @_;
+
+ my $t;
+ if ($type =~ /^psa_(\w+)_operation_t$/) {
+ $t = $1;
+ } else {
+ die("$0: define_server_serialise: $type: not supported\n");
+ }
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_server_serialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type *operation,
+ int completed)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(client_operation)) {
+ return 0;
+ }
+
+ ssize_t slot = operation - ${t}_operations;
+
+ if (completed) {
+ memset(&${t}_operations[slot],
+ 0,
+ sizeof($type_d));
+ ${t}_operation_handles[slot] = 0;
+ }
+
+ client_operation.handle = ${t}_operation_handles[slot];
+
+ memcpy(*pos, &client_operation, sizeof(client_operation));
+ *pos += sizeof(client_operation);
+
+ return 1;
+}
+EOF
+}
+
+sub define_serialise_isa
+{
+ my ($type, $isa) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ my $isa_d = $isa;
+ $isa_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_serialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type value)
+{
+ return psasim_serialise_$isa_d(pos, remaining, value);
+}
+EOF
+}
+
+sub define_deserialise
+{
+ my ($type) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_deserialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+EOF
+}
+
+sub define_server_deserialise
+{
+ my ($type) = @_;
+
+ my $t;
+ if ($type =~ /^psa_(\w+)_operation_t$/) {
+ $t = $1;
+ } else {
+ die("$0: define_server_deserialise: $type: not supported\n");
+ }
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_server_deserialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type **operation)
+{
+ psasim_operation_t client_operation;
+
+ if (*remaining < sizeof(psasim_operation_t)) {
+ return 0;
+ }
+
+ memcpy(&client_operation, *pos, sizeof(psasim_operation_t));
+ *pos += sizeof(psasim_operation_t);
+ *remaining -= sizeof(psasim_operation_t);
+
+ ssize_t slot;
+ if (client_operation.handle == 0) { /* We need a new handle */
+ slot = allocate_${t}_operation_slot();
+ } else {
+ slot = find_${t}_slot_by_handle(client_operation.handle);
+ }
+
+ if (slot < 0) {
+ return 0;
+ }
+
+ *operation = &${t}_operations[slot];
+
+ return 1;
+}
+EOF
+}
+
+sub define_deserialise_isa
+{
+ my ($type, $isa) = @_;
+
+ my $type_d = $type;
+ $type_d =~ s/ /_/g;
+
+ my $isa_d = $isa;
+ $isa_d =~ s/ /_/g;
+
+ return align_signature(<<EOF);
+
+int psasim_deserialise_$type_d(uint8_t **pos,
+ size_t *remaining,
+ $type *value)
+{
+ return psasim_deserialise_$isa_d(pos, remaining, value);
+}
+EOF
+}
+
+sub define_buffer_functions
+{
+ return <<'EOF';
+
+size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size)
+{
+ (void) buffer;
+ return sizeof(buffer_size) + buffer_size;
+}
+
+int psasim_serialise_buffer(uint8_t **pos,
+ size_t *remaining,
+ const uint8_t *buffer,
+ size_t buffer_length)
+{
+ if (*remaining < sizeof(buffer_length) + buffer_length) {
+ return 0;
+ }
+
+ memcpy(*pos, &buffer_length, sizeof(buffer_length));
+ *pos += sizeof(buffer_length);
+
+ if (buffer_length > 0) { // To be able to serialise (NULL, 0)
+ memcpy(*pos, buffer, buffer_length);
+ *pos += buffer_length;
+ }
+
+ return 1;
+}
+
+int psasim_deserialise_buffer(uint8_t **pos,
+ size_t *remaining,
+ uint8_t **buffer,
+ size_t *buffer_length)
+{
+ if (*remaining < sizeof(*buffer_length)) {
+ return 0;
+ }
+
+ memcpy(buffer_length, *pos, sizeof(*buffer_length));
+
+ *pos += sizeof(buffer_length);
+ *remaining -= sizeof(buffer_length);
+
+ if (*buffer_length == 0) { // Deserialise (NULL, 0)
+ *buffer = NULL;
+ return 1;
+ }
+
+ if (*remaining < *buffer_length) {
+ return 0;
+ }
+
+ uint8_t *data = malloc(*buffer_length);
+ if (data == NULL) {
+ return 0;
+ }
+
+ memcpy(data, *pos, *buffer_length);
+ *pos += *buffer_length;
+ *remaining -= *buffer_length;
+
+ *buffer = data;
+
+ return 1;
+}
+
+/* When the client is deserialising a buffer returned from the server, it needs
+ * to use this function to deserialised the returned buffer. It should use the
+ * usual \c psasim_serialise_buffer() function to serialise the outbound
+ * buffer. */
+int psasim_deserialise_return_buffer(uint8_t **pos,
+ size_t *remaining,
+ uint8_t *buffer,
+ size_t buffer_length)
+{
+ if (*remaining < sizeof(buffer_length)) {
+ return 0;
+ }
+
+ size_t length_check;
+
+ memcpy(&length_check, *pos, sizeof(buffer_length));
+
+ *pos += sizeof(buffer_length);
+ *remaining -= sizeof(buffer_length);
+
+ if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server
+ return 0;
+ }
+
+ if (length_check == 0) { // Deserialise (NULL, 0)
+ return 1;
+ }
+
+ if (*remaining < buffer_length) {
+ return 0;
+ }
+
+ memcpy(buffer, *pos, buffer_length);
+ *pos += buffer_length;
+ *remaining -= buffer_length;
+
+ return 1;
+}
+EOF
+}
+
+sub define_psa_key_production_parameters_t_functions
+{
+ return <<'EOF';
+
+#define SER_TAG_SIZE 4
+
+size_t psasim_serialise_psa_key_production_parameters_t_needs(
+ const psa_key_production_parameters_t *params,
+ size_t data_length)
+{
+ /* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning,
+ * followed by size_t data_length, then the actual data from the structure.
+ */
+ return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length;
+}
+
+int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ const psa_key_production_parameters_t *params,
+ size_t data_length)
+{
+ if (data_length > UINT32_MAX / 2) { /* arbitrary limit */
+ return 0; /* too big to serialise */
+ }
+
+ /* We use 32-bit lengths, which should be enough for any reasonable usage :) */
+ /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */
+ uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length);
+ if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) {
+ return 0;
+ }
+
+ char tag[SER_TAG_SIZE] = "PKPP";
+
+ memcpy(*pos, tag, sizeof(tag));
+ memcpy(*pos + sizeof(tag), &len, sizeof(len));
+ *pos += sizeof(tag) + sizeof(len);
+ *remaining -= sizeof(tag) + sizeof(len);
+
+ memcpy(*pos, &data_length, sizeof(data_length));
+ memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length);
+ *pos += sizeof(data_length) + sizeof(*params) + data_length;
+ *remaining -= sizeof(data_length) + sizeof(*params) + data_length;
+
+ return 1;
+}
+
+int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos,
+ size_t *remaining,
+ psa_key_production_parameters_t **params,
+ size_t *data_length)
+{
+ if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) {
+ return 0; /* can't even be an empty serialisation */
+ }
+
+ char tag[SER_TAG_SIZE] = "PKPP"; /* expected */
+ uint32_t len;
+
+ memcpy(&len, *pos + sizeof(tag), sizeof(len));
+
+ if (memcmp(*pos, tag, sizeof(tag)) != 0) {
+ return 0; /* wrong tag */
+ }
+
+ *pos += sizeof(tag) + sizeof(len);
+ *remaining -= sizeof(tag) + sizeof(len);
+
+ if (*remaining < sizeof(*data_length)) {
+ return 0; /* missing data_length */
+ }
+ memcpy(data_length, *pos, sizeof(*data_length));
+
+ if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) {
+ return 0; /* wrong length */
+ }
+
+ if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) {
+ return 0; /* not enough data provided */
+ }
+
+ *pos += sizeof(data_length);
+ *remaining -= sizeof(data_length);
+
+ psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length);
+ if (out == NULL) {
+ return 0; /* allocation failure */
+ }
+
+ memcpy(out, *pos, sizeof(*out) + *data_length);
+ *pos += sizeof(*out) + *data_length;
+ *remaining -= sizeof(*out) + *data_length;
+
+ *params = out;
+
+ return 1;
+}
+EOF
+}
+
+sub c_header
+{
+ return <<'EOF';
+/**
+ * \file psa_sim_serialise.c
+ *
+ * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa_sim_serialise.h"
+#include "util.h"
+#include <stdlib.h>
+#include <string.h>
+
+/* Basic idea:
+ *
+ * All arguments to a function will be serialised into a single buffer to
+ * be sent to the server with the PSA crypto function to be called.
+ *
+ * All returned data (the function's return value and any values returned
+ * via `out` parameters) will similarly be serialised into a buffer to be
+ * sent back to the client from the server.
+ *
+ * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer"
+ * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions,
+ * psasim_serialise_foo() and psasim_deserialise_foo().
+ *
+ * We also have psasim_serialise_foo_needs() functions, which return a
+ * size_t giving the number of bytes that serialising that instance of that
+ * type will need. This allows callers to size buffers for serialisation.
+ *
+ * Each serialised buffer starts with a version byte, bytes that indicate
+ * the size of basic C types, and four bytes that indicate the endianness
+ * (to avoid incompatibilities if we ever run this over a network - we are
+ * not aiming for universality, just for correctness and simplicity).
+ *
+ * Most types are serialised as a fixed-size (per type) octet string, with
+ * no type indication. This is acceptable as (a) this is for the test PSA crypto
+ * simulator only, not production, and (b) these functions are called by
+ * code that itself is written by script.
+ *
+ * We also want to keep serialised data reasonably compact as communication
+ * between client and server goes in messages of less than 200 bytes each.
+ *
+ * Many serialisation functions can be created by a script; an exemplar Perl
+ * script is included. It is not hooked into the build and so must be run
+ * manually, but is expected to be replaced by a Python script in due course.
+ * Types that can have their functions created by script include plain old C
+ * data types (e.g. int), types typedef'd to those, and even structures that
+ * don't contain pointers.
+ */
+EOF
+}
+
+sub c_define_types_for_operation_types
+{
+ return <<'EOF';
+
+/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t;
+ * but we don't get it on server builds, so redefine it here with a unique type name
+ */
+typedef uint32_t psasim_client_handle_t;
+
+typedef struct psasim_operation_s {
+ psasim_client_handle_t handle;
+} psasim_operation_t;
+
+#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */
+EOF
+}
+
+sub define_operation_type_data_and_functions
+{
+ my ($type) = @_; # e.g. 'hash' rather than 'psa_hash_operation_t'
+
+ my $utype = ucfirst($type);
+
+ return <<EOF;
+
+static psa_${type}_operation_t ${type}_operations[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t ${type}_operation_handles[
+ MAX_LIVE_HANDLES_PER_CLASS];
+static psasim_client_handle_t next_${type}_operation_handle = 1;
+
+/* Get a free slot */
+static ssize_t allocate_${type}_operation_slot(void)
+{
+ psasim_client_handle_t handle = next_${type}_operation_handle++;
+ if (next_${type}_operation_handle == 0) { /* wrapped around */
+ FATAL("$utype operation handle wrapped");
+ }
+
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (${type}_operation_handles[i] == 0) {
+ ${type}_operation_handles[i] = handle;
+ return i;
+ }
+ }
+
+ ERROR("All slots are currently used. Unable to allocate a new one.");
+
+ return -1; /* all in use */
+}
+
+/* Find the slot given the handle */
+static ssize_t find_${type}_slot_by_handle(psasim_client_handle_t handle)
+{
+ for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) {
+ if (${type}_operation_handles[i] == handle) {
+ return i;
+ }
+ }
+
+ ERROR("Unable to find slot by handle %u", handle);
+
+ return -1; /* not found */
+}
+EOF
+}
+
+sub c_define_begins
+{
+ return <<'EOF';
+
+size_t psasim_serialise_begin_needs(void)
+{
+ /* The serialisation buffer will
+ * start with a byte of 0 to indicate version 0,
+ * then have 1 byte each for length of int, long, void *,
+ * then have 4 bytes to indicate endianness. */
+ return 4 + sizeof(uint32_t);
+}
+
+int psasim_serialise_begin(uint8_t **pos, size_t *remaining)
+{
+ uint32_t endian = 0x1234;
+
+ if (*remaining < 4 + sizeof(endian)) {
+ return 0;
+ }
+
+ *(*pos)++ = 0; /* version */
+ *(*pos)++ = (uint8_t) sizeof(int);
+ *(*pos)++ = (uint8_t) sizeof(long);
+ *(*pos)++ = (uint8_t) sizeof(void *);
+
+ memcpy(*pos, &endian, sizeof(endian));
+
+ *pos += sizeof(endian);
+
+ return 1;
+}
+
+int psasim_deserialise_begin(uint8_t **pos, size_t *remaining)
+{
+ uint8_t version = 255;
+ uint8_t int_size = 0;
+ uint8_t long_size = 0;
+ uint8_t ptr_size = 0;
+ uint32_t endian;
+
+ if (*remaining < 4 + sizeof(endian)) {
+ return 0;
+ }
+
+ memcpy(&version, (*pos)++, sizeof(version));
+ if (version != 0) {
+ return 0;
+ }
+
+ memcpy(&int_size, (*pos)++, sizeof(int_size));
+ if (int_size != sizeof(int)) {
+ return 0;
+ }
+
+ memcpy(&long_size, (*pos)++, sizeof(long_size));
+ if (long_size != sizeof(long)) {
+ return 0;
+ }
+
+ memcpy(&ptr_size, (*pos)++, sizeof(ptr_size));
+ if (ptr_size != sizeof(void *)) {
+ return 0;
+ }
+
+ *remaining -= 4;
+
+ memcpy(&endian, *pos, sizeof(endian));
+ if (endian != 0x1234) {
+ return 0;
+ }
+
+ *pos += sizeof(endian);
+ *remaining -= sizeof(endian);
+
+ return 1;
+}
+EOF
+}
+
+# Return the code for psa_sim_serialize_reset()
+sub define_server_serialize_reset
+{
+ my @types = @_;
+
+ my $code = <<EOF;
+
+void psa_sim_serialize_reset(void)
+{
+EOF
+
+ for my $type (@types) {
+ next unless $type =~ /^psa_(\w+_operation)_t$/;
+
+ my $what = $1; # e.g. "hash_operation"
+
+ $code .= <<EOF;
+ memset(${what}_handles, 0,
+ sizeof(${what}_handles));
+ memset(${what}s, 0,
+ sizeof(${what}s));
+EOF
+ }
+
+ $code .= <<EOF;
+}
+EOF
+}
+
+# Horrible way to align first few lines of function signature to appease
+# uncrustify (these are usually the 2nd-4th lines of code, indices 1, 2 and 3)
+#
+sub align_signature
+{
+ my ($code) = @_;
+
+ my @code = split(/\n/, $code);
+
+ my $i = 1;
+ # Find where the ( is
+ my $idx = index($code[$i], "(");
+ die("can't find (") if $idx < 0;
+
+ my $indent = " " x ($idx + 1);
+
+ do {
+ # Indent each line up until the one that ends with )
+ $code[++$i] =~ s/^\s+/$indent/;
+ } while $code[$i] !~ /\)$/;
+
+ return join("\n", @code) . "\n";
+}
+
+# Horrible way to align the function declaration to appease uncrustify
+#
+sub align_declaration
+{
+ my ($code) = @_;
+
+ my @code = split(/\n/, $code);
+
+ # Find out which lines we need to massage
+ my $i;
+ for ($i = 0; $i <= $#code; $i++) {
+ last if $code[$i] =~ /^int psasim_/;
+ }
+ die("can't find int psasim_") if $i > $#code;
+
+ # Find where the ( is
+ my $idx = index($code[$i], "(");
+ die("can't find (") if $idx < 0;
+
+ my $indent = " " x ($idx + 1);
+ do {
+ # Indent each line up until the one with the ; on it
+ $code[++$i] =~ s/^\s+/$indent/;
+ } while ($code[$i] !~ /;/);
+
+ return join("\n", @code) . "\n";
+}
diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c
new file mode 100644
index 0000000..10ab5a2
--- /dev/null
+++ b/tests/psa-client-server/psasim/src/server.c
@@ -0,0 +1,116 @@
+/* psasim test server */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <unistd.h>
+#include <stdio.h>
+
+/* Includes from psasim */
+#include "service.h"
+#include "error_ext.h"
+#include "util.h"
+#include "psa_manifest/manifest.h"
+#include "psa_functions_codes.h"
+
+/* Includes from mbedtls */
+#include "mbedtls/version.h"
+#include "psa/crypto.h"
+
+#ifdef DEBUG
+#define SERVER_PRINT(fmt, ...) \
+ PRINT("Server: " fmt, ##__VA_ARGS__)
+#else
+#define SERVER_PRINT(...)
+#endif
+
+#define BUF_SIZE 25
+
+static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */
+
+void parse_input_args(int argc, char *argv[])
+{
+ int opt;
+
+ while ((opt = getopt(argc, argv, "k")) != -1) {
+ switch (opt) {
+ case 'k':
+ kill_on_disconnect = 1;
+ break;
+ default:
+ fprintf(stderr, "Usage: %s [-k]\n", argv[0]);
+ exit(EXIT_FAILURE);
+ }
+ }
+}
+
+int psa_server_main(int argc, char *argv[])
+{
+ psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR;
+ psa_msg_t msg = { -1 };
+ const int magic_num = 66;
+ int client_disconnected = 0;
+ char mbedtls_version[18];
+ extern psa_status_t psa_crypto_call(psa_msg_t msg);
+ extern psa_status_t psa_crypto_close(void);
+
+ mbedtls_version_get_string_full(mbedtls_version);
+ SERVER_PRINT("%s", mbedtls_version);
+
+ parse_input_args(argc, argv);
+ SERVER_PRINT("Starting");
+
+ while (!(kill_on_disconnect && client_disconnected)) {
+ psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK);
+
+ if (signals > 0) {
+ SERVER_PRINT("Signals: 0x%08x", signals);
+ }
+
+ if (signals & PSA_CRYPTO_SIGNAL) {
+ if (PSA_SUCCESS == psa_get(PSA_CRYPTO_SIGNAL, &msg)) {
+ SERVER_PRINT("handle: %d - rhandle: %p", msg.handle, (int *) msg.rhandle);
+ switch (msg.type) {
+ case PSA_IPC_CONNECT:
+ SERVER_PRINT("Got a connection message");
+ psa_set_rhandle(msg.handle, (void *) &magic_num);
+ ret = PSA_SUCCESS;
+ break;
+ case PSA_IPC_DISCONNECT:
+ SERVER_PRINT("Got a disconnection message");
+ ret = PSA_SUCCESS;
+ client_disconnected = 1;
+ psa_crypto_close();
+ break;
+ default:
+ SERVER_PRINT("Got an IPC call of type %d", msg.type);
+ ret = psa_crypto_call(msg);
+ SERVER_PRINT("Internal function call returned %d", ret);
+
+ if (msg.client_id > 0) {
+ psa_notify(msg.client_id);
+ } else {
+ SERVER_PRINT("Client is non-secure, so won't notify");
+ }
+ }
+
+ psa_reply(msg.handle, ret);
+ } else {
+ SERVER_PRINT("Failed to retrieve message");
+ }
+ } else if (SIGSTP_SIG & signals) {
+ SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it.");
+ psa_eoi(SIGSTP_SIG);
+ } else if (SIGINT_SIG & signals) {
+ SERVER_PRINT("Handling interrupt!");
+ SERVER_PRINT("Gracefully quitting");
+ psa_panic();
+ } else {
+ SERVER_PRINT("No signal asserted");
+ }
+ }
+
+ return 0;
+}
diff --git a/tests/psa-client-server/psasim/test/kill_server.sh b/tests/psa-client-server/psasim/test/kill_server.sh
new file mode 100755
index 0000000..7aba5a3
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/kill_server.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+pkill psa_server || true
+
+# Remove temporary files and logs
+rm -f psa_notify_*
+rm -f psa_service_*
+rm -f psa_server.log
+
+# Remove all IPCs
+ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh
new file mode 100755
index 0000000..ac9c4c8
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/run_test.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This is a simple bash script that tests psa_client/psa_server interaction.
+# This script is automatically executed when "make run" is launched by the
+# "psasim" root folder. The script can also be launched manually once
+# binary files are built (i.e. after "make test" is executed from the "psasim"
+# root folder).
+
+set -e
+
+cd "$(dirname "$0")"
+
+CLIENT_BIN=$1
+shift
+
+ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
+
+./start_server.sh
+./$CLIENT_BIN "$@"
+
+# Kill server once client exited
+pkill psa_server
diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh
new file mode 100755
index 0000000..fcc8a97
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/start_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+# The server creates some local files when it starts up so we can wait for this
+# event as signal that the server is ready so that we can start client(s).
+function wait_for_server_startup() {
+ while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do
+ sleep 0.1
+ done
+}
+
+$(dirname "$0")/kill_server.sh
+
+$(dirname "$0")/psa_server &
+wait_for_server_startup
diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py
new file mode 100755
index 0000000..fbc9806
--- /dev/null
+++ b/tests/psa-client-server/psasim/tools/psa_autogen.py
@@ -0,0 +1,174 @@
+#!/usr/bin/env python3
+"""This hacky script generates a partition from a manifest file"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import json
+import os
+import sys
+from os import listdir
+
+if len(sys.argv) != 2:
+ print("Usage: psa_autogen <manifest_file>")
+ sys.exit(1)
+
+FILENAME = str(sys.argv[1])
+
+SCRIPT_PATH = os.path.dirname(__file__)
+GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest")
+GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src")
+
+MANIFEST_FILE = os.path.join(GENERATED_H_PATH, "manifest.h")
+PID_FILE = os.path.join(GENERATED_H_PATH, "pid.h")
+SID_FILE = os.path.join(GENERATED_H_PATH, "sid.h")
+
+with open(str(FILENAME), "r") as read_file:
+ data = json.load(read_file)
+ FILENAME = os.path.basename(FILENAME)
+ FILENAME = FILENAME.split('.')[0]
+ print("Base filename is " + str(FILENAME))
+
+ if str(data['psa_framework_version'] == "1.0"):
+ entry_point = str(data['entry_point'])
+ partition_name = str(data['name'])
+ services = data['services']
+ try:
+ irqs = data['irqs']
+ except KeyError:
+ irqs = []
+
+ try:
+ os.mkdir(GENERATED_H_PATH)
+ print("Generating psa_manifest directory")
+ except OSError:
+ print("PSA manifest directory already exists")
+
+ manifest_content = []
+ pids_content = []
+ sids_content = []
+
+ if len(services) > 28:
+ print ("Unsupported number of services")
+
+ count = 4 # For creating SID array
+ nsacl = "const int ns_allowed[32] = { "
+ policy = "const int strict_policy[32] = { "
+ qcode = "const char *psa_queues[] = { "
+ versions = "const uint32_t versions[32] = { "
+ queue_path = "psa_service_"
+ start = False
+
+ for x in range(0, count):
+ qcode = qcode + "\"\", "
+ nsacl = nsacl + "0, "
+ policy = policy + "0, "
+ versions = versions + "0, "
+
+ # Go through all the services to make sid.h and pid.h
+ for svc in services:
+ manifest_content.append("#define {}_SIGNAL 0x{:08x}".format(svc['signal'], 2**count))
+ sids_content.append("#define {}_SID {}".format(svc['name'], svc['sid']))
+ qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\","
+ ns_clients = svc['non_secure_clients']
+ print(str(svc))
+ if ns_clients == "true":
+ nsacl = nsacl + "1, "
+ else:
+ nsacl = nsacl + "0, "
+ try:
+ versions = versions + str(svc['minor_version']) + ", "
+ except KeyError:
+ versions = versions + "1, "
+
+ strict = 0
+ try:
+ if str(svc['minor_policy']).lower() == "strict":
+ strict = 1
+ policy = policy + "1, "
+ else:
+ policy = policy + "0, "
+ except KeyError:
+ strict = 0
+ policy = policy + "0, "
+
+ count = count+1
+
+ sigcode = ""
+ handlercode = "void __sig_handler(int signo) {\n"
+ irqcount = count
+ for irq in irqs:
+ manifest_content.append("#define {} 0x{:08x}".format(irq['signal'], 2**irqcount))
+ sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source'])
+ handlercode = handlercode + \
+ " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount)
+ irqcount = irqcount+1
+
+ handlercode = handlercode + "}\n"
+
+ while (count < 32):
+ qcode = qcode + "\"\", "
+ nsacl = nsacl + "0, "
+ versions = versions + "0, "
+ policy = policy + "0, "
+ count = count + 1
+
+ qcode = qcode + "};\n"
+ nsacl = nsacl + "};\n"
+ versions = versions + "};\n"
+ policy = policy + "};\n"
+
+ with open(MANIFEST_FILE, "wt") as output:
+ output.write("\n".join(manifest_content))
+ with open(SID_FILE, "wt") as output:
+ output.write("\n".join(sids_content))
+ with open(PID_FILE, "wt") as output:
+ output.write("\n".join(pids_content))
+
+ symbols = []
+
+ # Go through source files and look for the entrypoint
+ for root, directories, filenames in os.walk(GENERATED_C_PATH):
+ for filename in filenames:
+ if "psa_ff_bootstrap" in filename or filename == "psa_manifest":
+ continue
+ try:
+ fullpath = os.path.join(root,filename)
+ with open(fullpath, encoding='utf-8') as currentFile:
+ text = currentFile.read()
+ if str(entry_point + "(") in text:
+ symbols.append(filename)
+ except IOError:
+ print("Couldn't open " + filename)
+ except UnicodeDecodeError:
+ pass
+
+ print(str("Number of entrypoints detected: " + str(len(symbols))))
+ if len(symbols) < 1:
+ print("Couldn't find function " + entry_point)
+ sys.exit(1)
+ elif len(symbols) > 1:
+ print("Duplicate entrypoint symbol detected: " + str(symbols))
+ sys.exit(2)
+ else:
+ C_FILENAME = os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c")
+ c_content = []
+ c_content.append("#include <init.h>")
+ c_content.append("#include \"" + symbols[0] + "\"")
+ c_content.append("#include <signal.h>")
+ c_content.append(qcode)
+ c_content.append(nsacl)
+ c_content.append(policy)
+ c_content.append(versions)
+ c_content.append(handlercode)
+ c_content.append("int main(int argc, char *argv[]) {")
+ c_content.append(" (void) argc;")
+ c_content.append(sigcode)
+ c_content.append(" __init_psasim(psa_queues, 32, ns_allowed, versions,"
+ "strict_policy);")
+ c_content.append(" " + entry_point + "(argc, argv);")
+ c_content.append("}")
+ with open(C_FILENAME, "wt") as output:
+ output.write("\n".join(c_content))
+
+ print("Success")
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3eca325..3417b0d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -44,7 +44,7 @@
# * GNUTLS_{CLI,SERV} = 3.4.10
# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
-# * OPENSSL_NEXT = 1.1.1a
+# * OPENSSL_NEXT = 3.1.2
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
@@ -133,10 +133,11 @@
pre_initialize_variables () {
if in_mbedtls_repo; then
CONFIG_H='include/mbedtls/mbedtls_config.h'
+ CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
else
CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
+ CRYPTO_CONFIG_H='include/psa/crypto_config.h'
fi
- CRYPTO_CONFIG_H='include/psa/crypto_config.h'
CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
# Files that are clobbered by some jobs will be backed up. Use a different
@@ -195,6 +196,10 @@
export CC="clang"
fi
+ if [ -n "${OPENSSL_3+set}" ]; then
+ export OPENSSL_NEXT="$OPENSSL_3"
+ fi
+
# Include more verbose output for failing tests run by CMake or make
export CTEST_OUTPUT_ON_FAILURE=1
@@ -212,6 +217,8 @@
# defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
+ PSASIM_PATH='tests/psa-client-server/psasim/'
+
# Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment
}
@@ -323,8 +330,10 @@
-iname CTestTestfile.cmake -o \
-iname CMakeCache.txt -o \
-path './cmake/*.cmake' \) -exec rm -f {} \+
- # Recover files overwritten by in-tree CMake builds
- rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
+ # Remove Makefiles generated by in-tree CMake builds
+ rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile
+ rm -f include/Makefile programs/!(fuzz)/Makefile
+ rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@@ -349,6 +358,24 @@
done
}
+# This is a helper function to be used in psasim builds. It is meant to clean
+# up the library's workspace after the server build and before the client
+# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
+# already copied to psasim folder at this point.
+helper_psasim_cleanup_before_client() {
+ # Clean up library files
+ make -C library clean
+ # Clean up intermediate files that were used to build the server
+ make -C $PSASIM_PATH clean_server_intermediate_files
+ # Restore files that were backup before building library files. This
+ # includes $CONFIG_H and $CRYPTO_CONFIG_H.
+ for x in $files_to_back_up; do
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
+ done
+}
+
# Final cleanup when this script exits (except when exiting on a failure
# in non-keep-going mode).
final_cleanup () {
@@ -912,6 +939,86 @@
fi
}
+# Build the drivers library libtestdriver1.a (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# 2. optional: a space-separate list of things to also support.
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_drivers() {
+ loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+}
+
+# Build the main libraries, programs and tests,
+# linking to the drivers library (with ASan).
+#
+# Parameters:
+# 1. a space-separated list of things to accelerate;
+# *. remaining arguments if any are passed directly to make
+# (examples: lib, -C tests test_suite_xxx, etc.)
+# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
+helper_libtestdriver1_make_main() {
+ loc_accel_list=$1
+ shift
+
+ # we need flags both with and without the LIBTESTDRIVER1_ prefix
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
+}
+
+# Set some default values $CONFIG_H in order to build server or client sides
+# in PSASIM. There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_config() {
+ TARGET=$1
+
+ if [ "$TARGET" == "client" ]; then
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
+ # Dynamic secure element support is a deprecated feature and it is not
+ # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Disable potentially problematic features
+ scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ else
+ scripts/config.py crypto_full
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
+ # We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
+ fi
+}
+
+# Helper to build the libraries for client/server in PSASIM. If the server is
+# being built, then it builds also the final executable.
+# There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_build() {
+ TARGET=$1
+ shift
+ TARGET_LIB=${TARGET}_libs
+
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+
+ # Build also the server application after its libraries have been built.
+ if [ "$TARGET" == "server" ]; then
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
+ fi
+}
+
+################################################################
+#### Configuration helpers
+################################################################
+
# When called with no parameter this function disables all builtin curves.
# The function optionally accepts 1 parameter: a space-separated list of the
# curves that should be kept enabled.
@@ -965,33 +1072,22 @@
echo "$loc_list"
}
-# Build the drivers library libtestdriver1.a (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# 2. optional: a space-separate list of things to also support.
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_drivers() {
- loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# Build the main libraries, programs and tests,
-# linking to the drivers library (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# *. remaining arguments if any are passed directly to make
-# (examples: lib, -C tests test_suite_xxx, etc.)
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_main() {
- loc_accel_list=$1
- shift
-
- # we need flags both with and without the LIBTESTDRIVER1_ prefix
- loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
+# Helper function for controlling (start & stop) the psasim server.
+helper_psasim_server() {
+ OPERATION=$1
+ if [ "$OPERATION" == "start" ]; then
+ (
+ cd tests
+ msg "start server"
+ psa-client-server/psasim/test/start_server.sh
+ )
+ else
+ (
+ cd tests
+ msg "terminate server and cleanup"
+ psa-client-server/psasim//test/kill_server.sh
+ )
+ fi
}
################################################################
@@ -1212,14 +1308,19 @@
msg "test: main suites (inc. selftests) (full config, ASan build)"
make test
- msg "test: selftest (ASan build)" # ~ 10s
+ msg "test: selftest (full config, ASan build)" # ~ 10s
programs/test/selftest
msg "test: ssl-opt.sh (full config, ASan build)"
tests/ssl-opt.sh
- msg "test: compat.sh (full config, ASan build)"
- tests/compat.sh
+ # Note: the next two invocations cover all compat.sh test cases.
+ # We should use the same here and in basic-build-test.sh.
+ msg "test: compat.sh: default version (full config, ASan build)"
+ tests/compat.sh -e 'ARIA\|CHACHA'
+
+ msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)"
+ env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
tests/context-info.sh
@@ -1233,19 +1334,24 @@
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
- msg "test: main suites (inc. selftests) (full config, ASan build)"
+ msg "test: main suites (inc. selftests) (full config, new bignum, ASan)"
make test
- msg "test: selftest (ASan build)" # ~ 10s
+ msg "test: selftest (full config, new bignum, ASan)" # ~ 10s
programs/test/selftest
- msg "test: ssl-opt.sh (full config, ASan build)"
+ msg "test: ssl-opt.sh (full config, new bignum, ASan)"
tests/ssl-opt.sh
- msg "test: compat.sh (full config, ASan build)"
- tests/compat.sh
+ # Note: the next two invocations cover all compat.sh test cases.
+ # We should use the same here and in basic-build-test.sh.
+ msg "test: compat.sh: default version (full config, new bignum, ASan)"
+ tests/compat.sh -e 'ARIA\|CHACHA'
- msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
+ msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)"
+ env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+
+ msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec
tests/context-info.sh
}
@@ -1296,74 +1402,14 @@
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
-# Get a list of library-wise undefined symbols and ensure that they only
-# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
-# This function is a common helper used by both:
-# - component_test_default_psa_crypto_client_without_crypto_provider
-# - component_build_full_psa_crypto_client_without_crypto_provider.
-common_check_mbedtls_missing_symbols() {
- nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
- nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
- comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
- not grep mbedtls_ linking_errors.txt
-
- rm sym_def.txt sym_undef.txt linking_errors.txt
-}
-
-component_test_default_psa_crypto_client_without_crypto_provider () {
- msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
- scripts/config.py unset MBEDTLS_LMS_C
-
- make
-
- msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- common_check_mbedtls_missing_symbols
-
- msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- make test
-}
-
-component_build_full_psa_crypto_client_without_crypto_provider () {
- msg "build: full config - PSA_CRYPTO_C"
-
- # Use full config which includes USE_PSA and CRYPTO_CLIENT.
- scripts/config.py full
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- # Dynamic secure element support is a deprecated feature and it is not
- # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # Since there is no crypto provider in this build it is not possible to
- # build all the test executables and progrems due to missing PSA functions
- # at link time. Therefore we will just build libraries and we'll check
- # that symbols of interest are there.
- make lib
-
- msg "check missing symbols: full config - PSA_CRYPTO_C"
-
- common_check_mbedtls_missing_symbols
-
- # Ensure that desired functions are included into the build (extend the
- # following list as required).
- grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
- grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
- grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
-}
-
-component_test_psa_crypto_rsa_no_genprime() {
- msg "build: default config minus MBEDTLS_GENPRIME"
+component_test_no_rsa_key_pair_generation() {
+ msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_GENPRIME
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
make
- msg "test: default config minus MBEDTLS_GENPRIME"
+ msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
make test
}
@@ -1634,7 +1680,7 @@
component_test_crypto_full_md_light_only () {
msg "build: crypto_full with only the light subset of MD"
scripts/config.py crypto_full
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
+
# Disable MD
scripts/config.py unset MBEDTLS_MD_C
# Disable direct dependencies of MD_C
@@ -1643,6 +1689,7 @@
scripts/config.py unset MBEDTLS_PKCS7_C
# Disable indirect dependencies of MD_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
# Disable things that would auto-enable MD_C
scripts/config.py unset MBEDTLS_PKCS5_C
@@ -1658,68 +1705,28 @@
make test
}
-component_test_full_no_cipher_no_psa_crypto () {
- msg "build: full no CIPHER no PSA_CRYPTO_C"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_CIPHER_C
- # Don't pull in cipher via PSA mechanisms
- # (currently ignored anyway because we completely disable PSA)
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- # Disable features that depend on CIPHER_C
- scripts/config.py unset MBEDTLS_CMAC_C
- scripts/config.py unset MBEDTLS_NIST_KW_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
- scripts/config.py unset MBEDTLS_SSL_TLS_C
- scripts/config.py unset MBEDTLS_SSL_TICKET_C
- # Disable features that depend on PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
-
- msg "test: full no CIPHER no PSA_CRYPTO_C"
- make test
-}
-
-# This is a common configurator and test function that is used in:
-# - component_test_full_no_cipher_with_psa_crypto
-# - component_test_full_no_cipher_with_psa_crypto_config
-# It accepts 2 input parameters:
-# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
-# - $2: a text string which describes the test component
-common_test_full_no_cipher_with_psa_crypto () {
- USE_CRYPTO_CONFIG="$1"
- COMPONENT_DESCRIPTION="$2"
-
- msg "build: $COMPONENT_DESCRIPTION"
+component_test_full_no_cipher () {
+ msg "build: full no CIPHER"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
- if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
- # The built-in implementation of the following algs/key-types depends
- # on CIPHER_C so we disable them.
- # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
- # so we keep them enabled.
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
- scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
- else
- # Don't pull in cipher via PSA mechanisms
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- # Disable cipher modes/keys that make PSA depend on CIPHER_C.
- # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
- scripts/config.py unset-all MBEDTLS_CIPHER_MODE
- fi
+ # The built-in implementation of the following algs/key-types depends
+ # on CIPHER_C so we disable them.
+ # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
+ # so we keep them enabled.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+
# The following modules directly depends on CIPHER_C
scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_NIST_KW_C
@@ -1729,18 +1736,10 @@
# Ensure that CIPHER_C was not re-enabled
not grep mbedtls_cipher_init library/cipher.o
- msg "test: $COMPONENT_DESCRIPTION"
+ msg "test: full no CIPHER"
make test
}
-component_test_full_no_cipher_with_psa_crypto() {
- common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
-}
-
-component_test_full_no_cipher_with_psa_crypto_config() {
- common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
-}
-
component_test_full_no_ccm() {
msg "build: full no PSA_WANT_ALG_CCM"
@@ -1794,98 +1793,27 @@
make test
}
-component_test_full_no_bignum () {
- msg "build: full minus bignum"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_BIGNUM_C
- # Direct dependencies of bignum
- scripts/config.py unset MBEDTLS_ECP_C
- scripts/config.py unset MBEDTLS_RSA_C
- scripts/config.py unset MBEDTLS_DHM_C
- # Direct dependencies of ECP
- scripts/config.py unset MBEDTLS_ECDH_C
- scripts/config.py unset MBEDTLS_ECDSA_C
- scripts/config.py unset MBEDTLS_ECJPAKE_C
- scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
- # Disable what auto-enables ECP_LIGHT
- scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
- scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
- # Indirect dependencies of ECP
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
- scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
- scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
- # Direct dependencies of DHM
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
- # Direct dependencies of RSA
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
- # PK and its dependencies
- scripts/config.py unset MBEDTLS_PK_C
- scripts/config.py unset MBEDTLS_PK_PARSE_C
- scripts/config.py unset MBEDTLS_PK_WRITE_C
- scripts/config.py unset MBEDTLS_X509_USE_C
- scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C
- scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C
- scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C
- scripts/config.py unset MBEDTLS_X509_CREATE_C
- scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C
- scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C
- scripts/config.py unset MBEDTLS_PKCS7_C
- scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION
- scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE
- scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
-
- make
-
- msg "test: full minus bignum"
- make test
-}
-
component_test_tls1_2_default_stream_cipher_only () {
- msg "build: default with only stream cipher"
-
- # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
- scripts/config.py unset MBEDTLS_GCM_C
- scripts/config.py unset MBEDTLS_CCM_C
- scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- #Disable TLS 1.3 (as no AEAD)
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
- scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
- # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
- # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
- scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
- # Modules that depend on AEAD
- scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
- scripts/config.py unset MBEDTLS_SSL_TICKET_C
-
- make
-
- msg "test: default with only stream cipher"
- make test
-
- # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
-}
-
-component_test_tls1_2_default_stream_cipher_only_use_psa () {
msg "build: default with only stream cipher use psa"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+ # Note: The three unsets below are to be removed for Mbed TLS 4.0
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
# Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ # Note: The unset below is to be removed for 4.0
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
@@ -1904,45 +1832,23 @@
}
component_test_tls1_2_default_cbc_legacy_cipher_only () {
- msg "build: default with only CBC-legacy cipher"
-
- # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
- scripts/config.py unset MBEDTLS_GCM_C
- scripts/config.py unset MBEDTLS_CCM_C
- scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- #Disable TLS 1.3 (as no AEAD)
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
- scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
- # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
- # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
- scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
- # Modules that depend on AEAD
- scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
- scripts/config.py unset MBEDTLS_SSL_TICKET_C
-
- make
-
- msg "test: default with only CBC-legacy cipher"
- make test
-
- msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f "TLS 1.2"
-}
-
-component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
msg "build: default with only CBC-legacy cipher use psa"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+ # Note: The three unsets below are to be removed for Mbed TLS 4.0
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
- scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
@@ -1961,45 +1867,23 @@
}
component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
- msg "build: default with only CBC-legacy and CBC-EtM ciphers"
-
- # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
- scripts/config.py unset MBEDTLS_GCM_C
- scripts/config.py unset MBEDTLS_CCM_C
- scripts/config.py unset MBEDTLS_CHACHAPOLY_C
- #Disable TLS 1.3 (as no AEAD)
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
- scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
- # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
- # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
- scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
- # Modules that depend on AEAD
- scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
- scripts/config.py unset MBEDTLS_SSL_TICKET_C
-
- make
-
- msg "test: default with only CBC-legacy and CBC-EtM ciphers"
- make test
-
- msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
- tests/ssl-opt.sh -f "TLS 1.2"
-}
-
-component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+ # Note: The three unsets below are to be removed for Mbed TLS 4.0
scripts/config.py unset MBEDTLS_GCM_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
#Disable TLS 1.3 (as no AEAD)
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
- scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
# Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
# Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
@@ -2072,14 +1956,21 @@
component_test_everest_curve25519_only () {
msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
scripts/config.py unset MBEDTLS_ECDSA_C
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
+ scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_ECJPAKE_C
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+
# Disable all curves
scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
- scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
+ scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
@@ -2161,12 +2052,6 @@
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
-
- msg "test: compat.sh NULL (full config)" # ~ 2 min
- tests/compat.sh -e '^$' -f 'NULL'
-
- msg "test: compat.sh ARIA + ChachaPoly"
- env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
skip_suites_without_constant_flow () {
@@ -2548,9 +2433,8 @@
scripts/config.py full
# Disable options that are incompatible with some ALT implementations:
- # aesni.c and padlock.c reference mbedtls_aes_context fields directly.
+ # aesni.c references mbedtls_aes_context fields directly.
scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
@@ -2612,13 +2496,12 @@
msg "test: ssl-opt.sh (full minus PSA crypto)"
tests/ssl-opt.sh
- msg "test: compat.sh default (full minus PSA crypto)"
- tests/compat.sh
+ # Note: the next two invocations cover all compat.sh test cases.
+ # We should use the same here and in basic-build-test.sh.
+ msg "test: compat.sh: default version (full minus PSA crypto)"
+ tests/compat.sh -e 'ARIA\|CHACHA'
- msg "test: compat.sh NULL (full minus PSA crypto)"
- tests/compat.sh -f 'NULL'
-
- msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
+ msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)"
env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
@@ -3235,7 +3118,7 @@
if [ "$test_target" = "ECC" ]; then
# When testing ECC only, we disable FFDH support, both from builtin and
# PSA sides, and also disable the key exchanges that depend on DHM.
- scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
scripts/config.py unset MBEDTLS_DHM_C
@@ -3703,26 +3586,6 @@
make test
}
-component_test_psa_crypto_config_accel_hash_keep_builtins () {
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
- # This component ensures that all the test cases for
- # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run.
-
- loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
- ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
- ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
-
- # Start from default config (no USE_PSA)
- helper_libtestdriver1_adjust_config "default"
-
- helper_libtestdriver1_make_drivers "$loc_accel_list"
-
- helper_libtestdriver1_make_main "$loc_accel_list"
-
- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash"
- make test
-}
-
# Auxiliary function to build config for hashes with and without drivers
config_psa_crypto_hash_use_psa () {
driver_only="$1"
@@ -4085,6 +3948,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
# Disable direct dependency on AES_C
scripts/config.py unset MBEDTLS_NIST_KW_C
@@ -4176,254 +4040,6 @@
make test
}
-# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test.
-component_build_psa_accel_alg_ecdh() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_ECDH_C
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
- scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
-component_build_psa_accel_alg_hmac() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
-component_build_psa_accel_alg_hkdf() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_HKDF_C
- # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
-component_build_psa_accel_alg_md5() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
-component_build_psa_accel_alg_ripemd160() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
-component_build_psa_accel_alg_sha1() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
-component_build_psa_accel_alg_sha224() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
-component_build_psa_accel_alg_sha256() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
-component_build_psa_accel_alg_sha384() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
-component_build_psa_accel_alg_sha512() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
- scripts/config.py unset MBEDTLS_LMS_C
- scripts/config.py unset MBEDTLS_LMS_PRIVATE
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_alg_rsa_oaep() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_alg_rsa_pss() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
- scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_key_type_rsa_key_pair() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
-component_build_psa_accel_key_type_rsa_public_key() {
- msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
- scripts/config.py full
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
- scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
- # Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
-}
-
-
support_build_tfm_armcc () {
support_build_armcc
}
@@ -4529,9 +4145,6 @@
validate_aes_config_variations() {
if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then
- if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then
- return 1
- fi
if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \
("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then
return 1
@@ -4552,7 +4165,7 @@
build_test_config_combos library/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
- "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
+ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
cd "$MBEDTLS_ROOT_DIR"
@@ -4569,7 +4182,7 @@
build_test_config_combos library/aes.o validate_aes_config_variations \
"MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \
"MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \
- "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
+ "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \
"MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
}
@@ -4753,15 +4366,22 @@
component_test_when_no_ciphersuites_have_mac () {
msg "build: when no ciphersuites have MAC"
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
+ scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
scripts/config.py unset MBEDTLS_CMAC_C
+
make
- msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+ msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
make test
- msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
+ msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC"
tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
}
@@ -4905,7 +4525,6 @@
msg "build: default config with different AES implementations"
scripts/config.py set MBEDTLS_AESNI_C
- scripts/config.py set MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
@@ -4917,11 +4536,9 @@
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
grep -q "AES note: built-in implementation." ./programs/test/selftest
- grep -q "AES note: using VIA Padlock" ./programs/test/selftest
grep -q mbedtls_aesni_has_support ./programs/test/selftest
scripts/config.py set MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "AES tests, test AESNI only"
make clean
@@ -4930,7 +4547,6 @@
./programs/test/selftest aes | not grep -q "AES note: built-in implementation."
grep -q "AES note: using AESNI" ./programs/test/selftest
not grep -q "AES note: built-in implementation." ./programs/test/selftest
- not grep -q "AES note: using VIA Padlock" ./programs/test/selftest
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
@@ -4942,7 +4558,6 @@
component_test_aesni_m32_clang() {
scripts/config.py set MBEDTLS_AESNI_C
- scripts/config.py set MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
@@ -4954,7 +4569,6 @@
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
grep -q "AES note: built-in implementation." ./programs/test/selftest
- grep -q "AES note: using VIA Padlock" ./programs/test/selftest
grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
@@ -5113,24 +4727,6 @@
not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
}
-# For timebeing, no VIA Padlock platform available.
-component_build_aes_via_padlock () {
-
- msg "AES:VIA PadLock, build with default configuration."
- scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py set MBEDTLS_PADLOCK_C
- scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
- make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
- grep -q mbedtls_padlock_has_support ./programs/test/selftest
-
-}
-
-support_build_aes_via_padlock_only () {
- ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \
- [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \
- [ "`dpkg --print-foreign-architectures`" == "i386" ]
-}
-
support_build_aes_aesce_armcc () {
support_build_armcc
}
@@ -5138,7 +4734,6 @@
component_test_aes_only_128_bit_keys () {
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
- scripts/config.py unset MBEDTLS_PADLOCK_C
make CFLAGS='-O2 -Werror -Wall -Wextra'
@@ -5150,7 +4745,6 @@
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
scripts/config.py unset MBEDTLS_CTR_DRBG_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
make CC=clang CFLAGS='-Werror -Wall -Wextra'
@@ -5161,7 +4755,6 @@
component_test_aes_only_128_bit_keys_have_builtins () {
msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_AESCE_C
@@ -5177,7 +4770,6 @@
component_test_gcm_largetable () {
msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C"
scripts/config.py set MBEDTLS_GCM_LARGE_TABLE
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_AESCE_C
@@ -5533,9 +5125,11 @@
make clean
msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s
- # In the user config, disable one feature, which will reflect on the
- # mbedtls configuration so we can query it with query_compile_time_config.
+ # In the user config, disable one feature and its dependencies, which will
+ # reflect on the mbedtls configuration so we can query it with
+ # query_compile_time_config.
echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h
+ echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h
scripts/config.py unset MBEDTLS_CMAC_C
make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'"
not programs/test/query_compile_time_config MBEDTLS_CMAC_C
@@ -5573,7 +5167,6 @@
msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s
scripts/config.py full
scripts/config.py unset MBEDTLS_HAVE_ASM
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS"
@@ -5654,7 +5247,6 @@
msg "build: gcc, force 32-bit bignum limbs"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
@@ -5666,7 +5258,6 @@
msg "build: gcc, force 64-bit bignum limbs"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
@@ -5678,7 +5269,6 @@
msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)"
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
- scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
scripts/config.py set MBEDTLS_TEST_HOOKS
scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT
@@ -6063,6 +5653,19 @@
tests/ssl-opt.sh
}
+component_test_full_minus_session_tickets() {
+ msg "build: full config without session tickets"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS
+ scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
+ make
+ msg "test: full config without session tickets"
+ make test
+ msg "ssl-opt.sh (full config without session tickets)"
+ tests/ssl-opt.sh
+}
+
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
@@ -6321,6 +5924,15 @@
support_test_cmake_out_of_source
}
+component_build_cmake_programs_no_testing () {
+ # Verify that the type of builds performed by oss-fuzz don't get accidentally broken
+ msg "build: cmake with -DENABLE_PROGRAMS=ON and -DENABLE_TESTING=OFF"
+ cmake -DENABLE_PROGRAMS=ON -DENABLE_TESTING=OFF .
+ make
+}
+support_build_cmake_programs_no_testing () {
+ support_test_cmake_out_of_source
+}
component_build_zeroize_checks () {
msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
@@ -6403,12 +6015,68 @@
# unittest writes out mundane stuff like number or tests run on stderr.
# Our convention is to reserve stderr for actual errors, and write
# harmless info on stdout so it can be suppress with --quiet.
- ./tests/scripts/test_generate_test_code.py 2>&1
+ ./framework/scripts/test_generate_test_code.py 2>&1
msg "unit test: translate_ciphers.py"
python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
}
+component_test_psasim() {
+ msg "build server library and application"
+ scripts/config.py crypto
+ helper_psasim_config server
+ helper_psasim_build server
+
+ helper_psasim_cleanup_before_client
+
+ msg "build library for client"
+ helper_psasim_config client
+ helper_psasim_build client
+
+ msg "build basic psasim client"
+ make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
+ msg "test basic psasim client"
+ tests/psa-client-server/psasim/test/run_test.sh psa_client_base
+
+ msg "build full psasim client"
+ make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full
+ msg "test full psasim client"
+ tests/psa-client-server/psasim/test/run_test.sh psa_client_full
+
+ make -C tests/psa-client-server/psasim clean
+}
+
+component_test_suite_with_psasim()
+{
+ msg "build server library and application"
+ helper_psasim_config server
+ # Modify server's library configuration here (if needed)
+ helper_psasim_build server
+
+ helper_psasim_cleanup_before_client
+
+ msg "build client library"
+ helper_psasim_config client
+ # PAKE functions are still unsupported from PSASIM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ helper_psasim_build client
+
+ msg "build test suites"
+ make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
+
+ helper_psasim_server start
+
+ # psasim takes an extremely long execution time on some test suites so we
+ # exclude them from the list.
+ SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
+ export SKIP_TEST_SUITES
+
+ msg "run test suites"
+ make PSASIM=1 test
+
+ helper_psasim_server kill
+}
################################################################
#### Termination
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 5b4deb6..f8147d1 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -85,6 +85,17 @@
def analyze_coverage(results: Results, outcomes: Outcomes,
allow_list: typing.List[str], full_coverage: bool) -> None:
"""Check that all available test cases are executed at least once."""
+ # Make sure that the generated data files are present (and up-to-date).
+ # This allows analyze_outcomes.py to run correctly on a fresh Git
+ # checkout.
+ cp = subprocess.run(['make', 'generated_files'],
+ cwd='tests',
+ stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+ check=False)
+ if cp.returncode != 0:
+ sys.stderr.write(cp.stdout.decode('utf-8'))
+ results.error("Failed \"make generated_files\" in tests. "
+ "Coverage analysis may be incorrect.")
available = check_test_cases.collect_available_test_cases()
for suite_case in available:
hit = any(suite_case in comp_outcomes.successes or
@@ -149,10 +160,10 @@
# don't issue an error if they're skipped with drivers,
# but issue an error if they're not (means we have a bad entry).
ignored = False
- if full_test_suite in ignored_tests:
- for str_or_re in ignored_tests[full_test_suite]:
- if name_matches_pattern(test_string, str_or_re):
- ignored = True
+ for str_or_re in (ignored_tests.get(full_test_suite, []) +
+ ignored_tests.get(test_suite, [])):
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
if not ignored and not suite_case in driver_outcomes.successes:
results.error("PASS -> SKIP/FAIL: {}", suite_case)
@@ -231,6 +242,9 @@
'psa_crypto_low_hash.generated', # testing the builtins
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -254,6 +268,10 @@
'psa_crypto_low_hash.generated',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ re.compile(r'.*\bMBEDTLS_MD_C\b')
+ ],
'test_suite_md': [
# Builtin HMAC is not supported in the accelerate component.
re.compile('.*HMAC.*'),
@@ -293,6 +311,12 @@
'cipher',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
+ re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
+ ],
# PEM decryption is not supported so far.
# The rest of PEM (write, unencrypted read) works though.
'test_suite_pem': [
@@ -346,6 +370,9 @@
'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -386,6 +413,10 @@
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -425,6 +456,11 @@
'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -468,6 +504,19 @@
'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ 'ssl-opt': [
+ # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C
+ # (because it needs custom groups, which PSA does not
+ # provide), even with MBEDTLS_USE_PSA_CRYPTO.
+ re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
+ ],
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -506,6 +555,9 @@
'component_driver': 'test_psa_crypto_config_accel_ffdh',
'ignored_suites': ['dhm'],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -528,6 +580,15 @@
'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*')
+ ],
+ 'test_suite_config.crypto_combinations': [
+ 'Config: ECC: Weierstrass curves only',
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -553,6 +614,10 @@
'pk', 'pkwrite', 'pkparse'
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
+ re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -594,6 +659,10 @@
'cipher.camellia',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ ],
'test_suite_cmac': [
# Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled,
# but these are not available in the accelerated component.
diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py
index 96b705a..44b083d 100755
--- a/tests/scripts/audit-validity-dates.py
+++ b/tests/scripts/audit-validity-dates.py
@@ -29,8 +29,8 @@
from generate_test_code import FileWrapper
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import build_tree
-from mbedtls_dev import logging_util
+from mbedtls_framework import build_tree
+from mbedtls_framework import logging_util
def check_cryptography_version():
match = re.match(r'^[0-9]+', cryptography.__version__)
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 5261754..d2e955f 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -103,11 +103,7 @@
echo '################ compat.sh ################'
{
echo '#### compat.sh: Default versions'
- sh compat.sh
- echo
-
- echo '#### compat.sh: null cipher'
- sh compat.sh -e '^$' -f 'NULL'
+ sh compat.sh -e 'ARIA\|CHACHA'
echo
echo '#### compat.sh: next (ARIA, ChaCha)'
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 2f20026..09c850a 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -128,9 +128,11 @@
# These checks are common to Mbed TLS and TF-PSA-Crypto
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
-check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
-check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list)
-check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)
+check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
+check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
+check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
+check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
+check framework/scripts/generate_test_keys.py tests/src/test_keys.h
check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
# Additional checks for Mbed TLS only
@@ -139,6 +141,7 @@
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
# the step that creates or updates these files.
@@ -148,4 +151,4 @@
# Generated files that are present in the repository even in the development
# branch. (This is intended to be temporary, until the generator scripts are
# fully reviewed and the build scripts support a generated header file.)
-check tests/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
+check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index 51e8079..77102ba 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -31,14 +31,14 @@
can_pylint () {
# Pylint 1.5.2 from Ubuntu 16.04 is too old:
- # E: 34, 0: Unable to import 'mbedtls_dev' (import-error)
+ # E: 34, 0: Unable to import 'mbedtls_framework' (import-error)
# Pylint 1.8.3 from Ubuntu 18.04 passed on the first commit containing this line.
check_version pylint 1.8.3
}
can_mypy () {
# mypy 0.770 is too old:
- # tests/scripts/test_psa_constant_names.py:34: error: Cannot find implementation or library stub for module named 'mbedtls_dev'
+ # tests/scripts/test_psa_constant_names.py:34: error: Cannot find implementation or library stub for module named 'mbedtls_framework'
# mypy 0.780 from pip passed on the first commit containing this line.
check_version mypy.version 0.780
}
@@ -55,14 +55,14 @@
fi
echo 'Running pylint ...'
-$PYTHON -m pylint scripts/mbedtls_dev/*.py scripts/*.py tests/scripts/*.py || {
+$PYTHON -m pylint framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || {
echo >&2 "pylint reported errors"
ret=1
}
echo
echo 'Running mypy ...'
-$PYTHON -m mypy scripts/*.py tests/scripts/*.py ||
+$PYTHON -m mypy framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py ||
ret=1
exit $ret
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index d5a4b92..5e9ea7d 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -24,7 +24,7 @@
pass
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import build_tree
+from mbedtls_framework import build_tree
class FileIssueTracker:
@@ -373,7 +373,7 @@
r'3rdparty/(?!(p256-m)/.*)',
# Documentation explaining the license may have accidental
# false positives.
- r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
+ r'(ChangeLog|LICENSE|framework\/LICENSE|[-0-9A-Z_a-z]+\.md)\Z',
# Files imported from TF-M, and not used except in test builds,
# may be under a different license.
r'configs/ext/crypto_config_profile_medium\.h\Z',
@@ -381,6 +381,7 @@
r'configs/ext/README\.md\Z',
# Third-party file.
r'dco\.txt\Z',
+ r'framework\/dco\.txt\Z',
]
path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST +
LICENSE_EXEMPTION_RE_LIST))
@@ -486,9 +487,17 @@
These are the regular files commited into Git.
"""
+ bytes_output = subprocess.check_output(['git', '-C', 'framework',
+ 'ls-files', '-z'])
+ bytes_framework_filepaths = bytes_output.split(b'\0')[:-1]
+ bytes_framework_filepaths = ["framework/".encode() + filepath
+ for filepath in bytes_framework_filepaths]
+
bytes_output = subprocess.check_output(['git', 'ls-files', '-z'])
- bytes_filepaths = bytes_output.split(b'\0')[:-1]
+ bytes_filepaths = bytes_output.split(b'\0')[:-1] + \
+ bytes_framework_filepaths
ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths)
+
# Filter out directories. Normally Git doesn't list directories
# (it only knows about the files inside them), but there is
# at least one case where 'git ls-files' includes a directory:
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 9e8ed21..142233c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -45,7 +45,7 @@
import logging
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import build_tree
+from mbedtls_framework import build_tree
# Naming patterns to check against. These are defined outside the NameCheck
@@ -238,6 +238,8 @@
all_macros["public"] = self.parse_macros([
"include/mbedtls/*.h",
"include/psa/*.h",
+ "tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
@@ -251,6 +253,8 @@
enum_consts = self.parse_enum_consts([
"include/mbedtls/*.h",
"include/psa/*.h",
+ "tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"library/*.c",
"3rdparty/everest/include/everest/everest.h",
@@ -259,6 +263,8 @@
identifiers, excluded_identifiers = self.parse_identifiers([
"include/mbedtls/*.h",
"include/psa/*.h",
+ "tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
@@ -266,6 +272,8 @@
mbed_psa_words = self.parse_mbed_psa_words([
"include/mbedtls/*.h",
"include/psa/*.h",
+ "tf-psa-crypto/include/psa/*.h",
+ "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h",
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 1990cd2..fa17e13 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -369,7 +369,11 @@
"""Collect data about cipher.h."""
def __init__(self):
self.base_symbols = set()
- with open('include/mbedtls/cipher.h', encoding="utf-8") as fh:
+ if os.path.isdir('tf-psa-crypto'):
+ cipher_h_path = 'tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h'
+ else:
+ cipher_h_path = 'include/mbedtls/cipher.h'
+ with open(cipher_h_path, encoding="utf-8") as fh:
for line in fh:
m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line)
if m and m.group(1) not in ['NONE', 'NULL', '3DES']:
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
deleted file mode 100755
index 8dbb6ed..0000000
--- a/tests/scripts/generate_bignum_tests.py
+++ /dev/null
@@ -1,187 +0,0 @@
-#!/usr/bin/env python3
-"""Generate test data for bignum functions.
-
-With no arguments, generate all test data. With non-option arguments,
-generate only the specified files.
-
-Class structure:
-
-Child classes of test_data_generation.BaseTarget (file targets) represent an output
-file. These indicate where test cases will be written to, for all subclasses of
-this target. Multiple file targets should not reuse a `target_basename`.
-
-Each subclass derived from a file target can either be:
- - A concrete class, representing a test function, which generates test cases.
- - An abstract class containing shared methods and attributes, not associated
- with a test function. An example is BignumOperation, which provides
- common features used for bignum binary operations.
-
-Both concrete and abstract subclasses can be derived from, to implement
-additional test cases (see BignumCmp and BignumCmpAbs for examples of deriving
-from abstract and concrete classes).
-
-
-Adding test case generation for a function:
-
-A subclass representing the test function should be added, deriving from a
-file target such as BignumTarget. This test class must set/implement the
-following:
- - test_function: the function name from the associated .function file.
- - test_name: a descriptive name or brief summary to refer to the test
- function.
- - arguments(): a method to generate the list of arguments required for the
- test_function.
- - generate_function_tests(): a method to generate TestCases for the function.
- This should create instances of the class with required input data, and
- call `.create_test_case()` to yield the TestCase.
-
-Additional details and other attributes/methods are given in the documentation
-of BaseTarget in test_data_generation.py.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import sys
-
-from abc import ABCMeta
-from typing import List
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import test_data_generation
-from mbedtls_dev import bignum_common
-# Import modules containing additional test classes
-# Test function classes in these modules will be registered by
-# the framework
-from mbedtls_dev import bignum_core, bignum_mod_raw, bignum_mod # pylint: disable=unused-import
-
-class BignumTarget(test_data_generation.BaseTarget):
- #pylint: disable=too-few-public-methods
- """Target for bignum (legacy) test case generation."""
- target_basename = 'test_suite_bignum.generated'
-
-
-class BignumOperation(bignum_common.OperationCommon, BignumTarget,
- metaclass=ABCMeta):
- #pylint: disable=abstract-method
- """Common features for bignum operations in legacy tests."""
- unique_combinations_only = True
- input_values = [
- "", "0", "-", "-0",
- "7b", "-7b",
- "0000000000000000123", "-0000000000000000123",
- "1230000000000000000", "-1230000000000000000"
- ]
-
- def description_suffix(self) -> str:
- #pylint: disable=no-self-use # derived classes need self
- """Text to add at the end of the test case description."""
- return ""
-
- def description(self) -> str:
- """Generate a description for the test case.
-
- If not set, case_description uses the form A `symbol` B, where symbol
- is used to represent the operation. Descriptions of each value are
- generated to provide some context to the test case.
- """
- if not self.case_description:
- self.case_description = "{} {} {}".format(
- self.value_description(self.arg_a),
- self.symbol,
- self.value_description(self.arg_b)
- )
- description_suffix = self.description_suffix()
- if description_suffix:
- self.case_description += " " + description_suffix
- return super().description()
-
- @staticmethod
- def value_description(val) -> str:
- """Generate a description of the argument val.
-
- This produces a simple description of the value, which is used in test
- case naming to add context.
- """
- if val == "":
- return "0 (null)"
- if val == "-":
- return "negative 0 (null)"
- if val == "0":
- return "0 (1 limb)"
-
- if val[0] == "-":
- tmp = "negative"
- val = val[1:]
- else:
- tmp = "positive"
- if val[0] == "0":
- tmp += " with leading zero limb"
- elif len(val) > 10:
- tmp = "large " + tmp
- return tmp
-
-
-class BignumCmp(BignumOperation):
- """Test cases for bignum value comparison."""
- count = 0
- test_function = "mpi_cmp_mpi"
- test_name = "MPI compare"
- input_cases = [
- ("-2", "-3"),
- ("-2", "-2"),
- ("2b4", "2b5"),
- ("2b5", "2b6")
- ]
-
- def __init__(self, val_a, val_b) -> None:
- super().__init__(val_a, val_b)
- self._result = int(self.int_a > self.int_b) - int(self.int_a < self.int_b)
- self.symbol = ["<", "==", ">"][self._result + 1]
-
- def result(self) -> List[str]:
- return [str(self._result)]
-
-
-class BignumCmpAbs(BignumCmp):
- """Test cases for absolute bignum value comparison."""
- count = 0
- test_function = "mpi_cmp_abs"
- test_name = "MPI compare (abs)"
-
- def __init__(self, val_a, val_b) -> None:
- super().__init__(val_a.strip("-"), val_b.strip("-"))
-
-
-class BignumAdd(BignumOperation):
- """Test cases for bignum value addition."""
- count = 0
- symbol = "+"
- test_function = "mpi_add_mpi"
- test_name = "MPI add"
- input_cases = bignum_common.combination_pairs(
- [
- "1c67967269c6", "9cde3",
- "-1c67967269c6", "-9cde3",
- ]
- )
-
- def __init__(self, val_a: str, val_b: str) -> None:
- super().__init__(val_a, val_b)
- self._result = self.int_a + self.int_b
-
- def description_suffix(self) -> str:
- if (self.int_a >= 0 and self.int_b >= 0):
- return "" # obviously positive result or 0
- if (self.int_a <= 0 and self.int_b <= 0):
- return "" # obviously negative result or 0
- # The sign of the result is not obvious, so indicate it
- return ", result{}0".format('>' if self._result > 0 else
- '<' if self._result < 0 else '=')
-
- def result(self) -> List[str]:
- return [bignum_common.quote_str("{:x}".format(self._result))]
-
-if __name__ == '__main__':
- # Use the section of the docstring relevant to the CLI as description
- test_data_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4]))
diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py
deleted file mode 100755
index df1e469..0000000
--- a/tests/scripts/generate_ecp_tests.py
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/bin/env python3
-"""Generate test data for ecp functions.
-
-The command line usage, class structure and available methods are the same
-as in generate_bignum_tests.py.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import sys
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import test_data_generation
-# Import modules containing additional test classes
-# Test function classes in these modules will be registered by
-# the framework
-from mbedtls_dev import ecp # pylint: disable=unused-import
-
-if __name__ == '__main__':
- # Use the section of the docstring relevant to the CLI as description
- test_data_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4]))
diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py
deleted file mode 100755
index 0e484b0..0000000
--- a/tests/scripts/generate_pkcs7_tests.py
+++ /dev/null
@@ -1,183 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-
-"""
-Make fuzz like testing for pkcs7 tests
-Given a valid DER pkcs7 file add tests to the test_suite_pkcs7.data file
- - It is expected that the pkcs7_asn1_fail( data_t *pkcs7_buf )
- function is defined in test_suite_pkcs7.function
- - This is not meant to be portable code, if anything it is meant to serve as
- documentation for showing how those ugly tests in test_suite_pkcs7.data were created
-"""
-
-
-import sys
-from os.path import exists
-
-PKCS7_TEST_FILE = "../suites/test_suite_pkcs7.data"
-
-class Test: # pylint: disable=too-few-public-methods
- """
- A instance of a test in test_suite_pkcs7.data
- """
- def __init__(self, name, depends, func_call):
- self.name = name
- self.depends = depends
- self.func_call = func_call
-
- # pylint: disable=no-self-use
- def to_string(self):
- return "\n" + self.name + "\n" + self.depends + "\n" + self.func_call + "\n"
-
-class TestData:
- """
- Take in test_suite_pkcs7.data file.
- Allow for new tests to be added.
- """
- mandatory_dep = "MBEDTLS_MD_CAN_SHA256"
- test_name = "PKCS7 Parse Failure Invalid ASN1"
- test_function = "pkcs7_asn1_fail:"
- def __init__(self, file_name):
- self.file_name = file_name
- self.last_test_num, self.old_tests = self.read_test_file(file_name)
- self.new_tests = []
-
- # pylint: disable=no-self-use
- def read_test_file(self, file):
- """
- Parse the test_suite_pkcs7.data file.
- """
- tests = []
- if not exists(file):
- print(file + " Does not exist")
- sys.exit()
- with open(file, "r", encoding='UTF-8') as fp:
- data = fp.read()
- lines = [line.strip() for line in data.split('\n') if len(line.strip()) > 1]
- i = 0
- while i < len(lines):
- if "depends" in lines[i+1]:
- tests.append(Test(lines[i], lines[i+1], lines[i+2]))
- i += 3
- else:
- tests.append(Test(lines[i], None, lines[i+1]))
- i += 2
- latest_test_num = float(tests[-1].name.split('#')[1])
- return latest_test_num, tests
-
- def add(self, name, func_call):
- self.last_test_num += 1
- self.new_tests.append(Test(self.test_name + ": " + name + " #" + \
- str(self.last_test_num), "depends_on:" + self.mandatory_dep, \
- self.test_function + '"' + func_call + '"'))
-
- def write_changes(self):
- with open(self.file_name, 'a', encoding='UTF-8') as fw:
- fw.write("\n")
- for t in self.new_tests:
- fw.write(t.to_string())
-
-
-def asn1_mutate(data):
- """
- We have been given an asn1 structure representing a pkcs7.
- We want to return an array of slightly modified versions of this data
- they should be modified in a way which makes the structure invalid
-
- We know that asn1 structures are:
- |---1 byte showing data type---|----byte(s) for length of data---|---data content--|
- We know that some data types can contain other data types.
- Return a dictionary of reasons and mutated data types.
- """
-
- # off the bat just add bytes to start and end of the buffer
- mutations = []
- reasons = []
- mutations.append(["00"] + data)
- reasons.append("Add null byte to start")
- mutations.append(data + ["00"])
- reasons.append("Add null byte to end")
- # for every asn1 entry we should attempt to:
- # - change the data type tag
- # - make the length longer than actual
- # - make the length shorter than actual
- i = 0
- while i < len(data):
- tag_i = i
- leng_i = tag_i + 1
- data_i = leng_i + 1 + (int(data[leng_i][1], 16) if data[leng_i][0] == '8' else 0)
- if data[leng_i][0] == '8':
- length = int(''.join(data[leng_i + 1: data_i]), 16)
- else:
- length = int(data[leng_i], 16)
-
- tag = data[tag_i]
- print("Looking at ans1: offset " + str(i) + " tag = " + tag + \
- ", length = " + str(length)+ ":")
- print(''.join(data[data_i:data_i+length]))
- # change tag to something else
- if tag == "02":
- # turn integers into octet strings
- new_tag = "04"
- else:
- # turn everything else into an integer
- new_tag = "02"
- mutations.append(data[:tag_i] + [new_tag] + data[leng_i:])
- reasons.append("Change tag " + tag + " to " + new_tag)
-
- # change lengths to too big
- # skip any edge cases which would cause carry over
- if int(data[data_i - 1], 16) < 255:
- new_length = str(hex(int(data[data_i - 1], 16) + 1))[2:]
- if len(new_length) == 1:
- new_length = "0"+new_length
- mutations.append(data[:data_i -1] + [new_length] + data[data_i:])
- reasons.append("Change length from " + str(length) + " to " \
- + str(length + 1))
- # we can add another test here for tags that contain other tags \
- # where they have more data than there containing tags account for
- if tag in ["30", "a0", "31"]:
- mutations.append(data[:data_i -1] + [new_length] + \
- data[data_i:data_i + length] + ["00"] + \
- data[data_i + length:])
- reasons.append("Change contents of tag " + tag + " to contain \
- one unaccounted extra byte")
- # change lengths to too small
- if int(data[data_i - 1], 16) > 0:
- new_length = str(hex(int(data[data_i - 1], 16) - 1))[2:]
- if len(new_length) == 1:
- new_length = "0"+new_length
- mutations.append(data[:data_i -1] + [new_length] + data[data_i:])
- reasons.append("Change length from " + str(length) + " to " + str(length - 1))
-
- # some tag types contain other tag types so we should iterate into the data
- if tag in ["30", "a0", "31"]:
- i = data_i
- else:
- i = data_i + length
-
- return list(zip(reasons, mutations))
-
-if __name__ == "__main__":
- if len(sys.argv) < 2:
- print("USAGE: " + sys.argv[0] + " <pkcs7_der_file>")
- sys.exit()
-
- DATA_FILE = sys.argv[1]
- TEST_DATA = TestData(PKCS7_TEST_FILE)
- with open(DATA_FILE, 'rb') as f:
- DATA_STR = f.read().hex()
- # make data an array of byte strings eg ['de','ad','be','ef']
- HEX_DATA = list(map(''.join, [[DATA_STR[i], DATA_STR[i+1]] for i in range(0, len(DATA_STR), \
- 2)]))
- # returns tuples of test_names and modified data buffers
- MUT_ARR = asn1_mutate(HEX_DATA)
-
- print("made " + str(len(MUT_ARR)) + " new tests")
- for new_test in MUT_ARR:
- TEST_DATA.add(new_test[0], ''.join(new_test[1]))
-
- TEST_DATA.write_changes()
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
deleted file mode 100755
index fd278f8..0000000
--- a/tests/scripts/generate_psa_tests.py
+++ /dev/null
@@ -1,850 +0,0 @@
-#!/usr/bin/env python3
-"""Generate test data for PSA cryptographic mechanisms.
-
-With no arguments, generate all test data. With non-option arguments,
-generate only the specified files.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-import enum
-import re
-import sys
-from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional
-
-import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import crypto_data_tests
-from mbedtls_dev import crypto_knowledge
-from mbedtls_dev import macro_collector #pylint: disable=unused-import
-from mbedtls_dev import psa_information
-from mbedtls_dev import psa_storage
-from mbedtls_dev import test_case
-from mbedtls_dev import test_data_generation
-
-
-
-def test_case_for_key_type_not_supported(
- verb: str, key_type: str, bits: int,
- dependencies: List[str],
- *args: str,
- param_descr: str = ''
-) -> test_case.TestCase:
- """Return one test case exercising a key creation method
- for an unsupported key type or size.
- """
- psa_information.hack_dependencies_not_implemented(dependencies)
- tc = test_case.TestCase()
- short_key_type = crypto_knowledge.short_expression(key_type)
- adverb = 'not' if dependencies else 'never'
- if param_descr:
- adverb = param_descr + ' ' + adverb
- tc.set_description('PSA {} {} {}-bit {} supported'
- .format(verb, short_key_type, bits, adverb))
- tc.set_dependencies(dependencies)
- tc.set_function(verb + '_not_supported')
- tc.set_arguments([key_type] + list(args))
- return tc
-
-class KeyTypeNotSupported:
- """Generate test cases for when a key type is not supported."""
-
- def __init__(self, info: psa_information.Information) -> None:
- self.constructors = info.constructors
-
- ALWAYS_SUPPORTED = frozenset([
- 'PSA_KEY_TYPE_DERIVE',
- 'PSA_KEY_TYPE_PASSWORD',
- 'PSA_KEY_TYPE_PASSWORD_HASH',
- 'PSA_KEY_TYPE_RAW_DATA',
- 'PSA_KEY_TYPE_HMAC'
- ])
- def test_cases_for_key_type_not_supported(
- self,
- kt: crypto_knowledge.KeyType,
- param: Optional[int] = None,
- param_descr: str = '',
- ) -> Iterator[test_case.TestCase]:
- """Return test cases exercising key creation when the given type is unsupported.
-
- If param is present and not None, emit test cases conditioned on this
- parameter not being supported. If it is absent or None, emit test cases
- conditioned on the base type not being supported.
- """
- if kt.name in self.ALWAYS_SUPPORTED:
- # Don't generate test cases for key types that are always supported.
- # They would be skipped in all configurations, which is noise.
- return
- import_dependencies = [('!' if param is None else '') +
- psa_information.psa_want_symbol(kt.name)]
- if kt.params is not None:
- import_dependencies += [('!' if param == i else '') +
- psa_information.psa_want_symbol(sym)
- for i, sym in enumerate(kt.params)]
- if kt.name.endswith('_PUBLIC_KEY'):
- generate_dependencies = []
- else:
- generate_dependencies = \
- psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
- import_dependencies = \
- psa_information.fix_key_pair_dependencies(import_dependencies, 'BASIC')
- for bits in kt.sizes_to_test():
- yield test_case_for_key_type_not_supported(
- 'import', kt.expression, bits,
- psa_information.finish_family_dependencies(import_dependencies, bits),
- test_case.hex_string(kt.key_material(bits)),
- param_descr=param_descr,
- )
- if not generate_dependencies and param is not None:
- # If generation is impossible for this key type, rather than
- # supported or not depending on implementation capabilities,
- # only generate the test case once.
- continue
- # For public key we expect that key generation fails with
- # INVALID_ARGUMENT. It is handled by KeyGenerate class.
- if not kt.is_public():
- yield test_case_for_key_type_not_supported(
- 'generate', kt.expression, bits,
- psa_information.finish_family_dependencies(generate_dependencies, bits),
- str(bits),
- param_descr=param_descr,
- )
- # To be added: derive
-
- ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
- 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
- DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
- 'PSA_KEY_TYPE_DH_PUBLIC_KEY')
-
- def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]:
- """Generate test cases that exercise the creation of keys of unsupported types."""
- for key_type in sorted(self.constructors.key_types):
- if key_type in self.ECC_KEY_TYPES:
- continue
- if key_type in self.DH_KEY_TYPES:
- continue
- kt = crypto_knowledge.KeyType(key_type)
- yield from self.test_cases_for_key_type_not_supported(kt)
- for curve_family in sorted(self.constructors.ecc_curves):
- for constr in self.ECC_KEY_TYPES:
- kt = crypto_knowledge.KeyType(constr, [curve_family])
- yield from self.test_cases_for_key_type_not_supported(
- kt, param_descr='type')
- yield from self.test_cases_for_key_type_not_supported(
- kt, 0, param_descr='curve')
- for dh_family in sorted(self.constructors.dh_groups):
- for constr in self.DH_KEY_TYPES:
- kt = crypto_knowledge.KeyType(constr, [dh_family])
- yield from self.test_cases_for_key_type_not_supported(
- kt, param_descr='type')
- yield from self.test_cases_for_key_type_not_supported(
- kt, 0, param_descr='group')
-
-def test_case_for_key_generation(
- key_type: str, bits: int,
- dependencies: List[str],
- *args: str,
- result: str = ''
-) -> test_case.TestCase:
- """Return one test case exercising a key generation.
- """
- psa_information.hack_dependencies_not_implemented(dependencies)
- tc = test_case.TestCase()
- short_key_type = crypto_knowledge.short_expression(key_type)
- tc.set_description('PSA {} {}-bit'
- .format(short_key_type, bits))
- tc.set_dependencies(dependencies)
- tc.set_function('generate_key')
- tc.set_arguments([key_type] + list(args) + [result])
-
- return tc
-
-class KeyGenerate:
- """Generate positive and negative (invalid argument) test cases for key generation."""
-
- def __init__(self, info: psa_information.Information) -> None:
- self.constructors = info.constructors
-
- ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
- 'PSA_KEY_TYPE_ECC_PUBLIC_KEY')
- DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR',
- 'PSA_KEY_TYPE_DH_PUBLIC_KEY')
-
- @staticmethod
- def test_cases_for_key_type_key_generation(
- kt: crypto_knowledge.KeyType
- ) -> Iterator[test_case.TestCase]:
- """Return test cases exercising key generation.
-
- All key types can be generated except for public keys. For public key
- PSA_ERROR_INVALID_ARGUMENT status is expected.
- """
- result = 'PSA_SUCCESS'
-
- import_dependencies = [psa_information.psa_want_symbol(kt.name)]
- if kt.params is not None:
- import_dependencies += [psa_information.psa_want_symbol(sym)
- for i, sym in enumerate(kt.params)]
- if kt.name.endswith('_PUBLIC_KEY'):
- # The library checks whether the key type is a public key generically,
- # before it reaches a point where it needs support for the specific key
- # type, so it returns INVALID_ARGUMENT for unsupported public key types.
- generate_dependencies = []
- result = 'PSA_ERROR_INVALID_ARGUMENT'
- else:
- generate_dependencies = \
- psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE')
- for bits in kt.sizes_to_test():
- if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR':
- size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits)
- test_dependencies = generate_dependencies + [size_dependency]
- else:
- test_dependencies = generate_dependencies
- yield test_case_for_key_generation(
- kt.expression, bits,
- psa_information.finish_family_dependencies(test_dependencies, bits),
- str(bits),
- result
- )
-
- def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]:
- """Generate test cases that exercise the generation of keys."""
- for key_type in sorted(self.constructors.key_types):
- if key_type in self.ECC_KEY_TYPES:
- continue
- if key_type in self.DH_KEY_TYPES:
- continue
- kt = crypto_knowledge.KeyType(key_type)
- yield from self.test_cases_for_key_type_key_generation(kt)
- for curve_family in sorted(self.constructors.ecc_curves):
- for constr in self.ECC_KEY_TYPES:
- kt = crypto_knowledge.KeyType(constr, [curve_family])
- yield from self.test_cases_for_key_type_key_generation(kt)
- for dh_family in sorted(self.constructors.dh_groups):
- for constr in self.DH_KEY_TYPES:
- kt = crypto_knowledge.KeyType(constr, [dh_family])
- yield from self.test_cases_for_key_type_key_generation(kt)
-
-class OpFail:
- """Generate test cases for operations that must fail."""
- #pylint: disable=too-few-public-methods
-
- class Reason(enum.Enum):
- NOT_SUPPORTED = 0
- INVALID = 1
- INCOMPATIBLE = 2
- PUBLIC = 3
-
- def __init__(self, info: psa_information.Information) -> None:
- self.constructors = info.constructors
- key_type_expressions = self.constructors.generate_expressions(
- sorted(self.constructors.key_types)
- )
- self.key_types = [crypto_knowledge.KeyType(kt_expr)
- for kt_expr in key_type_expressions]
-
- def make_test_case(
- self,
- alg: crypto_knowledge.Algorithm,
- category: crypto_knowledge.AlgorithmCategory,
- reason: 'Reason',
- kt: Optional[crypto_knowledge.KeyType] = None,
- not_deps: FrozenSet[str] = frozenset(),
- ) -> test_case.TestCase:
- """Construct a failure test case for a one-key or keyless operation."""
- #pylint: disable=too-many-arguments,too-many-locals
- tc = test_case.TestCase()
- pretty_alg = alg.short_expression()
- if reason == self.Reason.NOT_SUPPORTED:
- short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep)
- for dep in not_deps]
- pretty_reason = '!' + '&'.join(sorted(short_deps))
- else:
- pretty_reason = reason.name.lower()
- if kt:
- key_type = kt.expression
- pretty_type = kt.short_expression()
- else:
- key_type = ''
- pretty_type = ''
- tc.set_description('PSA {} {}: {}{}'
- .format(category.name.lower(),
- pretty_alg,
- pretty_reason,
- ' with ' + pretty_type if pretty_type else ''))
- dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type)
- dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
- for i, dep in enumerate(dependencies):
- if dep in not_deps:
- dependencies[i] = '!' + dep
- tc.set_dependencies(dependencies)
- tc.set_function(category.name.lower() + '_fail')
- arguments = [] # type: List[str]
- if kt:
- key_material = kt.key_material(kt.sizes_to_test()[0])
- arguments += [key_type, test_case.hex_string(key_material)]
- arguments.append(alg.expression)
- if category.is_asymmetric():
- arguments.append('1' if reason == self.Reason.PUBLIC else '0')
- error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else
- 'INVALID_ARGUMENT')
- arguments.append('PSA_ERROR_' + error)
- tc.set_arguments(arguments)
- return tc
-
- def no_key_test_cases(
- self,
- alg: crypto_knowledge.Algorithm,
- category: crypto_knowledge.AlgorithmCategory,
- ) -> Iterator[test_case.TestCase]:
- """Generate failure test cases for keyless operations with the specified algorithm."""
- if alg.can_do(category):
- # Compatible operation, unsupported algorithm
- for dep in psa_information.automatic_dependencies(alg.base_expression):
- yield self.make_test_case(alg, category,
- self.Reason.NOT_SUPPORTED,
- not_deps=frozenset([dep]))
- else:
- # Incompatible operation, supported algorithm
- yield self.make_test_case(alg, category, self.Reason.INVALID)
-
- def one_key_test_cases(
- self,
- alg: crypto_knowledge.Algorithm,
- category: crypto_knowledge.AlgorithmCategory,
- ) -> Iterator[test_case.TestCase]:
- """Generate failure test cases for one-key operations with the specified algorithm."""
- for kt in self.key_types:
- key_is_compatible = kt.can_do(alg)
- if key_is_compatible and alg.can_do(category):
- # Compatible key and operation, unsupported algorithm
- for dep in psa_information.automatic_dependencies(alg.base_expression):
- yield self.make_test_case(alg, category,
- self.Reason.NOT_SUPPORTED,
- kt=kt, not_deps=frozenset([dep]))
- # Public key for a private-key operation
- if category.is_asymmetric() and kt.is_public():
- yield self.make_test_case(alg, category,
- self.Reason.PUBLIC,
- kt=kt)
- elif key_is_compatible:
- # Compatible key, incompatible operation, supported algorithm
- yield self.make_test_case(alg, category,
- self.Reason.INVALID,
- kt=kt)
- elif alg.can_do(category):
- # Incompatible key, compatible operation, supported algorithm
- yield self.make_test_case(alg, category,
- self.Reason.INCOMPATIBLE,
- kt=kt)
- else:
- # Incompatible key and operation. Don't test cases where
- # multiple things are wrong, to keep the number of test
- # cases reasonable.
- pass
-
- def test_cases_for_algorithm(
- self,
- alg: crypto_knowledge.Algorithm,
- ) -> Iterator[test_case.TestCase]:
- """Generate operation failure test cases for the specified algorithm."""
- for category in crypto_knowledge.AlgorithmCategory:
- if category == crypto_knowledge.AlgorithmCategory.PAKE:
- # PAKE operations are not implemented yet
- pass
- elif category.requires_key():
- yield from self.one_key_test_cases(alg, category)
- else:
- yield from self.no_key_test_cases(alg, category)
-
- def all_test_cases(self) -> Iterator[test_case.TestCase]:
- """Generate all test cases for operations that must fail."""
- algorithms = sorted(self.constructors.algorithms)
- for expr in self.constructors.generate_expressions(algorithms):
- alg = crypto_knowledge.Algorithm(expr)
- yield from self.test_cases_for_algorithm(alg)
-
-
-class StorageKey(psa_storage.Key):
- """Representation of a key for storage format testing."""
-
- IMPLICIT_USAGE_FLAGS = {
- 'PSA_KEY_USAGE_SIGN_HASH': 'PSA_KEY_USAGE_SIGN_MESSAGE',
- 'PSA_KEY_USAGE_VERIFY_HASH': 'PSA_KEY_USAGE_VERIFY_MESSAGE'
- } #type: Dict[str, str]
- """Mapping of usage flags to the flags that they imply."""
-
- def __init__(
- self,
- usage: Iterable[str],
- without_implicit_usage: Optional[bool] = False,
- **kwargs
- ) -> None:
- """Prepare to generate a key.
-
- * `usage` : The usage flags used for the key.
- * `without_implicit_usage`: Flag to define to apply the usage extension
- """
- usage_flags = set(usage)
- if not without_implicit_usage:
- for flag in sorted(usage_flags):
- if flag in self.IMPLICIT_USAGE_FLAGS:
- usage_flags.add(self.IMPLICIT_USAGE_FLAGS[flag])
- if usage_flags:
- usage_expression = ' | '.join(sorted(usage_flags))
- else:
- usage_expression = '0'
- super().__init__(usage=usage_expression, **kwargs)
-
-class StorageTestData(StorageKey):
- """Representation of test case data for storage format testing."""
-
- def __init__(
- self,
- description: str,
- expected_usage: Optional[List[str]] = None,
- **kwargs
- ) -> None:
- """Prepare to generate test data
-
- * `description` : used for the test case names
- * `expected_usage`: the usage flags generated as the expected usage flags
- in the test cases. CAn differ from the usage flags
- stored in the keys because of the usage flags extension.
- """
- super().__init__(**kwargs)
- self.description = description #type: str
- if expected_usage is None:
- self.expected_usage = self.usage #type: psa_storage.Expr
- elif expected_usage:
- self.expected_usage = psa_storage.Expr(' | '.join(expected_usage))
- else:
- self.expected_usage = psa_storage.Expr(0)
-
-class StorageFormat:
- """Storage format stability test cases."""
-
- def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None:
- """Prepare to generate test cases for storage format stability.
-
- * `info`: information about the API. See the `Information` class.
- * `version`: the storage format version to generate test cases for.
- * `forward`: if true, generate forward compatibility test cases which
- save a key and check that its representation is as intended. Otherwise
- generate backward compatibility test cases which inject a key
- representation and check that it can be read and used.
- """
- self.constructors = info.constructors #type: macro_collector.PSAMacroEnumerator
- self.version = version #type: int
- self.forward = forward #type: bool
-
- RSA_OAEP_RE = re.compile(r'PSA_ALG_RSA_OAEP\((.*)\)\Z')
- BRAINPOOL_RE = re.compile(r'PSA_KEY_TYPE_\w+\(PSA_ECC_FAMILY_BRAINPOOL_\w+\)\Z')
- @classmethod
- def exercise_key_with_algorithm(
- cls,
- key_type: psa_storage.Expr, bits: int,
- alg: psa_storage.Expr
- ) -> bool:
- """Whether to exercise the given key with the given algorithm.
-
- Normally only the type and algorithm matter for compatibility, and
- this is handled in crypto_knowledge.KeyType.can_do(). This function
- exists to detect exceptional cases. Exceptional cases detected here
- are not tested in OpFail and should therefore have manually written
- test cases.
- """
- # Some test keys have the RAW_DATA type and attributes that don't
- # necessarily make sense. We do this to validate numerical
- # encodings of the attributes.
- # Raw data keys have no useful exercise anyway so there is no
- # loss of test coverage.
- if key_type.string == 'PSA_KEY_TYPE_RAW_DATA':
- return False
- # OAEP requires room for two hashes plus wrapping
- m = cls.RSA_OAEP_RE.match(alg.string)
- if m:
- hash_alg = m.group(1)
- hash_length = crypto_knowledge.Algorithm.hash_length(hash_alg)
- key_length = (bits + 7) // 8
- # Leave enough room for at least one byte of plaintext
- return key_length > 2 * hash_length + 2
- # There's nothing wrong with ECC keys on Brainpool curves,
- # but operations with them are very slow. So we only exercise them
- # with a single algorithm, not with all possible hashes. We do
- # exercise other curves with all algorithms so test coverage is
- # perfectly adequate like this.
- m = cls.BRAINPOOL_RE.match(key_type.string)
- if m and alg.string != 'PSA_ALG_ECDSA_ANY':
- return False
- return True
-
- def make_test_case(self, key: StorageTestData) -> test_case.TestCase:
- """Construct a storage format test case for the given key.
-
- If ``forward`` is true, generate a forward compatibility test case:
- create a key and validate that it has the expected representation.
- Otherwise generate a backward compatibility test case: inject the
- key representation into storage and validate that it can be read
- correctly.
- """
- verb = 'save' if self.forward else 'read'
- tc = test_case.TestCase()
- tc.set_description(verb + ' ' + key.description)
- dependencies = psa_information.automatic_dependencies(
- key.lifetime.string, key.type.string,
- key.alg.string, key.alg2.string,
- )
- dependencies = psa_information.finish_family_dependencies(dependencies, key.bits)
- dependencies += psa_information.generate_deps_from_description(key.description)
- dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC')
- tc.set_dependencies(dependencies)
- tc.set_function('key_storage_' + verb)
- if self.forward:
- extra_arguments = []
- else:
- flags = []
- if self.exercise_key_with_algorithm(key.type, key.bits, key.alg):
- flags.append('TEST_FLAG_EXERCISE')
- if 'READ_ONLY' in key.lifetime.string:
- flags.append('TEST_FLAG_READ_ONLY')
- extra_arguments = [' | '.join(flags) if flags else '0']
- tc.set_arguments([key.lifetime.string,
- key.type.string, str(key.bits),
- key.expected_usage.string,
- key.alg.string, key.alg2.string,
- '"' + key.material.hex() + '"',
- '"' + key.hex() + '"',
- *extra_arguments])
- return tc
-
- def key_for_lifetime(
- self,
- lifetime: str,
- ) -> StorageTestData:
- """Construct a test key for the given lifetime."""
- short = lifetime
- short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION',
- r'', short)
- short = crypto_knowledge.short_expression(short)
- description = 'lifetime: ' + short
- key = StorageTestData(version=self.version,
- id=1, lifetime=lifetime,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=['PSA_KEY_USAGE_EXPORT'], alg=0, alg2=0,
- material=b'L',
- description=description)
- return key
-
- def all_keys_for_lifetimes(self) -> Iterator[StorageTestData]:
- """Generate test keys covering lifetimes."""
- lifetimes = sorted(self.constructors.lifetimes)
- expressions = self.constructors.generate_expressions(lifetimes)
- for lifetime in expressions:
- # Don't attempt to create or load a volatile key in storage
- if 'VOLATILE' in lifetime:
- continue
- # Don't attempt to create a read-only key in storage,
- # but do attempt to load one.
- if 'READ_ONLY' in lifetime and self.forward:
- continue
- yield self.key_for_lifetime(lifetime)
-
- def key_for_usage_flags(
- self,
- usage_flags: List[str],
- short: Optional[str] = None,
- test_implicit_usage: Optional[bool] = True
- ) -> StorageTestData:
- """Construct a test key for the given key usage."""
- extra_desc = ' without implication' if test_implicit_usage else ''
- description = 'usage' + extra_desc + ': '
- key1 = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- expected_usage=usage_flags,
- without_implicit_usage=not test_implicit_usage,
- usage=usage_flags, alg=0, alg2=0,
- material=b'K',
- description=description)
- if short is None:
- usage_expr = key1.expected_usage.string
- key1.description += crypto_knowledge.short_expression(usage_expr)
- else:
- key1.description += short
- return key1
-
- def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]:
- """Generate test keys covering usage flags."""
- known_flags = sorted(self.constructors.key_usage_flags)
- yield self.key_for_usage_flags(['0'], **kwargs)
- for usage_flag in known_flags:
- yield self.key_for_usage_flags([usage_flag], **kwargs)
- for flag1, flag2 in zip(known_flags,
- known_flags[1:] + [known_flags[0]]):
- yield self.key_for_usage_flags([flag1, flag2], **kwargs)
-
- def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]:
- known_flags = sorted(self.constructors.key_usage_flags)
- yield self.key_for_usage_flags(known_flags, short='all known')
-
- def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
- yield from self.generate_keys_for_usage_flags()
- yield from self.generate_key_for_all_usage_flags()
-
- def key_for_type_and_alg(
- self,
- kt: crypto_knowledge.KeyType,
- bits: int,
- alg: Optional[crypto_knowledge.Algorithm] = None,
- ) -> StorageTestData:
- """Construct a test key of the given type.
-
- If alg is not None, this key allows it.
- """
- usage_flags = ['PSA_KEY_USAGE_EXPORT']
- alg1 = 0 #type: psa_storage.Exprable
- alg2 = 0
- if alg is not None:
- alg1 = alg.expression
- usage_flags += alg.usage_flags(public=kt.is_public())
- key_material = kt.key_material(bits)
- description = 'type: {} {}-bit'.format(kt.short_expression(1), bits)
- if alg is not None:
- description += ', ' + alg.short_expression(1)
- key = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type=kt.expression, bits=bits,
- usage=usage_flags, alg=alg1, alg2=alg2,
- material=key_material,
- description=description)
- return key
-
- def keys_for_type(
- self,
- key_type: str,
- all_algorithms: List[crypto_knowledge.Algorithm],
- ) -> Iterator[StorageTestData]:
- """Generate test keys for the given key type."""
- kt = crypto_knowledge.KeyType(key_type)
- for bits in kt.sizes_to_test():
- # Test a non-exercisable key, as well as exercisable keys for
- # each compatible algorithm.
- # To do: test reading a key from storage with an incompatible
- # or unsupported algorithm.
- yield self.key_for_type_and_alg(kt, bits)
- compatible_algorithms = [alg for alg in all_algorithms
- if kt.can_do(alg)]
- for alg in compatible_algorithms:
- yield self.key_for_type_and_alg(kt, bits, alg)
-
- def all_keys_for_types(self) -> Iterator[StorageTestData]:
- """Generate test keys covering key types and their representations."""
- key_types = sorted(self.constructors.key_types)
- all_algorithms = [crypto_knowledge.Algorithm(alg)
- for alg in self.constructors.generate_expressions(
- sorted(self.constructors.algorithms)
- )]
- for key_type in self.constructors.generate_expressions(key_types):
- yield from self.keys_for_type(key_type, all_algorithms)
-
- def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]:
- """Generate test keys for the encoding of the specified algorithm."""
- # These test cases only validate the encoding of algorithms, not
- # whether the key read from storage is suitable for an operation.
- # `keys_for_types` generate read tests with an algorithm and a
- # compatible key.
- descr = crypto_knowledge.short_expression(alg, 1)
- usage = ['PSA_KEY_USAGE_EXPORT']
- key1 = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=usage, alg=alg, alg2=0,
- material=b'K',
- description='alg: ' + descr)
- yield key1
- key2 = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type='PSA_KEY_TYPE_RAW_DATA', bits=8,
- usage=usage, alg=0, alg2=alg,
- material=b'L',
- description='alg2: ' + descr)
- yield key2
-
- def all_keys_for_algorithms(self) -> Iterator[StorageTestData]:
- """Generate test keys covering algorithm encodings."""
- algorithms = sorted(self.constructors.algorithms)
- for alg in self.constructors.generate_expressions(algorithms):
- yield from self.keys_for_algorithm(alg)
-
- def generate_all_keys(self) -> Iterator[StorageTestData]:
- """Generate all keys for the test cases."""
- yield from self.all_keys_for_lifetimes()
- yield from self.all_keys_for_usage_flags()
- yield from self.all_keys_for_types()
- yield from self.all_keys_for_algorithms()
-
- def all_test_cases(self) -> Iterator[test_case.TestCase]:
- """Generate all storage format test cases."""
- # First build a list of all keys, then construct all the corresponding
- # test cases. This allows all required information to be obtained in
- # one go, which is a significant performance gain as the information
- # includes numerical values obtained by compiling a C program.
- all_keys = list(self.generate_all_keys())
- for key in all_keys:
- if key.location_value() != 0:
- # Skip keys with a non-default location, because they
- # require a driver and we currently have no mechanism to
- # determine whether a driver is available.
- continue
- yield self.make_test_case(key)
-
-class StorageFormatForward(StorageFormat):
- """Storage format stability test cases for forward compatibility."""
-
- def __init__(self, info: psa_information.Information, version: int) -> None:
- super().__init__(info, version, True)
-
-class StorageFormatV0(StorageFormat):
- """Storage format stability test cases for version 0 compatibility."""
-
- def __init__(self, info: psa_information.Information) -> None:
- super().__init__(info, 0, False)
-
- def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]:
- """Generate test keys covering usage flags."""
- yield from super().all_keys_for_usage_flags()
- yield from self.generate_keys_for_usage_flags(test_implicit_usage=False)
-
- def keys_for_implicit_usage(
- self,
- implyer_usage: str,
- alg: str,
- key_type: crypto_knowledge.KeyType
- ) -> StorageTestData:
- # pylint: disable=too-many-locals
- """Generate test keys for the specified implicit usage flag,
- algorithm and key type combination.
- """
- bits = key_type.sizes_to_test()[0]
- implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage]
- usage_flags = ['PSA_KEY_USAGE_EXPORT']
- material_usage_flags = usage_flags + [implyer_usage]
- expected_usage_flags = material_usage_flags + [implicit_usage]
- alg2 = 0
- key_material = key_type.key_material(bits)
- usage_expression = crypto_knowledge.short_expression(implyer_usage, 1)
- alg_expression = crypto_knowledge.short_expression(alg, 1)
- key_type_expression = key_type.short_expression(1)
- description = 'implied by {}: {} {} {}-bit'.format(
- usage_expression, alg_expression, key_type_expression, bits)
- key = StorageTestData(version=self.version,
- id=1, lifetime=0x00000001,
- type=key_type.expression, bits=bits,
- usage=material_usage_flags,
- expected_usage=expected_usage_flags,
- without_implicit_usage=True,
- alg=alg, alg2=alg2,
- material=key_material,
- description=description)
- return key
-
- def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
- # pylint: disable=too-many-locals
- """Match possible key types for sign algorithms."""
- # To create a valid combination both the algorithms and key types
- # must be filtered. Pair them with keywords created from its names.
- incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
- incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
- keyword_translation = {
- 'ECDSA': 'ECC',
- 'ED[0-9]*.*' : 'EDWARDS'
- }
- exclusive_keywords = {
- 'EDWARDS': 'ECC'
- }
- key_types = set(self.constructors.generate_expressions(self.constructors.key_types))
- algorithms = set(self.constructors.generate_expressions(self.constructors.sign_algorithms))
- alg_with_keys = {} #type: Dict[str, List[str]]
- translation_table = str.maketrans('(', '_', ')')
- for alg in algorithms:
- # Generate keywords from the name of the algorithm
- alg_keywords = set(alg.partition('(')[0].split(sep='_')[2:])
- # Translate keywords for better matching with the key types
- for keyword in alg_keywords.copy():
- for pattern, replace in keyword_translation.items():
- if re.match(pattern, keyword):
- alg_keywords.remove(keyword)
- alg_keywords.add(replace)
- # Filter out incompatible algorithms
- if not alg_keywords.isdisjoint(incompatible_alg_keyword):
- continue
-
- for key_type in key_types:
- # Generate keywords from the of the key type
- key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
-
- # Remove ambiguous keywords
- for keyword1, keyword2 in exclusive_keywords.items():
- if keyword1 in key_type_keywords:
- key_type_keywords.remove(keyword2)
-
- if key_type_keywords.isdisjoint(incompatible_key_type_keywords) and\
- not key_type_keywords.isdisjoint(alg_keywords):
- if alg in alg_with_keys:
- alg_with_keys[alg].append(key_type)
- else:
- alg_with_keys[alg] = [key_type]
- return alg_with_keys
-
- def all_keys_for_implicit_usage(self) -> Iterator[StorageTestData]:
- """Generate test keys for usage flag extensions."""
- # Generate a key type and algorithm pair for each extendable usage
- # flag to generate a valid key for exercising. The key is generated
- # without usage extension to check the extension compatibility.
- alg_with_keys = self.gather_key_types_for_sign_alg()
-
- for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
- for alg in sorted(alg_with_keys):
- for key_type in sorted(alg_with_keys[alg]):
- # The key types must be filtered to fit the specific usage flag.
- kt = crypto_knowledge.KeyType(key_type)
- if kt.is_public() and '_SIGN_' in usage:
- # Can't sign with a public key
- continue
- yield self.keys_for_implicit_usage(usage, alg, kt)
-
- def generate_all_keys(self) -> Iterator[StorageTestData]:
- yield from super().generate_all_keys()
- yield from self.all_keys_for_implicit_usage()
-
-
-class PSATestGenerator(test_data_generation.TestGenerator):
- """Test generator subclass including PSA targets and info."""
- # Note that targets whose names contain 'test_format' have their content
- # validated by `abi_check.py`.
- targets = {
- 'test_suite_psa_crypto_generate_key.generated':
- lambda info: KeyGenerate(info).test_cases_for_key_generation(),
- 'test_suite_psa_crypto_not_supported.generated':
- lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
- 'test_suite_psa_crypto_low_hash.generated':
- lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(),
- 'test_suite_psa_crypto_op_fail.generated':
- lambda info: OpFail(info).all_test_cases(),
- 'test_suite_psa_crypto_storage_format.current':
- lambda info: StorageFormatForward(info, 0).all_test_cases(),
- 'test_suite_psa_crypto_storage_format.v0':
- lambda info: StorageFormatV0(info).all_test_cases(),
- } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]]
-
- def __init__(self, options):
- super().__init__(options)
- self.info = psa_information.Information()
-
- def generate_target(self, name: str, *target_args) -> None:
- super().generate_target(name, self.info)
-
-
-if __name__ == '__main__':
- test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator)
diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py
deleted file mode 100755
index 07d1450..0000000
--- a/tests/scripts/generate_psa_wrappers.py
+++ /dev/null
@@ -1,257 +0,0 @@
-#!/usr/bin/env python3
-"""Generate wrapper functions for PSA function calls.
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-### WARNING: the code in this file has not been extensively reviewed yet.
-### We do not think it is harmful, but it may be below our normal standards
-### for robustness and maintainability.
-
-import argparse
-import itertools
-import os
-from typing import Iterator, List, Optional, Tuple
-
-import scripts_path #pylint: disable=unused-import
-from mbedtls_dev import build_tree
-from mbedtls_dev import c_parsing_helper
-from mbedtls_dev import c_wrapper_generator
-from mbedtls_dev import typing_util
-
-
-class BufferParameter:
- """Description of an input or output buffer parameter sequence to a PSA function."""
- #pylint: disable=too-few-public-methods
-
- def __init__(self, i: int, is_output: bool,
- buffer_name: str, size_name: str) -> None:
- """Initialize the parameter information.
-
- i is the index of the function argument that is the pointer to the buffer.
- The size is argument i+1. For a variable-size output, the actual length
- goes in argument i+2.
-
- buffer_name and size_names are the names of arguments i and i+1.
- This class does not yet help with the output length.
- """
- self.index = i
- self.buffer_name = buffer_name
- self.size_name = size_name
- self.is_output = is_output
-
-
-class PSAWrapperGenerator(c_wrapper_generator.Base):
- """Generate a C source file containing wrapper functions for PSA Crypto API calls."""
-
- _CPP_GUARDS = ('defined(MBEDTLS_PSA_CRYPTO_C) && ' +
- 'defined(MBEDTLS_TEST_HOOKS) && \\\n ' +
- '!defined(RECORD_PSA_STATUS_COVERAGE_LOG)')
- _WRAPPER_NAME_PREFIX = 'mbedtls_test_wrap_'
- _WRAPPER_NAME_SUFFIX = ''
-
- def gather_data(self) -> None:
- root_dir = build_tree.guess_mbedtls_root()
- for header_name in ['crypto.h', 'crypto_extra.h']:
- header_path = os.path.join(root_dir, 'include', 'psa', header_name)
- c_parsing_helper.read_function_declarations(self.functions, header_path)
-
- _SKIP_FUNCTIONS = frozenset([
- 'mbedtls_psa_external_get_random', # not a library function
- 'psa_get_key_domain_parameters', # client-side function
- 'psa_get_key_slot_number', # client-side function
- 'psa_key_derivation_verify_bytes', # not implemented yet
- 'psa_key_derivation_verify_key', # not implemented yet
- 'psa_set_key_domain_parameters', # client-side function
- ])
-
- def _skip_function(self, function: c_wrapper_generator.FunctionInfo) -> bool:
- if function.return_type != 'psa_status_t':
- return True
- if function.name in self._SKIP_FUNCTIONS:
- return True
- return False
-
- # PAKE stuff: not implemented yet
- _PAKE_STUFF = frozenset([
- 'psa_crypto_driver_pake_inputs_t *',
- 'psa_pake_cipher_suite_t *',
- ])
-
- def _return_variable_name(self,
- function: c_wrapper_generator.FunctionInfo) -> str:
- """The name of the variable that will contain the return value."""
- if function.return_type == 'psa_status_t':
- return 'status'
- return super()._return_variable_name(function)
-
- _FUNCTION_GUARDS = c_wrapper_generator.Base._FUNCTION_GUARDS.copy() \
- #pylint: disable=protected-access
- _FUNCTION_GUARDS.update({
- 'mbedtls_psa_register_se_key': 'defined(MBEDTLS_PSA_CRYPTO_SE_C)',
- 'mbedtls_psa_inject_entropy': 'defined(MBEDTLS_PSA_INJECT_ENTROPY)',
- 'mbedtls_psa_external_get_random': 'defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)',
- 'mbedtls_psa_platform_get_builtin_key': 'defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)',
- })
-
- @staticmethod
- def _detect_buffer_parameters(arguments: List[c_parsing_helper.ArgumentInfo],
- argument_names: List[str]) -> Iterator[BufferParameter]:
- """Detect function arguments that are buffers (pointer, size [,length])."""
- types = ['' if arg.suffix else arg.type for arg in arguments]
- # pairs = list of (type_of_arg_N, type_of_arg_N+1)
- # where each type_of_arg_X is the empty string if the type is an array
- # or there is no argument X.
- pairs = enumerate(itertools.zip_longest(types, types[1:], fillvalue=''))
- for i, t01 in pairs:
- if (t01[0] == 'const uint8_t *' or t01[0] == 'uint8_t *') and \
- t01[1] == 'size_t':
- yield BufferParameter(i, not t01[0].startswith('const '),
- argument_names[i], argument_names[i+1])
-
- @staticmethod
- def _write_poison_buffer_parameter(out: typing_util.Writable,
- param: BufferParameter,
- poison: bool) -> None:
- """Write poisoning or unpoisoning code for a buffer parameter.
-
- Write poisoning code if poison is true, unpoisoning code otherwise.
- """
- out.write(' MBEDTLS_TEST_MEMORY_{}({}, {});\n'.format(
- 'POISON' if poison else 'UNPOISON',
- param.buffer_name, param.size_name
- ))
-
- def _write_poison_buffer_parameters(self, out: typing_util.Writable,
- buffer_parameters: List[BufferParameter],
- poison: bool) -> None:
- """Write poisoning or unpoisoning code for the buffer parameters.
-
- Write poisoning code if poison is true, unpoisoning code otherwise.
- """
- if not buffer_parameters:
- return
- out.write('#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)\n')
- for param in buffer_parameters:
- self._write_poison_buffer_parameter(out, param, poison)
- out.write('#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */\n')
-
- @staticmethod
- def _parameter_should_be_copied(function_name: str,
- _buffer_name: Optional[str]) -> bool:
- """Whether the specified buffer argument to a PSA function should be copied.
- """
- # False-positives that do not need buffer copying
- if function_name in ('mbedtls_psa_inject_entropy',
- 'psa_crypto_driver_pake_get_password',
- 'psa_crypto_driver_pake_get_user',
- 'psa_crypto_driver_pake_get_peer'):
- return False
-
- return True
-
- def _write_function_call(self, out: typing_util.Writable,
- function: c_wrapper_generator.FunctionInfo,
- argument_names: List[str]) -> None:
- buffer_parameters = list(
- param
- for param in self._detect_buffer_parameters(function.arguments,
- argument_names)
- if self._parameter_should_be_copied(function.name,
- function.arguments[param.index].name))
- self._write_poison_buffer_parameters(out, buffer_parameters, True)
- super()._write_function_call(out, function, argument_names)
- self._write_poison_buffer_parameters(out, buffer_parameters, False)
-
- def _write_prologue(self, out: typing_util.Writable, header: bool) -> None:
- super()._write_prologue(out, header)
- out.write("""
-#if {}
-
-#include <psa/crypto.h>
-
-#include <test/memory.h>
-#include <test/psa_crypto_helpers.h>
-#include <test/psa_test_wrappers.h>
-"""
- .format(self._CPP_GUARDS))
-
- def _write_epilogue(self, out: typing_util.Writable, header: bool) -> None:
- out.write("""
-#endif /* {} */
-"""
- .format(self._CPP_GUARDS))
- super()._write_epilogue(out, header)
-
-
-class PSALoggingWrapperGenerator(PSAWrapperGenerator, c_wrapper_generator.Logging):
- """Generate a C source file containing wrapper functions that log PSA Crypto API calls."""
-
- def __init__(self, stream: str) -> None:
- super().__init__()
- self.set_stream(stream)
-
- _PRINTF_TYPE_CAST = c_wrapper_generator.Logging._PRINTF_TYPE_CAST.copy()
- _PRINTF_TYPE_CAST.update({
- 'mbedtls_svc_key_id_t': 'unsigned',
- 'psa_algorithm_t': 'unsigned',
- 'psa_drv_slot_number_t': 'unsigned long long',
- 'psa_key_derivation_step_t': 'int',
- 'psa_key_id_t': 'unsigned',
- 'psa_key_slot_number_t': 'unsigned long long',
- 'psa_key_lifetime_t': 'unsigned',
- 'psa_key_type_t': 'unsigned',
- 'psa_key_usage_flags_t': 'unsigned',
- 'psa_pake_role_t': 'int',
- 'psa_pake_step_t': 'int',
- 'psa_status_t': 'int',
- })
-
- def _printf_parameters(self, typ: str, var: str) -> Tuple[str, List[str]]:
- if typ.startswith('const '):
- typ = typ[6:]
- if typ == 'uint8_t *':
- # Skip buffers
- return '', []
- if typ.endswith('operation_t *'):
- return '', []
- if typ in self._PAKE_STUFF:
- return '', []
- if typ == 'psa_key_attributes_t *':
- return (var + '={id=%u, lifetime=0x%08x, type=0x%08x, bits=%u, alg=%08x, usage=%08x}',
- ['(unsigned) psa_get_key_{}({})'.format(field, var)
- for field in ['id', 'lifetime', 'type', 'bits', 'algorithm', 'usage_flags']])
- return super()._printf_parameters(typ, var)
-
-
-DEFAULT_C_OUTPUT_FILE_NAME = 'tests/src/psa_test_wrappers.c'
-DEFAULT_H_OUTPUT_FILE_NAME = 'tests/include/test/psa_test_wrappers.h'
-
-def main() -> None:
- parser = argparse.ArgumentParser(description=globals()['__doc__'])
- parser.add_argument('--log',
- help='Stream to log to (default: no logging code)')
- parser.add_argument('--output-c',
- metavar='FILENAME',
- default=DEFAULT_C_OUTPUT_FILE_NAME,
- help=('Output .c file path (default: {}; skip .c output if empty)'
- .format(DEFAULT_C_OUTPUT_FILE_NAME)))
- parser.add_argument('--output-h',
- metavar='FILENAME',
- default=DEFAULT_H_OUTPUT_FILE_NAME,
- help=('Output .h file path (default: {}; skip .h output if empty)'
- .format(DEFAULT_H_OUTPUT_FILE_NAME)))
- options = parser.parse_args()
- if options.log:
- generator = PSALoggingWrapperGenerator(options.log) #type: PSAWrapperGenerator
- else:
- generator = PSAWrapperGenerator()
- generator.gather_data()
- if options.output_h:
- generator.write_h_file(options.output_h)
- if options.output_c:
- generator.write_c_file(options.output_c)
-
-if __name__ == '__main__':
- main()
diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py
deleted file mode 100755
index a3bca7e..0000000
--- a/tests/scripts/generate_test_cert_macros.py
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/usr/bin/env python3
-
-"""
-Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate list for testing.
-"""
-
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-
-import os
-import sys
-import argparse
-import jinja2
-
-class MacroDefineAction(argparse.Action):
- #pylint: disable=signature-differs, too-few-public-methods
- def __call__(self, parser, namespace, values, option_string):
- if not hasattr(namespace, 'values'):
- setattr(namespace, 'values', [])
- macro_name, filename = values
- if self.dest in ('string', 'binary') and not os.path.exists(filename):
- raise argparse.ArgumentError(
- None, '`{}`: Input file does not exist.'.format(filename))
- namespace.values.append((self.dest, macro_name, filename))
-
-
-def macro_define_type(value):
- ret = value.split('=', 1)
- if len(ret) != 2:
- raise argparse.ArgumentTypeError(
- '`{}` is not MACRO=value format'.format(value))
- return ret
-
-
-def build_argparser(parser):
- parser.description = __doc__
- parser.add_argument('--string', type=macro_define_type, action=MacroDefineAction,
- metavar='MACRO_NAME=path/to/file', help='PEM to C string. ')
- parser.add_argument('--binary', type=macro_define_type, action=MacroDefineAction,
- metavar='MACRO_NAME=path/to/file',
- help='DER to C arrary.')
- parser.add_argument('--password', type=macro_define_type, action=MacroDefineAction,
- metavar='MACRO_NAME=password', help='Password to C string.')
- parser.add_argument('--output', type=str, required=True)
-
-
-def main():
- parser = argparse.ArgumentParser()
- build_argparser(parser)
- args = parser.parse_args()
- return generate(**vars(args))
-
-#pylint: disable=dangerous-default-value, unused-argument
-def generate(values=[], output=None, **kwargs):
- """Generate C header file.
- """
- this_dir = os.path.dirname(os.path.abspath(__file__))
- template_loader = jinja2.FileSystemLoader(
- searchpath=os.path.join(this_dir, '..', 'data_files'))
- template_env = jinja2.Environment(
- loader=template_loader, lstrip_blocks=True, trim_blocks=True)
-
- def read_as_c_array(filename):
- with open(filename, 'rb') as f:
- data = f.read(12)
- while data:
- yield ', '.join(['{:#04x}'.format(b) for b in data])
- data = f.read(12)
-
- def read_lines(filename):
- with open(filename) as f:
- try:
- for line in f:
- yield line.strip()
- except:
- print(filename)
- raise
-
- def put_to_column(value, position=0):
- return ' '*position + value
-
- template_env.filters['read_as_c_array'] = read_as_c_array
- template_env.filters['read_lines'] = read_lines
- template_env.filters['put_to_column'] = put_to_column
-
- template = template_env.get_template('test_certs.h.jinja2')
-
- with open(output, 'w') as f:
- f.write(template.render(macros=values))
-
-
-if __name__ == '__main__':
- sys.exit(main())
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
deleted file mode 100755
index 5f711bf..0000000
--- a/tests/scripts/generate_test_code.py
+++ /dev/null
@@ -1,1277 +0,0 @@
-#!/usr/bin/env python3
-# Test suites code generator.
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-This script is a key part of Mbed TLS test suites framework. For
-understanding the script it is important to understand the
-framework. This doc string contains a summary of the framework
-and explains the function of this script.
-
-Mbed TLS test suites:
-=====================
-Scope:
-------
-The test suites focus on unit testing the crypto primitives and also
-include x509 parser tests. Tests can be added to test any Mbed TLS
-module. However, the framework is not capable of testing SSL
-protocol, since that requires full stack execution and that is best
-tested as part of the system test.
-
-Test case definition:
----------------------
-Tests are defined in a test_suite_<module>[.<optional sub module>].data
-file. A test definition contains:
- test name
- optional build macro dependencies
- test function
- test parameters
-
-Test dependencies are build macros that can be specified to indicate
-the build config in which the test is valid. For example if a test
-depends on a feature that is only enabled by defining a macro. Then
-that macro should be specified as a dependency of the test.
-
-Test function is the function that implements the test steps. This
-function is specified for different tests that perform same steps
-with different parameters.
-
-Test parameters are specified in string form separated by ':'.
-Parameters can be of type string, binary data specified as hex
-string and integer constants specified as integer, macro or
-as an expression. Following is an example test definition:
-
- AES 128 GCM Encrypt and decrypt 8 bytes
- depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
- enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:8:-1
-
-Test functions:
----------------
-Test functions are coded in C in test_suite_<module>.function files.
-Functions file is itself not compilable and contains special
-format patterns to specify test suite dependencies, start and end
-of functions and function dependencies. Check any existing functions
-file for example.
-
-Execution:
-----------
-Tests are executed in 3 steps:
-- Generating test_suite_<module>[.<optional sub module>].c file
- for each corresponding .data file.
-- Building each source file into executables.
-- Running each executable and printing report.
-
-Generating C test source requires more than just the test functions.
-Following extras are required:
-- Process main()
-- Reading .data file and dispatching test cases.
-- Platform specific test case execution
-- Dependency checking
-- Integer expression evaluation
-- Test function dispatch
-
-Build dependencies and integer expressions (in the test parameters)
-are specified as strings in the .data file. Their run time value is
-not known at the generation stage. Hence, they need to be translated
-into run time evaluations. This script generates the run time checks
-for dependencies and integer expressions.
-
-Similarly, function names have to be translated into function calls.
-This script also generates code for function dispatch.
-
-The extra code mentioned here is either generated by this script
-or it comes from the input files: helpers file, platform file and
-the template file.
-
-Helper file:
-------------
-Helpers file contains common helper/utility functions and data.
-
-Platform file:
---------------
-Platform file contains platform specific setup code and test case
-dispatch code. For example, host_test.function reads test data
-file from host's file system and dispatches tests.
-
-Template file:
----------
-Template file for example main_test.function is a template C file in
-which generated code and code from input files is substituted to
-generate a compilable C file. It also contains skeleton functions for
-dependency checks, expression evaluation and function dispatch. These
-functions are populated with checks and return codes by this script.
-
-Template file contains "replacement" fields that are formatted
-strings processed by Python string.Template.substitute() method.
-
-This script:
-============
-Core function of this script is to fill the template file with
-code that is generated or read from helpers and platform files.
-
-This script replaces following fields in the template and generates
-the test source file:
-
-__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
- All common code from helpers.function
- is substituted here.
-__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
- Test functions are substituted here
- from the input test_suit_xyz.function
- file. C preprocessor checks are generated
- for the build dependencies specified
- in the input file. This script also
- generates wrappers for the test
- functions with code to expand the
- string parameters read from the data
- file.
-__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
- This script enumerates the
- expressions in the .data file and
- generates code to handle enumerated
- expression Ids and return the values.
-__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
- This script enumerates all
- build dependencies and generate
- code to handle enumerated build
- dependency Id and return status: if
- the dependency is defined or not.
-__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
- This script enumerates the functions
- specified in the input test data file
- and generates the initializer for the
- function table in the template
- file.
-__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
- Platform specific setup and test
- dispatch code.
-
-"""
-
-
-import os
-import re
-import sys
-import string
-import argparse
-
-
-# Types recognized as signed integer arguments in test functions.
-SIGNED_INTEGER_TYPES = frozenset([
- 'char',
- 'short',
- 'short int',
- 'int',
- 'int8_t',
- 'int16_t',
- 'int32_t',
- 'int64_t',
- 'intmax_t',
- 'long',
- 'long int',
- 'long long int',
- 'mbedtls_mpi_sint',
- 'psa_status_t',
-])
-# Types recognized as string arguments in test functions.
-STRING_TYPES = frozenset(['char*', 'const char*', 'char const*'])
-# Types recognized as hex data arguments in test functions.
-DATA_TYPES = frozenset(['data_t*', 'const data_t*', 'data_t const*'])
-
-BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/'
-END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/'
-
-BEGIN_SUITE_HELPERS_REGEX = r'/\*\s*BEGIN_SUITE_HELPERS\s*\*/'
-END_SUITE_HELPERS_REGEX = r'/\*\s*END_SUITE_HELPERS\s*\*/'
-
-BEGIN_DEP_REGEX = r'BEGIN_DEPENDENCIES'
-END_DEP_REGEX = r'END_DEPENDENCIES'
-
-BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P<depends_on>.*?)\s*\*/'
-END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/'
-
-DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)'
-C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*'
-CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?'
-# forbid 0ddd which might be accidentally octal or accidentally decimal
-CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)'
-CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX,
- CONDITION_OPERATOR_REGEX,
- CONDITION_VALUE_REGEX)
-TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
-FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
-EXIT_LABEL_REGEX = r'^exit:'
-
-
-class GeneratorInputError(Exception):
- """
- Exception to indicate error in the input files to this script.
- This includes missing patterns, test function names and other
- parsing errors.
- """
- pass
-
-
-class FileWrapper:
- """
- This class extends the file object with attribute line_no,
- that indicates line number for the line that is read.
- """
-
- def __init__(self, file_name) -> None:
- """
- Instantiate the file object and initialize the line number to 0.
-
- :param file_name: File path to open.
- """
- # private mix-in file object
- self._f = open(file_name, 'rb')
- self._line_no = 0
-
- def __iter__(self):
- return self
-
- def __next__(self):
- """
- This method makes FileWrapper iterable.
- It counts the line numbers as each line is read.
-
- :return: Line read from file.
- """
- line = self._f.__next__()
- self._line_no += 1
- # Convert byte array to string with correct encoding and
- # strip any whitespaces added in the decoding process.
- return line.decode(sys.getdefaultencoding()).rstrip()+ '\n'
-
- def __enter__(self):
- return self
-
- def __exit__(self, exc_type, exc_val, exc_tb):
- self._f.__exit__(exc_type, exc_val, exc_tb)
-
- @property
- def line_no(self):
- """
- Property that indicates line number for the line that is read.
- """
- return self._line_no
-
- @property
- def name(self):
- """
- Property that indicates name of the file that is read.
- """
- return self._f.name
-
-
-def split_dep(dep):
- """
- Split NOT character '!' from dependency. Used by gen_dependencies()
-
- :param dep: Dependency list
- :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for
- MACRO.
- """
- return ('!', dep[1:]) if dep[0] == '!' else ('', dep)
-
-
-def gen_dependencies(dependencies):
- """
- Test suite data and functions specifies compile time dependencies.
- This function generates C preprocessor code from the input
- dependency list. Caller uses the generated preprocessor code to
- wrap dependent code.
- A dependency in the input list can have a leading '!' character
- to negate a condition. '!' is separated from the dependency using
- function split_dep() and proper preprocessor check is generated
- accordingly.
-
- :param dependencies: List of dependencies.
- :return: if defined and endif code with macro annotations for
- readability.
- """
- dep_start = ''.join(['#if %sdefined(%s)\n' % (x, y) for x, y in
- map(split_dep, dependencies)])
- dep_end = ''.join(['#endif /* %s */\n' %
- x for x in reversed(dependencies)])
-
- return dep_start, dep_end
-
-
-def gen_dependencies_one_line(dependencies):
- """
- Similar to gen_dependencies() but generates dependency checks in one line.
- Useful for generating code with #else block.
-
- :param dependencies: List of dependencies.
- :return: Preprocessor check code
- """
- defines = '#if ' if dependencies else ''
- defines += ' && '.join(['%sdefined(%s)' % (x, y) for x, y in map(
- split_dep, dependencies)])
- return defines
-
-
-def gen_function_wrapper(name, local_vars, args_dispatch):
- """
- Creates test function wrapper code. A wrapper has the code to
- unpack parameters from parameters[] array.
-
- :param name: Test function name
- :param local_vars: Local variables declaration code
- :param args_dispatch: List of dispatch arguments.
- Ex: ['(char *) params[0]', '*((int *) params[1])']
- :return: Test function wrapper.
- """
- # Then create the wrapper
- wrapper = '''
-void {name}_wrapper( void ** params )
-{{
-{unused_params}{locals}
- {name}( {args} );
-}}
-'''.format(name=name,
- unused_params='' if args_dispatch else ' (void)params;\n',
- args=', '.join(args_dispatch),
- locals=local_vars)
- return wrapper
-
-
-def gen_dispatch(name, dependencies):
- """
- Test suite code template main_test.function defines a C function
- array to contain test case functions. This function generates an
- initializer entry for a function in that array. The entry is
- composed of a compile time check for the test function
- dependencies. At compile time the test function is assigned when
- dependencies are met, else NULL is assigned.
-
- :param name: Test function name
- :param dependencies: List of dependencies
- :return: Dispatch code.
- """
- if dependencies:
- preprocessor_check = gen_dependencies_one_line(dependencies)
- dispatch_code = '''
-{preprocessor_check}
- {name}_wrapper,
-#else
- NULL,
-#endif
-'''.format(preprocessor_check=preprocessor_check, name=name)
- else:
- dispatch_code = '''
- {name}_wrapper,
-'''.format(name=name)
-
- return dispatch_code
-
-
-def parse_until_pattern(funcs_f, end_regex):
- """
- Matches pattern end_regex to the lines read from the file object.
- Returns the lines read until end pattern is matched.
-
- :param funcs_f: file object for .function file
- :param end_regex: Pattern to stop parsing
- :return: Lines read before the end pattern
- """
- headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
- for line in funcs_f:
- if re.search(end_regex, line):
- break
- headers += line
- else:
- raise GeneratorInputError("file: %s - end pattern [%s] not found!" %
- (funcs_f.name, end_regex))
-
- return headers
-
-
-def validate_dependency(dependency):
- """
- Validates a C macro and raises GeneratorInputError on invalid input.
- :param dependency: Input macro dependency
- :return: input dependency stripped of leading & trailing white spaces.
- """
- dependency = dependency.strip()
- if not re.match(CONDITION_REGEX, dependency, re.I):
- raise GeneratorInputError('Invalid dependency %s' % dependency)
- return dependency
-
-
-def parse_dependencies(inp_str):
- """
- Parses dependencies out of inp_str, validates them and returns a
- list of macros.
-
- :param inp_str: Input string with macros delimited by ':'.
- :return: list of dependencies
- """
- dependencies = list(map(validate_dependency, inp_str.split(':')))
- return dependencies
-
-
-def parse_suite_dependencies(funcs_f):
- """
- Parses test suite dependencies specified at the top of a
- .function file, that starts with pattern BEGIN_DEPENDENCIES
- and end with END_DEPENDENCIES. Dependencies are specified
- after pattern 'depends_on:' and are delimited by ':'.
-
- :param funcs_f: file object for .function file
- :return: List of test suite dependencies.
- """
- dependencies = []
- for line in funcs_f:
- match = re.search(DEPENDENCY_REGEX, line.strip())
- if match:
- try:
- dependencies = parse_dependencies(match.group('dependencies'))
- except GeneratorInputError as error:
- raise GeneratorInputError(
- str(error) + " - %s:%d" % (funcs_f.name, funcs_f.line_no))
- if re.search(END_DEP_REGEX, line):
- break
- else:
- raise GeneratorInputError("file: %s - end dependency pattern [%s]"
- " not found!" % (funcs_f.name,
- END_DEP_REGEX))
-
- return dependencies
-
-
-def parse_function_dependencies(line):
- """
- Parses function dependencies, that are in the same line as
- comment BEGIN_CASE. Dependencies are specified after pattern
- 'depends_on:' and are delimited by ':'.
-
- :param line: Line from .function file that has dependencies.
- :return: List of dependencies.
- """
- dependencies = []
- match = re.search(BEGIN_CASE_REGEX, line)
- dep_str = match.group('depends_on')
- if dep_str:
- match = re.search(DEPENDENCY_REGEX, dep_str)
- if match:
- dependencies += parse_dependencies(match.group('dependencies'))
-
- return dependencies
-
-
-ARGUMENT_DECLARATION_REGEX = re.compile(r'(.+?) ?(?:\bconst\b)? ?(\w+)\Z', re.S)
-def parse_function_argument(arg, arg_idx, args, local_vars, args_dispatch):
- """
- Parses one test function's argument declaration.
-
- :param arg: argument declaration.
- :param arg_idx: current wrapper argument index.
- :param args: accumulator of arguments' internal types.
- :param local_vars: accumulator of internal variable declarations.
- :param args_dispatch: accumulator of argument usage expressions.
- :return: the number of new wrapper arguments,
- or None if the argument declaration is invalid.
- """
- # Normalize whitespace
- arg = arg.strip()
- arg = re.sub(r'\s*\*\s*', r'*', arg)
- arg = re.sub(r'\s+', r' ', arg)
- # Extract name and type
- m = ARGUMENT_DECLARATION_REGEX.search(arg)
- if not m:
- # E.g. "int x[42]"
- return None
- typ, _ = m.groups()
- if typ in SIGNED_INTEGER_TYPES:
- args.append('int')
- args_dispatch.append('((mbedtls_test_argument_t *) params[%d])->sint' % arg_idx)
- return 1
- if typ in STRING_TYPES:
- args.append('char*')
- args_dispatch.append('(char *) params[%d]' % arg_idx)
- return 1
- if typ in DATA_TYPES:
- args.append('hex')
- # create a structure
- pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
- len_initializer = '((mbedtls_test_argument_t *) params[%d])->len' % (arg_idx+1)
- local_vars.append(' data_t data%d = {%s, %s};\n' %
- (arg_idx, pointer_initializer, len_initializer))
- args_dispatch.append('&data%d' % arg_idx)
- return 2
- return None
-
-ARGUMENT_LIST_REGEX = re.compile(r'\((.*?)\)', re.S)
-def parse_function_arguments(line):
- """
- Parses test function signature for validation and generates
- a dispatch wrapper function that translates input test vectors
- read from the data file into test function arguments.
-
- :param line: Line from .function file that has a function
- signature.
- :return: argument list, local variables for
- wrapper function and argument dispatch code.
- """
- # Process arguments, ex: <type> arg1, <type> arg2 )
- # This script assumes that the argument list is terminated by ')'
- # i.e. the test functions will not have a function pointer
- # argument.
- m = ARGUMENT_LIST_REGEX.search(line)
- arg_list = m.group(1).strip()
- if arg_list in ['', 'void']:
- return [], '', []
- args = []
- local_vars = []
- args_dispatch = []
- arg_idx = 0
- for arg in arg_list.split(','):
- indexes = parse_function_argument(arg, arg_idx,
- args, local_vars, args_dispatch)
- if indexes is None:
- raise ValueError("Test function arguments can only be 'int', "
- "'char *' or 'data_t'\n%s" % line)
- arg_idx += indexes
-
- return args, ''.join(local_vars), args_dispatch
-
-
-def generate_function_code(name, code, local_vars, args_dispatch,
- dependencies):
- """
- Generate function code with preprocessor checks and parameter dispatch
- wrapper.
-
- :param name: Function name
- :param code: Function code
- :param local_vars: Local variables for function wrapper
- :param args_dispatch: Argument dispatch code
- :param dependencies: Preprocessor dependencies list
- :return: Final function code
- """
- # Add exit label if not present
- if code.find('exit:') == -1:
- split_code = code.rsplit('}', 1)
- if len(split_code) == 2:
- code = """exit:
- ;
-}""".join(split_code)
-
- code += gen_function_wrapper(name, local_vars, args_dispatch)
- preprocessor_check_start, preprocessor_check_end = \
- gen_dependencies(dependencies)
- return preprocessor_check_start + code + preprocessor_check_end
-
-COMMENT_START_REGEX = re.compile(r'/[*/]')
-
-def skip_comments(line, stream):
- """Remove comments in line.
-
- If the line contains an unfinished comment, read more lines from stream
- until the line that contains the comment.
-
- :return: The original line with inner comments replaced by spaces.
- Trailing comments and whitespace may be removed completely.
- """
- pos = 0
- while True:
- opening = COMMENT_START_REGEX.search(line, pos)
- if not opening:
- break
- if line[opening.start(0) + 1] == '/': # //...
- continuation = line
- # Count the number of line breaks, to keep line numbers aligned
- # in the output.
- line_count = 1
- while continuation.endswith('\\\n'):
- # This errors out if the file ends with an unfinished line
- # comment. That's acceptable to not complicate the code further.
- continuation = next(stream)
- line_count += 1
- return line[:opening.start(0)].rstrip() + '\n' * line_count
- # Parsing /*...*/, looking for the end
- closing = line.find('*/', opening.end(0))
- while closing == -1:
- # This errors out if the file ends with an unfinished block
- # comment. That's acceptable to not complicate the code further.
- line += next(stream)
- closing = line.find('*/', opening.end(0))
- pos = closing + 2
- # Replace inner comment by spaces. There needs to be at least one space
- # for things like 'int/*ihatespaces*/foo'. Go further and preserve the
- # width of the comment and line breaks, this way positions in error
- # messages remain correct.
- line = (line[:opening.start(0)] +
- re.sub(r'.', r' ', line[opening.start(0):pos]) +
- line[pos:])
- # Strip whitespace at the end of lines (it's irrelevant to error messages).
- return re.sub(r' +(\n|\Z)', r'\1', line)
-
-def parse_function_code(funcs_f, dependencies, suite_dependencies):
- """
- Parses out a function from function file object and generates
- function and dispatch code.
-
- :param funcs_f: file object of the functions file.
- :param dependencies: List of dependencies
- :param suite_dependencies: List of test suite dependencies
- :return: Function name, arguments, function code and dispatch code.
- """
- line_directive = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name)
- code = ''
- has_exit_label = False
- for line in funcs_f:
- # Check function signature. Function signature may be split
- # across multiple lines. Here we try to find the start of
- # arguments list, then remove '\n's and apply the regex to
- # detect function start.
- line = skip_comments(line, funcs_f)
- up_to_arg_list_start = code + line[:line.find('(') + 1]
- match = re.match(TEST_FUNCTION_VALIDATION_REGEX,
- up_to_arg_list_start.replace('\n', ' '), re.I)
- if match:
- # check if we have full signature i.e. split in more lines
- name = match.group('func_name')
- if not re.match(FUNCTION_ARG_LIST_END_REGEX, line):
- for lin in funcs_f:
- line += skip_comments(lin, funcs_f)
- if re.search(FUNCTION_ARG_LIST_END_REGEX, line):
- break
- args, local_vars, args_dispatch = parse_function_arguments(
- line)
- code += line
- break
- code += line
- else:
- raise GeneratorInputError("file: %s - Test functions not found!" %
- funcs_f.name)
-
- # Prefix test function name with 'test_'
- code = code.replace(name, 'test_' + name, 1)
- name = 'test_' + name
-
- # If a test function has no arguments then add 'void' argument to
- # avoid "-Wstrict-prototypes" warnings from clang
- if len(args) == 0:
- code = code.replace('()', '(void)', 1)
-
- for line in funcs_f:
- if re.search(END_CASE_REGEX, line):
- break
- if not has_exit_label:
- has_exit_label = \
- re.search(EXIT_LABEL_REGEX, line.strip()) is not None
- code += line
- else:
- raise GeneratorInputError("file: %s - end case pattern [%s] not "
- "found!" % (funcs_f.name, END_CASE_REGEX))
-
- code = line_directive + code
- code = generate_function_code(name, code, local_vars, args_dispatch,
- dependencies)
- dispatch_code = gen_dispatch(name, suite_dependencies + dependencies)
- return (name, args, code, dispatch_code)
-
-
-def parse_functions(funcs_f):
- """
- Parses a test_suite_xxx.function file and returns information
- for generating a C source file for the test suite.
-
- :param funcs_f: file object of the functions file.
- :return: List of test suite dependencies, test function dispatch
- code, function code and a dict with function identifiers
- and arguments info.
- """
- suite_helpers = ''
- suite_dependencies = []
- suite_functions = ''
- func_info = {}
- function_idx = 0
- dispatch_code = ''
- for line in funcs_f:
- if re.search(BEGIN_HEADER_REGEX, line):
- suite_helpers += parse_until_pattern(funcs_f, END_HEADER_REGEX)
- elif re.search(BEGIN_SUITE_HELPERS_REGEX, line):
- suite_helpers += parse_until_pattern(funcs_f,
- END_SUITE_HELPERS_REGEX)
- elif re.search(BEGIN_DEP_REGEX, line):
- suite_dependencies += parse_suite_dependencies(funcs_f)
- elif re.search(BEGIN_CASE_REGEX, line):
- try:
- dependencies = parse_function_dependencies(line)
- except GeneratorInputError as error:
- raise GeneratorInputError(
- "%s:%d: %s" % (funcs_f.name, funcs_f.line_no,
- str(error)))
- func_name, args, func_code, func_dispatch =\
- parse_function_code(funcs_f, dependencies, suite_dependencies)
- suite_functions += func_code
- # Generate dispatch code and enumeration info
- if func_name in func_info:
- raise GeneratorInputError(
- "file: %s - function %s re-declared at line %d" %
- (funcs_f.name, func_name, funcs_f.line_no))
- func_info[func_name] = (function_idx, args)
- dispatch_code += '/* Function Id: %d */\n' % function_idx
- dispatch_code += func_dispatch
- function_idx += 1
-
- func_code = (suite_helpers +
- suite_functions).join(gen_dependencies(suite_dependencies))
- return suite_dependencies, dispatch_code, func_code, func_info
-
-
-def escaped_split(inp_str, split_char):
- """
- Split inp_str on character split_char but ignore if escaped.
- Since, return value is used to write back to the intermediate
- data file, any escape characters in the input are retained in the
- output.
-
- :param inp_str: String to split
- :param split_char: Split character
- :return: List of splits
- """
- if len(split_char) > 1:
- raise ValueError('Expected split character. Found string!')
- out = re.sub(r'(\\.)|' + split_char,
- lambda m: m.group(1) or '\n', inp_str,
- len(inp_str)).split('\n')
- out = [x for x in out if x]
- return out
-
-
-def parse_test_data(data_f):
- """
- Parses .data file for each test case name, test function name,
- test dependencies and test arguments. This information is
- correlated with the test functions file for generating an
- intermediate data file replacing the strings for test function
- names, dependencies and integer constant expressions with
- identifiers. Mainly for optimising space for on-target
- execution.
-
- :param data_f: file object of the data file.
- :return: Generator that yields line number, test name, function name,
- dependency list and function argument list.
- """
- __state_read_name = 0
- __state_read_args = 1
- state = __state_read_name
- dependencies = []
- name = ''
- for line in data_f:
- line = line.strip()
- # Skip comments
- if line.startswith('#'):
- continue
-
- # Blank line indicates end of test
- if not line:
- if state == __state_read_args:
- raise GeneratorInputError("[%s:%d] Newline before arguments. "
- "Test function and arguments "
- "missing for %s" %
- (data_f.name, data_f.line_no, name))
- continue
-
- if state == __state_read_name:
- # Read test name
- name = line
- state = __state_read_args
- elif state == __state_read_args:
- # Check dependencies
- match = re.search(DEPENDENCY_REGEX, line)
- if match:
- try:
- dependencies = parse_dependencies(
- match.group('dependencies'))
- except GeneratorInputError as error:
- raise GeneratorInputError(
- str(error) + " - %s:%d" %
- (data_f.name, data_f.line_no))
- else:
- # Read test vectors
- parts = escaped_split(line, ':')
- test_function = parts[0]
- args = parts[1:]
- yield data_f.line_no, name, test_function, dependencies, args
- dependencies = []
- state = __state_read_name
- if state == __state_read_args:
- raise GeneratorInputError("[%s:%d] Newline before arguments. "
- "Test function and arguments missing for "
- "%s" % (data_f.name, data_f.line_no, name))
-
-
-def gen_dep_check(dep_id, dep):
- """
- Generate code for checking dependency with the associated
- identifier.
-
- :param dep_id: Dependency identifier
- :param dep: Dependency macro
- :return: Dependency check code
- """
- if dep_id < 0:
- raise GeneratorInputError("Dependency Id should be a positive "
- "integer.")
- _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep)
- if not dep:
- raise GeneratorInputError("Dependency should not be an empty string.")
-
- dependency = re.match(CONDITION_REGEX, dep, re.I)
- if not dependency:
- raise GeneratorInputError('Invalid dependency %s' % dep)
-
- _defined = '' if dependency.group(2) else 'defined'
- _cond = dependency.group(2) if dependency.group(2) else ''
- _value = dependency.group(3) if dependency.group(3) else ''
-
- dep_check = '''
- case {id}:
- {{
-#if {_not}{_defined}({macro}{_cond}{_value})
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }}
- break;'''.format(_not=_not, _defined=_defined,
- macro=dependency.group(1), id=dep_id,
- _cond=_cond, _value=_value)
- return dep_check
-
-
-def gen_expression_check(exp_id, exp):
- """
- Generates code for evaluating an integer expression using
- associated expression Id.
-
- :param exp_id: Expression Identifier
- :param exp: Expression/Macro
- :return: Expression check code
- """
- if exp_id < 0:
- raise GeneratorInputError("Expression Id should be a positive "
- "integer.")
- if not exp:
- raise GeneratorInputError("Expression should not be an empty string.")
- exp_code = '''
- case {exp_id}:
- {{
- *out_value = {expression};
- }}
- break;'''.format(exp_id=exp_id, expression=exp)
- return exp_code
-
-
-def write_dependencies(out_data_f, test_dependencies, unique_dependencies):
- """
- Write dependencies to intermediate test data file, replacing
- the string form with identifiers. Also, generates dependency
- check code.
-
- :param out_data_f: Output intermediate data file
- :param test_dependencies: Dependencies
- :param unique_dependencies: Mutable list to track unique dependencies
- that are global to this re-entrant function.
- :return: returns dependency check code.
- """
- dep_check_code = ''
- if test_dependencies:
- out_data_f.write('depends_on')
- for dep in test_dependencies:
- if dep not in unique_dependencies:
- unique_dependencies.append(dep)
- dep_id = unique_dependencies.index(dep)
- dep_check_code += gen_dep_check(dep_id, dep)
- else:
- dep_id = unique_dependencies.index(dep)
- out_data_f.write(':' + str(dep_id))
- out_data_f.write('\n')
- return dep_check_code
-
-
-INT_VAL_REGEX = re.compile(r'-?(\d+|0x[0-9a-f]+)$', re.I)
-def val_is_int(val: str) -> bool:
- """Whether val is suitable as an 'int' parameter in the .datax file."""
- if not INT_VAL_REGEX.match(val):
- return False
- # Limit the range to what is guaranteed to get through strtol()
- return abs(int(val, 0)) <= 0x7fffffff
-
-def write_parameters(out_data_f, test_args, func_args, unique_expressions):
- """
- Writes test parameters to the intermediate data file, replacing
- the string form with identifiers. Also, generates expression
- check code.
-
- :param out_data_f: Output intermediate data file
- :param test_args: Test parameters
- :param func_args: Function arguments
- :param unique_expressions: Mutable list to track unique
- expressions that are global to this re-entrant function.
- :return: Returns expression check code.
- """
- expression_code = ''
- for i, _ in enumerate(test_args):
- typ = func_args[i]
- val = test_args[i]
-
- # Pass small integer constants literally. This reduces the size of
- # the C code. Register anything else as an expression.
- if typ == 'int' and not val_is_int(val):
- typ = 'exp'
- if val not in unique_expressions:
- unique_expressions.append(val)
- # exp_id can be derived from len(). But for
- # readability and consistency with case of existing
- # let's use index().
- exp_id = unique_expressions.index(val)
- expression_code += gen_expression_check(exp_id, val)
- val = exp_id
- else:
- val = unique_expressions.index(val)
- out_data_f.write(':' + typ + ':' + str(val))
- out_data_f.write('\n')
- return expression_code
-
-
-def gen_suite_dep_checks(suite_dependencies, dep_check_code, expression_code):
- """
- Generates preprocessor checks for test suite dependencies.
-
- :param suite_dependencies: Test suite dependencies read from the
- .function file.
- :param dep_check_code: Dependency check code
- :param expression_code: Expression check code
- :return: Dependency and expression code guarded by test suite
- dependencies.
- """
- if suite_dependencies:
- preprocessor_check = gen_dependencies_one_line(suite_dependencies)
- dep_check_code = '''
-{preprocessor_check}
-{code}
-#endif
-'''.format(preprocessor_check=preprocessor_check, code=dep_check_code)
- expression_code = '''
-{preprocessor_check}
-{code}
-#endif
-'''.format(preprocessor_check=preprocessor_check, code=expression_code)
- return dep_check_code, expression_code
-
-
-def get_function_info(func_info, function_name, line_no):
- """Look up information about a test function by name.
-
- Raise an informative expression if function_name is not found.
-
- :param func_info: dictionary mapping function names to their information.
- :param function_name: the function name as written in the .function and
- .data files.
- :param line_no: line number for error messages.
- :return Function information (id, args).
- """
- test_function_name = 'test_' + function_name
- if test_function_name not in func_info:
- raise GeneratorInputError("%d: Function %s not found!" %
- (line_no, test_function_name))
- return func_info[test_function_name]
-
-
-def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
- """
- This function reads test case name, dependencies and test vectors
- from the .data file. This information is correlated with the test
- functions file for generating an intermediate data file replacing
- the strings for test function names, dependencies and integer
- constant expressions with identifiers. Mainly for optimising
- space for on-target execution.
- It also generates test case dependency check code and expression
- evaluation code.
-
- :param data_f: Data file object
- :param out_data_f: Output intermediate data file
- :param func_info: Dict keyed by function and with function id
- and arguments info
- :param suite_dependencies: Test suite dependencies
- :return: Returns dependency and expression check code
- """
- unique_dependencies = []
- unique_expressions = []
- dep_check_code = ''
- expression_code = ''
- for line_no, test_name, function_name, test_dependencies, test_args in \
- parse_test_data(data_f):
- out_data_f.write(test_name + '\n')
-
- # Write dependencies
- dep_check_code += write_dependencies(out_data_f, test_dependencies,
- unique_dependencies)
-
- # Write test function name
- func_id, func_args = \
- get_function_info(func_info, function_name, line_no)
- out_data_f.write(str(func_id))
-
- # Write parameters
- if len(test_args) != len(func_args):
- raise GeneratorInputError("%d: Invalid number of arguments in test "
- "%s. See function %s signature." %
- (line_no, test_name, function_name))
- expression_code += write_parameters(out_data_f, test_args, func_args,
- unique_expressions)
-
- # Write a newline as test case separator
- out_data_f.write('\n')
-
- dep_check_code, expression_code = gen_suite_dep_checks(
- suite_dependencies, dep_check_code, expression_code)
- return dep_check_code, expression_code
-
-
-def add_input_info(funcs_file, data_file, template_file,
- c_file, snippets):
- """
- Add generator input info in snippets.
-
- :param funcs_file: Functions file object
- :param data_file: Data file object
- :param template_file: Template file object
- :param c_file: Output C file object
- :param snippets: Dictionary to contain code pieces to be
- substituted in the template.
- :return:
- """
- snippets['test_file'] = c_file
- snippets['test_main_file'] = template_file
- snippets['test_case_file'] = funcs_file
- snippets['test_case_data_file'] = data_file
-
-
-def read_code_from_input_files(platform_file, helpers_file,
- out_data_file, snippets):
- """
- Read code from input files and create substitutions for replacement
- strings in the template file.
-
- :param platform_file: Platform file object
- :param helpers_file: Helper functions file object
- :param out_data_file: Output intermediate data file object
- :param snippets: Dictionary to contain code pieces to be
- substituted in the template.
- :return:
- """
- # Read helpers
- with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \
- platform_f:
- snippets['test_common_helper_file'] = helpers_file
- snippets['test_common_helpers'] = help_f.read()
- snippets['test_platform_file'] = platform_file
- snippets['platform_code'] = platform_f.read().replace(
- 'DATA_FILE', out_data_file.replace('\\', '\\\\')) # escape '\'
-
-
-def write_test_source_file(template_file, c_file, snippets):
- """
- Write output source file with generated source code.
-
- :param template_file: Template file name
- :param c_file: Output source file
- :param snippets: Generated and code snippets
- :return:
- """
-
- # Create a placeholder pattern with the correct named capture groups
- # to override the default provided with Template.
- # Match nothing (no way of escaping placeholders).
- escaped = "(?P<escaped>(?!))"
- # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
- named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
- # Match nothing (no braced placeholder syntax).
- braced = "(?P<braced>(?!))"
- # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
- invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
- placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
-
- with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
- for line_no, line in enumerate(template_f.readlines(), 1):
- # Update line number. +1 as #line directive sets next line number
- snippets['line_no'] = line_no + 1
- template = string.Template(line)
- template.pattern = placeholder_pattern
- snippets = {k.upper():v for (k, v) in snippets.items()}
- code = template.substitute(**snippets)
- c_f.write(code)
-
-
-def parse_function_file(funcs_file, snippets):
- """
- Parse function file and generate function dispatch code.
-
- :param funcs_file: Functions file name
- :param snippets: Dictionary to contain code pieces to be
- substituted in the template.
- :return:
- """
- with FileWrapper(funcs_file) as funcs_f:
- suite_dependencies, dispatch_code, func_code, func_info = \
- parse_functions(funcs_f)
- snippets['functions_code'] = func_code
- snippets['dispatch_code'] = dispatch_code
- return suite_dependencies, func_info
-
-
-def generate_intermediate_data_file(data_file, out_data_file,
- suite_dependencies, func_info, snippets):
- """
- Generates intermediate data file from input data file and
- information read from functions file.
-
- :param data_file: Data file name
- :param out_data_file: Output/Intermediate data file
- :param suite_dependencies: List of suite dependencies.
- :param func_info: Function info parsed from functions file.
- :param snippets: Dictionary to contain code pieces to be
- substituted in the template.
- :return:
- """
- with FileWrapper(data_file) as data_f, \
- open(out_data_file, 'w') as out_data_f:
- dep_check_code, expression_code = gen_from_test_data(
- data_f, out_data_f, func_info, suite_dependencies)
- snippets['dep_check_code'] = dep_check_code
- snippets['expression_code'] = expression_code
-
-
-def generate_code(**input_info):
- """
- Generates C source code from test suite file, data file, common
- helpers file and platform file.
-
- input_info expands to following parameters:
- funcs_file: Functions file object
- data_file: Data file object
- template_file: Template file object
- platform_file: Platform file object
- helpers_file: Helper functions file object
- suites_dir: Test suites dir
- c_file: Output C file object
- out_data_file: Output intermediate data file object
- :return:
- """
- funcs_file = input_info['funcs_file']
- data_file = input_info['data_file']
- template_file = input_info['template_file']
- platform_file = input_info['platform_file']
- helpers_file = input_info['helpers_file']
- suites_dir = input_info['suites_dir']
- c_file = input_info['c_file']
- out_data_file = input_info['out_data_file']
- for name, path in [('Functions file', funcs_file),
- ('Data file', data_file),
- ('Template file', template_file),
- ('Platform file', platform_file),
- ('Helpers code file', helpers_file),
- ('Suites dir', suites_dir)]:
- if not os.path.exists(path):
- raise IOError("ERROR: %s [%s] not found!" % (name, path))
-
- snippets = {'generator_script': os.path.basename(__file__)}
- read_code_from_input_files(platform_file, helpers_file,
- out_data_file, snippets)
- add_input_info(funcs_file, data_file, template_file,
- c_file, snippets)
- suite_dependencies, func_info = parse_function_file(funcs_file, snippets)
- generate_intermediate_data_file(data_file, out_data_file,
- suite_dependencies, func_info, snippets)
- write_test_source_file(template_file, c_file, snippets)
-
-
-def main():
- """
- Command line parser.
-
- :return:
- """
- parser = argparse.ArgumentParser(
- description='Dynamically generate test suite code.')
-
- parser.add_argument("-f", "--functions-file",
- dest="funcs_file",
- help="Functions file",
- metavar="FUNCTIONS_FILE",
- required=True)
-
- parser.add_argument("-d", "--data-file",
- dest="data_file",
- help="Data file",
- metavar="DATA_FILE",
- required=True)
-
- parser.add_argument("-t", "--template-file",
- dest="template_file",
- help="Template file",
- metavar="TEMPLATE_FILE",
- required=True)
-
- parser.add_argument("-s", "--suites-dir",
- dest="suites_dir",
- help="Suites dir",
- metavar="SUITES_DIR",
- required=True)
-
- parser.add_argument("--helpers-file",
- dest="helpers_file",
- help="Helpers file",
- metavar="HELPERS_FILE",
- required=True)
-
- parser.add_argument("-p", "--platform-file",
- dest="platform_file",
- help="Platform code file",
- metavar="PLATFORM_FILE",
- required=True)
-
- parser.add_argument("-o", "--out-dir",
- dest="out_dir",
- help="Dir where generated code and scripts are copied",
- metavar="OUT_DIR",
- required=True)
-
- args = parser.parse_args()
-
- data_file_name = os.path.basename(args.data_file)
- data_name = os.path.splitext(data_file_name)[0]
-
- out_c_file = os.path.join(args.out_dir, data_name + '.c')
- out_data_file = os.path.join(args.out_dir, data_name + '.datax')
-
- out_c_file_dir = os.path.dirname(out_c_file)
- out_data_file_dir = os.path.dirname(out_data_file)
- for directory in [out_c_file_dir, out_data_file_dir]:
- if not os.path.exists(directory):
- os.makedirs(directory)
-
- generate_code(funcs_file=args.funcs_file, data_file=args.data_file,
- template_file=args.template_file,
- platform_file=args.platform_file,
- helpers_file=args.helpers_file, suites_dir=args.suites_dir,
- c_file=out_c_file, out_data_file=out_data_file)
-
-
-if __name__ == "__main__":
- try:
- main()
- except GeneratorInputError as err:
- sys.exit("%s: input error: %s" %
- (os.path.basename(sys.argv[0]), str(err)))
diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py
index 5d83f29..ce2afcf 100644
--- a/tests/scripts/scripts_path.py
+++ b/tests/scripts/scripts_path.py
@@ -15,3 +15,6 @@
sys.path.append(os.path.join(os.path.dirname(__file__),
os.path.pardir, os.path.pardir,
'scripts'))
+sys.path.append(os.path.join(os.path.dirname(__file__),
+ os.path.pardir, os.path.pardir,
+ 'framework', 'scripts'))
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index 055023a..9198293 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -17,32 +17,24 @@
my %configs = (
'config-ccm-psk-tls1_2.h' => {
- 'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
- 'test_again_with_use_psa' => 1
+ 'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
},
'config-ccm-psk-dtls1_2.h' => {
- 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
+ 'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
'opt' => ' ',
'opt_needs_debug' => 1,
- 'test_again_with_use_psa' => 1
- },
- 'config-no-entropy.h' => {
},
'config-suite-b.h' => {
- 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
- 'test_again_with_use_psa' => 1,
+ 'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS",
'opt' => ' ',
'opt_needs_debug' => 1,
},
'config-symmetric-only.h' => {
- 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
},
'config-tfm.h' => {
- 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice
},
'config-thread.h' => {
'opt' => '-f ECJPAKE.*nolog',
- 'test_again_with_use_psa' => 1,
},
);
@@ -148,7 +140,10 @@
}
foreach my $conf ( @configs_to_test ) {
- my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'};
+ system("grep '//#define MBEDTLS_USE_PSA_CRYPTO' configs/$conf > /dev/null");
+ die "grep ... configs/$conf: $!" if $? != 0 && $? != 0x100;
+ my $test_with_psa = $? == 0;
+
if ( $test_with_psa )
{
perform_test( $conf, $configs{$conf}, $test_with_psa );
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
deleted file mode 100755
index abc46a7..0000000
--- a/tests/scripts/test_generate_test_code.py
+++ /dev/null
@@ -1,1915 +0,0 @@
-#!/usr/bin/env python3
-# Unit test for generate_test_code.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Unit tests for generate_test_code.py
-"""
-
-from io import StringIO
-from unittest import TestCase, main as unittest_main
-from unittest.mock import patch
-
-from generate_test_code import gen_dependencies, gen_dependencies_one_line
-from generate_test_code import gen_function_wrapper, gen_dispatch
-from generate_test_code import parse_until_pattern, GeneratorInputError
-from generate_test_code import parse_suite_dependencies
-from generate_test_code import parse_function_dependencies
-from generate_test_code import parse_function_arguments, parse_function_code
-from generate_test_code import parse_functions, END_HEADER_REGEX
-from generate_test_code import END_SUITE_HELPERS_REGEX, escaped_split
-from generate_test_code import parse_test_data, gen_dep_check
-from generate_test_code import gen_expression_check, write_dependencies
-from generate_test_code import write_parameters, gen_suite_dep_checks
-from generate_test_code import gen_from_test_data
-
-
-class GenDep(TestCase):
- """
- Test suite for function gen_dep()
- """
-
- def test_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['DEP1', 'DEP2']
- dep_start, dep_end = gen_dependencies(dependencies)
- preprocessor1, preprocessor2 = dep_start.splitlines()
- endif1, endif2 = dep_end.splitlines()
- self.assertEqual(preprocessor1, '#if defined(DEP1)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(preprocessor2, '#if defined(DEP2)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif1, '#endif /* DEP2 */',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif2, '#endif /* DEP1 */',
- 'Preprocessor generated incorrectly')
-
- def test_disabled_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['!DEP1', '!DEP2']
- dep_start, dep_end = gen_dependencies(dependencies)
- preprocessor1, preprocessor2 = dep_start.splitlines()
- endif1, endif2 = dep_end.splitlines()
- self.assertEqual(preprocessor1, '#if !defined(DEP1)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(preprocessor2, '#if !defined(DEP2)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif1, '#endif /* !DEP2 */',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif2, '#endif /* !DEP1 */',
- 'Preprocessor generated incorrectly')
-
- def test_mixed_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['!DEP1', 'DEP2']
- dep_start, dep_end = gen_dependencies(dependencies)
- preprocessor1, preprocessor2 = dep_start.splitlines()
- endif1, endif2 = dep_end.splitlines()
- self.assertEqual(preprocessor1, '#if !defined(DEP1)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(preprocessor2, '#if defined(DEP2)',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif1, '#endif /* DEP2 */',
- 'Preprocessor generated incorrectly')
- self.assertEqual(endif2, '#endif /* !DEP1 */',
- 'Preprocessor generated incorrectly')
-
- def test_empty_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = []
- dep_start, dep_end = gen_dependencies(dependencies)
- self.assertEqual(dep_start, '', 'Preprocessor generated incorrectly')
- self.assertEqual(dep_end, '', 'Preprocessor generated incorrectly')
-
- def test_large_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = []
- count = 10
- for i in range(count):
- dependencies.append('DEP%d' % i)
- dep_start, dep_end = gen_dependencies(dependencies)
- self.assertEqual(len(dep_start.splitlines()), count,
- 'Preprocessor generated incorrectly')
- self.assertEqual(len(dep_end.splitlines()), count,
- 'Preprocessor generated incorrectly')
-
-
-class GenDepOneLine(TestCase):
- """
- Test Suite for testing gen_dependencies_one_line()
- """
-
- def test_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['DEP1', 'DEP2']
- dep_str = gen_dependencies_one_line(dependencies)
- self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)',
- 'Preprocessor generated incorrectly')
-
- def test_disabled_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['!DEP1', '!DEP2']
- dep_str = gen_dependencies_one_line(dependencies)
- self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)',
- 'Preprocessor generated incorrectly')
-
- def test_mixed_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = ['!DEP1', 'DEP2']
- dep_str = gen_dependencies_one_line(dependencies)
- self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)',
- 'Preprocessor generated incorrectly')
-
- def test_empty_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = []
- dep_str = gen_dependencies_one_line(dependencies)
- self.assertEqual(dep_str, '', 'Preprocessor generated incorrectly')
-
- def test_large_dependencies_list(self):
- """
- Test that gen_dep() correctly creates dependencies for given
- dependency list.
- :return:
- """
- dependencies = []
- count = 10
- for i in range(count):
- dependencies.append('DEP%d' % i)
- dep_str = gen_dependencies_one_line(dependencies)
- expected = '#if ' + ' && '.join(['defined(%s)' %
- x for x in dependencies])
- self.assertEqual(dep_str, expected,
- 'Preprocessor generated incorrectly')
-
-
-class GenFunctionWrapper(TestCase):
- """
- Test Suite for testing gen_function_wrapper()
- """
-
- def test_params_unpack(self):
- """
- Test that params are properly unpacked in the function call.
-
- :return:
- """
- code = gen_function_wrapper('test_a', '', ('a', 'b', 'c', 'd'))
- expected = '''
-void test_a_wrapper( void ** params )
-{
-
- test_a( a, b, c, d );
-}
-'''
- self.assertEqual(code, expected)
-
- def test_local(self):
- """
- Test that params are properly unpacked in the function call.
-
- :return:
- """
- code = gen_function_wrapper('test_a',
- 'int x = 1;', ('x', 'b', 'c', 'd'))
- expected = '''
-void test_a_wrapper( void ** params )
-{
-int x = 1;
- test_a( x, b, c, d );
-}
-'''
- self.assertEqual(code, expected)
-
- def test_empty_params(self):
- """
- Test that params are properly unpacked in the function call.
-
- :return:
- """
- code = gen_function_wrapper('test_a', '', ())
- expected = '''
-void test_a_wrapper( void ** params )
-{
- (void)params;
-
- test_a( );
-}
-'''
- self.assertEqual(code, expected)
-
-
-class GenDispatch(TestCase):
- """
- Test suite for testing gen_dispatch()
- """
-
- def test_dispatch(self):
- """
- Test that dispatch table entry is generated correctly.
- :return:
- """
- code = gen_dispatch('test_a', ['DEP1', 'DEP2'])
- expected = '''
-#if defined(DEP1) && defined(DEP2)
- test_a_wrapper,
-#else
- NULL,
-#endif
-'''
- self.assertEqual(code, expected)
-
- def test_empty_dependencies(self):
- """
- Test empty dependency list.
- :return:
- """
- code = gen_dispatch('test_a', [])
- expected = '''
- test_a_wrapper,
-'''
- self.assertEqual(code, expected)
-
-
-class StringIOWrapper(StringIO):
- """
- file like class to mock file object in tests.
- """
- def __init__(self, file_name, data, line_no=0):
- """
- Init file handle.
-
- :param file_name:
- :param data:
- :param line_no:
- """
- super(StringIOWrapper, self).__init__(data)
- self.line_no = line_no
- self.name = file_name
-
- def next(self):
- """
- Iterator method. This method overrides base class's
- next method and extends the next method to count the line
- numbers as each line is read.
-
- :return: Line read from file.
- """
- parent = super(StringIOWrapper, self)
- line = parent.__next__()
- return line
-
- def readline(self, _length=0):
- """
- Wrap the base class readline.
-
- :param length:
- :return:
- """
- line = super(StringIOWrapper, self).readline()
- if line is not None:
- self.line_no += 1
- return line
-
-
-class ParseUntilPattern(TestCase):
- """
- Test Suite for testing parse_until_pattern().
- """
-
- def test_suite_headers(self):
- """
- Test that suite headers are parsed correctly.
-
- :return:
- """
- data = '''#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-/* END_HEADER */
-'''
- expected = '''#line 1 "test_suite_ut.function"
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-'''
- stream = StringIOWrapper('test_suite_ut.function', data, line_no=0)
- headers = parse_until_pattern(stream, END_HEADER_REGEX)
- self.assertEqual(headers, expected)
-
- def test_line_no(self):
- """
- Test that #line is set to correct line no. in source .function file.
-
- :return:
- """
- data = '''#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-/* END_HEADER */
-'''
- offset_line_no = 5
- expected = '''#line %d "test_suite_ut.function"
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-''' % (offset_line_no + 1)
- stream = StringIOWrapper('test_suite_ut.function', data,
- offset_line_no)
- headers = parse_until_pattern(stream, END_HEADER_REGEX)
- self.assertEqual(headers, expected)
-
- def test_no_end_header_comment(self):
- """
- Test that InvalidFileFormat is raised when end header comment is
- missing.
- :return:
- """
- data = '''#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(GeneratorInputError, parse_until_pattern, stream,
- END_HEADER_REGEX)
-
-
-class ParseSuiteDependencies(TestCase):
- """
- Test Suite for testing parse_suite_dependencies().
- """
-
- def test_suite_dependencies(self):
- """
-
- :return:
- """
- data = '''
- * depends_on:MBEDTLS_ECP_C
- * END_DEPENDENCIES
- */
-'''
- expected = ['MBEDTLS_ECP_C']
- stream = StringIOWrapper('test_suite_ut.function', data)
- dependencies = parse_suite_dependencies(stream)
- self.assertEqual(dependencies, expected)
-
- def test_no_end_dep_comment(self):
- """
- Test that InvalidFileFormat is raised when end dep comment is missing.
- :return:
- """
- data = '''
-* depends_on:MBEDTLS_ECP_C
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(GeneratorInputError, parse_suite_dependencies,
- stream)
-
- def test_dependencies_split(self):
- """
- Test that InvalidFileFormat is raised when end dep comment is missing.
- :return:
- """
- data = '''
- * depends_on:MBEDTLS_ECP_C:A:B: C : D :F : G: !H
- * END_DEPENDENCIES
- */
-'''
- expected = ['MBEDTLS_ECP_C', 'A', 'B', 'C', 'D', 'F', 'G', '!H']
- stream = StringIOWrapper('test_suite_ut.function', data)
- dependencies = parse_suite_dependencies(stream)
- self.assertEqual(dependencies, expected)
-
-
-class ParseFuncDependencies(TestCase):
- """
- Test Suite for testing parse_function_dependencies()
- """
-
- def test_function_dependencies(self):
- """
- Test that parse_function_dependencies() correctly parses function
- dependencies.
- :return:
- """
- line = '/* BEGIN_CASE ' \
- 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */'
- expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO']
- dependencies = parse_function_dependencies(line)
- self.assertEqual(dependencies, expected)
-
- def test_no_dependencies(self):
- """
- Test that parse_function_dependencies() correctly parses function
- dependencies.
- :return:
- """
- line = '/* BEGIN_CASE */'
- dependencies = parse_function_dependencies(line)
- self.assertEqual(dependencies, [])
-
- def test_tolerance(self):
- """
- Test that parse_function_dependencies() correctly parses function
- dependencies.
- :return:
- """
- line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/'
- dependencies = parse_function_dependencies(line)
- self.assertEqual(dependencies, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F'])
-
-
-class ParseFuncSignature(TestCase):
- """
- Test Suite for parse_function_arguments().
- """
-
- def test_int_and_char_params(self):
- """
- Test int and char parameters parsing
- :return:
- """
- line = 'void entropy_threshold( char * a, int b, int result )'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, ['char*', 'int', 'int'])
- self.assertEqual(local, '')
- self.assertEqual(arg_dispatch,
- ['(char *) params[0]',
- '((mbedtls_test_argument_t *) params[1])->sint',
- '((mbedtls_test_argument_t *) params[2])->sint'])
-
- def test_hex_params(self):
- """
- Test hex parameters parsing
- :return:
- """
- line = 'void entropy_threshold( char * a, data_t * h, int result )'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, ['char*', 'hex', 'int'])
- self.assertEqual(local,
- ' data_t data1 = {(uint8_t *) params[1], '
- '((mbedtls_test_argument_t *) params[2])->len};\n')
- self.assertEqual(arg_dispatch, ['(char *) params[0]',
- '&data1',
- '((mbedtls_test_argument_t *) params[3])->sint'])
-
- def test_unsupported_arg(self):
- """
- Test unsupported argument type
- :return:
- """
- line = 'void entropy_threshold( char * a, data_t * h, unknown_t result )'
- self.assertRaises(ValueError, parse_function_arguments, line)
-
- def test_empty_params(self):
- """
- Test no parameters (nothing between parentheses).
- :return:
- """
- line = 'void entropy_threshold()'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, [])
- self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, [])
-
- def test_blank_params(self):
- """
- Test no parameters (space between parentheses).
- :return:
- """
- line = 'void entropy_threshold( )'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, [])
- self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, [])
-
- def test_void_params(self):
- """
- Test no parameters (void keyword).
- :return:
- """
- line = 'void entropy_threshold(void)'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, [])
- self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, [])
-
- def test_void_space_params(self):
- """
- Test no parameters (void with spaces).
- :return:
- """
- line = 'void entropy_threshold( void )'
- args, local, arg_dispatch = parse_function_arguments(line)
- self.assertEqual(args, [])
- self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, [])
-
-
-class ParseFunctionCode(TestCase):
- """
- Test suite for testing parse_function_code()
- """
-
- def test_no_function(self):
- """
- Test no test function found.
- :return:
- """
- data = '''
-No
-test
-function
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- err_msg = 'file: test_suite_ut.function - Test functions not found!'
- self.assertRaisesRegex(GeneratorInputError, err_msg,
- parse_function_code, stream, [], [])
-
- def test_no_end_case_comment(self):
- """
- Test missing end case.
- :return:
- """
- data = '''
-void test_func()
-{
-}
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- err_msg = r'file: test_suite_ut.function - '\
- 'end case pattern .*? not found!'
- self.assertRaisesRegex(GeneratorInputError, err_msg,
- parse_function_code, stream, [], [])
-
- @patch("generate_test_code.parse_function_arguments")
- def test_function_called(self,
- parse_function_arguments_mock):
- """
- Test parse_function_code()
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- data = '''
-void test_func()
-{
-}
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(GeneratorInputError, parse_function_code,
- stream, [], [])
- self.assertTrue(parse_function_arguments_mock.called)
- parse_function_arguments_mock.assert_called_with('void test_func()\n')
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_return(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test generated code.
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-void func()
-{
- ba ba black sheep
- have you any wool
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- name, arg, code, dispatch_code = parse_function_code(stream, [], [])
-
- self.assertTrue(parse_function_arguments_mock.called)
- parse_function_arguments_mock.assert_called_with('void func()\n')
- gen_function_wrapper_mock.assert_called_with('test_func', '', [])
- self.assertEqual(name, 'test_func')
- self.assertEqual(arg, [])
- expected = '''#line 1 "test_suite_ut.function"
-
-void test_func(void)
-{
- ba ba black sheep
- have you any wool
-exit:
- ;
-}
-'''
- self.assertEqual(code, expected)
- self.assertEqual(dispatch_code, "\n test_func_wrapper,\n")
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_with_exit_label(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test when exit label is present.
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-void func()
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-void test_func(void)
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
- def test_non_void_function(self):
- """
- Test invalid signature (non void).
- :return:
- """
- data = 'int entropy_threshold( char * a, data_t * h, int result )'
- err_msg = 'file: test_suite_ut.function - Test functions not found!'
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaisesRegex(GeneratorInputError, err_msg,
- parse_function_code, stream, [], [])
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_function_name_on_newline(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test with line break before the function name.
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-void
-
-
-func()
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-void
-
-
-test_func(void)
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_case_starting_with_comment(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test with comments before the function signature
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''/* comment */
-/* more
- * comment */
-// this is\\
-still \\
-a comment
-void func()
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-
-
-
-
-
-void test_func(void)
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_comment_in_prototype(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test with comments in the function prototype
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-void func( int x, // (line \\
- comment)
- int y /* lone closing parenthesis) */ )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-void test_func( int x,
-
- int y )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_line_comment_in_block_comment(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test with line comment in block comment.
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-void func( int x /* // */ )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-void test_func( int x )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
- @patch("generate_test_code.gen_dispatch")
- @patch("generate_test_code.gen_dependencies")
- @patch("generate_test_code.gen_function_wrapper")
- @patch("generate_test_code.parse_function_arguments")
- def test_block_comment_in_line_comment(self, parse_function_arguments_mock,
- gen_function_wrapper_mock,
- gen_dependencies_mock,
- gen_dispatch_mock):
- """
- Test with block comment in line comment.
- :return:
- """
- parse_function_arguments_mock.return_value = ([], '', [])
- gen_function_wrapper_mock.return_value = ''
- gen_dependencies_mock.side_effect = gen_dependencies
- gen_dispatch_mock.side_effect = gen_dispatch
- data = '''
-// /*
-void func( int x )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- _, _, code, _ = parse_function_code(stream, [], [])
-
- expected = '''#line 1 "test_suite_ut.function"
-
-
-void test_func( int x )
-{
- ba ba black sheep
- have you any wool
-exit:
- yes sir yes sir
- 3 bags full
-}
-'''
- self.assertEqual(code, expected)
-
-
-class ParseFunction(TestCase):
- """
- Test Suite for testing parse_functions()
- """
-
- @patch("generate_test_code.parse_until_pattern")
- def test_begin_header(self, parse_until_pattern_mock):
- """
- Test that begin header is checked and parse_until_pattern() is called.
- :return:
- """
- def stop(*_unused):
- """Stop when parse_until_pattern is called."""
- raise Exception
- parse_until_pattern_mock.side_effect = stop
- data = '''/* BEGIN_HEADER */
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-/* END_HEADER */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(Exception, parse_functions, stream)
- parse_until_pattern_mock.assert_called_with(stream, END_HEADER_REGEX)
- self.assertEqual(stream.line_no, 1)
-
- @patch("generate_test_code.parse_until_pattern")
- def test_begin_helper(self, parse_until_pattern_mock):
- """
- Test that begin helper is checked and parse_until_pattern() is called.
- :return:
- """
- def stop(*_unused):
- """Stop when parse_until_pattern is called."""
- raise Exception
- parse_until_pattern_mock.side_effect = stop
- data = '''/* BEGIN_SUITE_HELPERS */
-void print_hello_world()
-{
- printf("Hello World!\n");
-}
-/* END_SUITE_HELPERS */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(Exception, parse_functions, stream)
- parse_until_pattern_mock.assert_called_with(stream,
- END_SUITE_HELPERS_REGEX)
- self.assertEqual(stream.line_no, 1)
-
- @patch("generate_test_code.parse_suite_dependencies")
- def test_begin_dep(self, parse_suite_dependencies_mock):
- """
- Test that begin dep is checked and parse_suite_dependencies() is
- called.
- :return:
- """
- def stop(*_unused):
- """Stop when parse_until_pattern is called."""
- raise Exception
- parse_suite_dependencies_mock.side_effect = stop
- data = '''/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ECP_C
- * END_DEPENDENCIES
- */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(Exception, parse_functions, stream)
- parse_suite_dependencies_mock.assert_called_with(stream)
- self.assertEqual(stream.line_no, 1)
-
- @patch("generate_test_code.parse_function_dependencies")
- def test_begin_function_dep(self, func_mock):
- """
- Test that begin dep is checked and parse_function_dependencies() is
- called.
- :return:
- """
- def stop(*_unused):
- """Stop when parse_until_pattern is called."""
- raise Exception
- func_mock.side_effect = stop
-
- dependencies_str = '/* BEGIN_CASE ' \
- 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
- data = '''%svoid test_func()
-{
-}
-''' % dependencies_str
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(Exception, parse_functions, stream)
- func_mock.assert_called_with(dependencies_str)
- self.assertEqual(stream.line_no, 1)
-
- @patch("generate_test_code.parse_function_code")
- @patch("generate_test_code.parse_function_dependencies")
- def test_return(self, func_mock1, func_mock2):
- """
- Test that begin case is checked and parse_function_code() is called.
- :return:
- """
- func_mock1.return_value = []
- in_func_code = '''void test_func()
-{
-}
-'''
- func_dispatch = '''
- test_func_wrapper,
-'''
- func_mock2.return_value = 'test_func', [],\
- in_func_code, func_dispatch
- dependencies_str = '/* BEGIN_CASE ' \
- 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n'
- data = '''%svoid test_func()
-{
-}
-''' % dependencies_str
- stream = StringIOWrapper('test_suite_ut.function', data)
- suite_dependencies, dispatch_code, func_code, func_info = \
- parse_functions(stream)
- func_mock1.assert_called_with(dependencies_str)
- func_mock2.assert_called_with(stream, [], [])
- self.assertEqual(stream.line_no, 5)
- self.assertEqual(suite_dependencies, [])
- expected_dispatch_code = '''/* Function Id: 0 */
-
- test_func_wrapper,
-'''
- self.assertEqual(dispatch_code, expected_dispatch_code)
- self.assertEqual(func_code, in_func_code)
- self.assertEqual(func_info, {'test_func': (0, [])})
-
- def test_parsing(self):
- """
- Test case parsing.
- :return:
- """
- data = '''/* BEGIN_HEADER */
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ECP_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void func1()
-{
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void func2()
-{
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- suite_dependencies, dispatch_code, func_code, func_info = \
- parse_functions(stream)
- self.assertEqual(stream.line_no, 23)
- self.assertEqual(suite_dependencies, ['MBEDTLS_ECP_C'])
-
- expected_dispatch_code = '''/* Function Id: 0 */
-
-#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
- test_func1_wrapper,
-#else
- NULL,
-#endif
-/* Function Id: 1 */
-
-#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO)
- test_func2_wrapper,
-#else
- NULL,
-#endif
-'''
- self.assertEqual(dispatch_code, expected_dispatch_code)
- expected_func_code = '''#if defined(MBEDTLS_ECP_C)
-#line 2 "test_suite_ut.function"
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if defined(MBEDTLS_FS_IO)
-#line 13 "test_suite_ut.function"
-void test_func1(void)
-{
-exit:
- ;
-}
-
-void test_func1_wrapper( void ** params )
-{
- (void)params;
-
- test_func1( );
-}
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-#if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if defined(MBEDTLS_FS_IO)
-#line 19 "test_suite_ut.function"
-void test_func2(void)
-{
-exit:
- ;
-}
-
-void test_func2_wrapper( void ** params )
-{
- (void)params;
-
- test_func2( );
-}
-#endif /* MBEDTLS_FS_IO */
-#endif /* MBEDTLS_ENTROPY_NV_SEED */
-#endif /* MBEDTLS_ECP_C */
-'''
- self.assertEqual(func_code, expected_func_code)
- self.assertEqual(func_info, {'test_func1': (0, []),
- 'test_func2': (1, [])})
-
- def test_same_function_name(self):
- """
- Test name conflict.
- :return:
- """
- data = '''/* BEGIN_HEADER */
-#include "mbedtls/ecp.h"
-
-#define ECP_PF_UNKNOWN -1
-/* END_HEADER */
-
-/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ECP_C
- * END_DEPENDENCIES
- */
-
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void func()
-{
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
-void func()
-{
-}
-/* END_CASE */
-'''
- stream = StringIOWrapper('test_suite_ut.function', data)
- self.assertRaises(GeneratorInputError, parse_functions, stream)
-
-
-class EscapedSplit(TestCase):
- """
- Test suite for testing escaped_split().
- Note: Since escaped_split() output is used to write back to the
- intermediate data file. Any escape characters in the input are
- retained in the output.
- """
-
- def test_invalid_input(self):
- """
- Test when input split character is not a character.
- :return:
- """
- self.assertRaises(ValueError, escaped_split, '', 'string')
-
- def test_empty_string(self):
- """
- Test empty string input.
- :return:
- """
- splits = escaped_split('', ':')
- self.assertEqual(splits, [])
-
- def test_no_escape(self):
- """
- Test with no escape character. The behaviour should be same as
- str.split()
- :return:
- """
- test_str = 'yahoo:google'
- splits = escaped_split(test_str, ':')
- self.assertEqual(splits, test_str.split(':'))
-
- def test_escaped_input(self):
- """
- Test input that has escaped delimiter.
- :return:
- """
- test_str = r'yahoo\:google:facebook'
- splits = escaped_split(test_str, ':')
- self.assertEqual(splits, [r'yahoo\:google', 'facebook'])
-
- def test_escaped_escape(self):
- """
- Test input that has escaped delimiter.
- :return:
- """
- test_str = r'yahoo\\:google:facebook'
- splits = escaped_split(test_str, ':')
- self.assertEqual(splits, [r'yahoo\\', 'google', 'facebook'])
-
- def test_all_at_once(self):
- """
- Test input that has escaped delimiter.
- :return:
- """
- test_str = r'yahoo\\:google:facebook\:instagram\\:bbc\\:wikipedia'
- splits = escaped_split(test_str, ':')
- self.assertEqual(splits, [r'yahoo\\', r'google',
- r'facebook\:instagram\\',
- r'bbc\\', r'wikipedia'])
-
-
-class ParseTestData(TestCase):
- """
- Test suite for parse test data.
- """
-
- def test_parser(self):
- """
- Test that tests are parsed correctly from data file.
- :return:
- """
- data = """
-Diffie-Hellman full exchange #1
-dhm_do_dhm:10:"23":10:"5"
-
-Diffie-Hellman full exchange #2
-dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
-
-Diffie-Hellman full exchange #3
-dhm_do_dhm:10:"9345098382739712938719287391879381271":10:"9345098792137312973297123912791271"
-
-Diffie-Hellman selftest
-dhm_selftest:
-"""
- stream = StringIOWrapper('test_suite_ut.function', data)
- # List of (name, function_name, dependencies, args)
- tests = list(parse_test_data(stream))
- test1, test2, test3, test4 = tests
- self.assertEqual(test1[0], 3)
- self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[2], 'dhm_do_dhm')
- self.assertEqual(test1[3], [])
- self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
-
- self.assertEqual(test2[0], 6)
- self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[2], 'dhm_do_dhm')
- self.assertEqual(test2[3], [])
- self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
- '10', '"9345098304850938450983409622"'])
-
- self.assertEqual(test3[0], 9)
- self.assertEqual(test3[1], 'Diffie-Hellman full exchange #3')
- self.assertEqual(test3[2], 'dhm_do_dhm')
- self.assertEqual(test3[3], [])
- self.assertEqual(test3[4], ['10',
- '"9345098382739712938719287391879381271"',
- '10',
- '"9345098792137312973297123912791271"'])
-
- self.assertEqual(test4[0], 12)
- self.assertEqual(test4[1], 'Diffie-Hellman selftest')
- self.assertEqual(test4[2], 'dhm_selftest')
- self.assertEqual(test4[3], [])
- self.assertEqual(test4[4], [])
-
- def test_with_dependencies(self):
- """
- Test that tests with dependencies are parsed.
- :return:
- """
- data = """
-Diffie-Hellman full exchange #1
-depends_on:YAHOO
-dhm_do_dhm:10:"23":10:"5"
-
-Diffie-Hellman full exchange #2
-dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
-
-"""
- stream = StringIOWrapper('test_suite_ut.function', data)
- # List of (name, function_name, dependencies, args)
- tests = list(parse_test_data(stream))
- test1, test2 = tests
- self.assertEqual(test1[0], 4)
- self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[2], 'dhm_do_dhm')
- self.assertEqual(test1[3], ['YAHOO'])
- self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
-
- self.assertEqual(test2[0], 7)
- self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[2], 'dhm_do_dhm')
- self.assertEqual(test2[3], [])
- self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
- '10', '"9345098304850938450983409622"'])
-
- def test_no_args(self):
- """
- Test GeneratorInputError is raised when test function name and
- args line is missing.
- :return:
- """
- data = """
-Diffie-Hellman full exchange #1
-depends_on:YAHOO
-
-
-Diffie-Hellman full exchange #2
-dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622"
-
-"""
- stream = StringIOWrapper('test_suite_ut.function', data)
- err = None
- try:
- for _, _, _, _, _ in parse_test_data(stream):
- pass
- except GeneratorInputError as err:
- self.assertEqual(type(err), GeneratorInputError)
-
- def test_incomplete_data(self):
- """
- Test GeneratorInputError is raised when test function name
- and args line is missing.
- :return:
- """
- data = """
-Diffie-Hellman full exchange #1
-depends_on:YAHOO
-"""
- stream = StringIOWrapper('test_suite_ut.function', data)
- err = None
- try:
- for _, _, _, _, _ in parse_test_data(stream):
- pass
- except GeneratorInputError as err:
- self.assertEqual(type(err), GeneratorInputError)
-
-
-class GenDepCheck(TestCase):
- """
- Test suite for gen_dep_check(). It is assumed this function is
- called with valid inputs.
- """
-
- def test_gen_dep_check(self):
- """
- Test that dependency check code generated correctly.
- :return:
- """
- expected = """
- case 5:
- {
-#if defined(YAHOO)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;"""
- out = gen_dep_check(5, 'YAHOO')
- self.assertEqual(out, expected)
-
- def test_not_defined_dependency(self):
- """
- Test dependency with !.
- :return:
- """
- expected = """
- case 5:
- {
-#if !defined(YAHOO)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;"""
- out = gen_dep_check(5, '!YAHOO')
- self.assertEqual(out, expected)
-
- def test_empty_dependency(self):
- """
- Test invalid dependency input.
- :return:
- """
- self.assertRaises(GeneratorInputError, gen_dep_check, 5, '!')
-
- def test_negative_dep_id(self):
- """
- Test invalid dependency input.
- :return:
- """
- self.assertRaises(GeneratorInputError, gen_dep_check, -1, 'YAHOO')
-
-
-class GenExpCheck(TestCase):
- """
- Test suite for gen_expression_check(). It is assumed this function
- is called with valid inputs.
- """
-
- def test_gen_exp_check(self):
- """
- Test that expression check code generated correctly.
- :return:
- """
- expected = """
- case 5:
- {
- *out_value = YAHOO;
- }
- break;"""
- out = gen_expression_check(5, 'YAHOO')
- self.assertEqual(out, expected)
-
- def test_invalid_expression(self):
- """
- Test invalid expression input.
- :return:
- """
- self.assertRaises(GeneratorInputError, gen_expression_check, 5, '')
-
- def test_negative_exp_id(self):
- """
- Test invalid expression id.
- :return:
- """
- self.assertRaises(GeneratorInputError, gen_expression_check,
- -1, 'YAHOO')
-
-
-class WriteDependencies(TestCase):
- """
- Test suite for testing write_dependencies.
- """
-
- def test_no_test_dependencies(self):
- """
- Test when test dependencies input is empty.
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_dependencies = []
- dep_check_code = write_dependencies(stream, [], unique_dependencies)
- self.assertEqual(dep_check_code, '')
- self.assertEqual(len(unique_dependencies), 0)
- self.assertEqual(stream.getvalue(), '')
-
- def test_unique_dep_ids(self):
- """
-
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_dependencies = []
- dep_check_code = write_dependencies(stream, ['DEP3', 'DEP2', 'DEP1'],
- unique_dependencies)
- expect_dep_check_code = '''
- case 0:
- {
-#if defined(DEP3)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;
- case 1:
- {
-#if defined(DEP2)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;
- case 2:
- {
-#if defined(DEP1)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;'''
- self.assertEqual(dep_check_code, expect_dep_check_code)
- self.assertEqual(len(unique_dependencies), 3)
- self.assertEqual(stream.getvalue(), 'depends_on:0:1:2\n')
-
- def test_dep_id_repeat(self):
- """
-
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_dependencies = []
- dep_check_code = ''
- dep_check_code += write_dependencies(stream, ['DEP3', 'DEP2'],
- unique_dependencies)
- dep_check_code += write_dependencies(stream, ['DEP2', 'DEP1'],
- unique_dependencies)
- dep_check_code += write_dependencies(stream, ['DEP1', 'DEP3'],
- unique_dependencies)
- expect_dep_check_code = '''
- case 0:
- {
-#if defined(DEP3)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;
- case 1:
- {
-#if defined(DEP2)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;
- case 2:
- {
-#if defined(DEP1)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;'''
- self.assertEqual(dep_check_code, expect_dep_check_code)
- self.assertEqual(len(unique_dependencies), 3)
- self.assertEqual(stream.getvalue(),
- 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n')
-
-
-class WriteParams(TestCase):
- """
- Test Suite for testing write_parameters().
- """
-
- def test_no_params(self):
- """
- Test with empty test_args
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_expressions = []
- expression_code = write_parameters(stream, [], [], unique_expressions)
- self.assertEqual(len(unique_expressions), 0)
- self.assertEqual(expression_code, '')
- self.assertEqual(stream.getvalue(), '\n')
-
- def test_no_exp_param(self):
- """
- Test when there is no macro or expression in the params.
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_expressions = []
- expression_code = write_parameters(stream, ['"Yahoo"', '"abcdef00"',
- '0'],
- ['char*', 'hex', 'int'],
- unique_expressions)
- self.assertEqual(len(unique_expressions), 0)
- self.assertEqual(expression_code, '')
- self.assertEqual(stream.getvalue(),
- ':char*:"Yahoo":hex:"abcdef00":int:0\n')
-
- def test_hex_format_int_param(self):
- """
- Test int parameter in hex format.
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_expressions = []
- expression_code = write_parameters(stream,
- ['"Yahoo"', '"abcdef00"', '0xAA'],
- ['char*', 'hex', 'int'],
- unique_expressions)
- self.assertEqual(len(unique_expressions), 0)
- self.assertEqual(expression_code, '')
- self.assertEqual(stream.getvalue(),
- ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n')
-
- def test_with_exp_param(self):
- """
- Test when there is macro or expression in the params.
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_expressions = []
- expression_code = write_parameters(stream,
- ['"Yahoo"', '"abcdef00"', '0',
- 'MACRO1', 'MACRO2', 'MACRO3'],
- ['char*', 'hex', 'int',
- 'int', 'int', 'int'],
- unique_expressions)
- self.assertEqual(len(unique_expressions), 3)
- self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
- expected_expression_code = '''
- case 0:
- {
- *out_value = MACRO1;
- }
- break;
- case 1:
- {
- *out_value = MACRO2;
- }
- break;
- case 2:
- {
- *out_value = MACRO3;
- }
- break;'''
- self.assertEqual(expression_code, expected_expression_code)
- self.assertEqual(stream.getvalue(),
- ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1'
- ':exp:2\n')
-
- def test_with_repeat_calls(self):
- """
- Test when write_parameter() is called with same macro or expression.
- :return:
- """
- stream = StringIOWrapper('test_suite_ut.data', '')
- unique_expressions = []
- expression_code = ''
- expression_code += write_parameters(stream,
- ['"Yahoo"', 'MACRO1', 'MACRO2'],
- ['char*', 'int', 'int'],
- unique_expressions)
- expression_code += write_parameters(stream,
- ['"abcdef00"', 'MACRO2', 'MACRO3'],
- ['hex', 'int', 'int'],
- unique_expressions)
- expression_code += write_parameters(stream,
- ['0', 'MACRO3', 'MACRO1'],
- ['int', 'int', 'int'],
- unique_expressions)
- self.assertEqual(len(unique_expressions), 3)
- self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3'])
- expected_expression_code = '''
- case 0:
- {
- *out_value = MACRO1;
- }
- break;
- case 1:
- {
- *out_value = MACRO2;
- }
- break;
- case 2:
- {
- *out_value = MACRO3;
- }
- break;'''
- self.assertEqual(expression_code, expected_expression_code)
- expected_data_file = ''':char*:"Yahoo":exp:0:exp:1
-:hex:"abcdef00":exp:1:exp:2
-:int:0:exp:2:exp:0
-'''
- self.assertEqual(stream.getvalue(), expected_data_file)
-
-
-class GenTestSuiteDependenciesChecks(TestCase):
- """
- Test suite for testing gen_suite_dep_checks()
- """
- def test_empty_suite_dependencies(self):
- """
- Test with empty suite_dependencies list.
-
- :return:
- """
- dep_check_code, expression_code = \
- gen_suite_dep_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE')
- self.assertEqual(dep_check_code, 'DEP_CHECK_CODE')
- self.assertEqual(expression_code, 'EXPRESSION_CODE')
-
- def test_suite_dependencies(self):
- """
- Test with suite_dependencies list.
-
- :return:
- """
- dep_check_code, expression_code = \
- gen_suite_dep_checks(['SUITE_DEP'], 'DEP_CHECK_CODE',
- 'EXPRESSION_CODE')
- expected_dep_check_code = '''
-#if defined(SUITE_DEP)
-DEP_CHECK_CODE
-#endif
-'''
- expected_expression_code = '''
-#if defined(SUITE_DEP)
-EXPRESSION_CODE
-#endif
-'''
- self.assertEqual(dep_check_code, expected_dep_check_code)
- self.assertEqual(expression_code, expected_expression_code)
-
- def test_no_dep_no_exp(self):
- """
- Test when there are no dependency and expression code.
- :return:
- """
- dep_check_code, expression_code = gen_suite_dep_checks([], '', '')
- self.assertEqual(dep_check_code, '')
- self.assertEqual(expression_code, '')
-
-
-class GenFromTestData(TestCase):
- """
- Test suite for gen_from_test_data()
- """
-
- @staticmethod
- @patch("generate_test_code.write_dependencies")
- @patch("generate_test_code.write_parameters")
- @patch("generate_test_code.gen_suite_dep_checks")
- def test_intermediate_data_file(func_mock1,
- write_parameters_mock,
- write_dependencies_mock):
- """
- Test that intermediate data file is written with expected data.
- :return:
- """
- data = '''
-My test
-depends_on:DEP1
-func1:0
-'''
- data_f = StringIOWrapper('test_suite_ut.data', data)
- out_data_f = StringIOWrapper('test_suite_ut.datax', '')
- func_info = {'test_func1': (1, ('int',))}
- suite_dependencies = []
- write_parameters_mock.side_effect = write_parameters
- write_dependencies_mock.side_effect = write_dependencies
- func_mock1.side_effect = gen_suite_dep_checks
- gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies)
- write_dependencies_mock.assert_called_with(out_data_f,
- ['DEP1'], ['DEP1'])
- write_parameters_mock.assert_called_with(out_data_f, ['0'],
- ('int',), [])
- expected_dep_check_code = '''
- case 0:
- {
-#if defined(DEP1)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;'''
- func_mock1.assert_called_with(
- suite_dependencies, expected_dep_check_code, '')
-
- def test_function_not_found(self):
- """
- Test that AssertError is raised when function info in not found.
- :return:
- """
- data = '''
-My test
-depends_on:DEP1
-func1:0
-'''
- data_f = StringIOWrapper('test_suite_ut.data', data)
- out_data_f = StringIOWrapper('test_suite_ut.datax', '')
- func_info = {'test_func2': (1, ('int',))}
- suite_dependencies = []
- self.assertRaises(GeneratorInputError, gen_from_test_data,
- data_f, out_data_f, func_info, suite_dependencies)
-
- def test_different_func_args(self):
- """
- Test that AssertError is raised when no. of parameters and
- function args differ.
- :return:
- """
- data = '''
-My test
-depends_on:DEP1
-func1:0
-'''
- data_f = StringIOWrapper('test_suite_ut.data', data)
- out_data_f = StringIOWrapper('test_suite_ut.datax', '')
- func_info = {'test_func2': (1, ('int', 'hex'))}
- suite_dependencies = []
- self.assertRaises(GeneratorInputError, gen_from_test_data, data_f,
- out_data_f, func_info, suite_dependencies)
-
- def test_output(self):
- """
- Test that intermediate data file is written with expected data.
- :return:
- """
- data = '''
-My test 1
-depends_on:DEP1
-func1:0:0xfa:MACRO1:MACRO2
-
-My test 2
-depends_on:DEP1:DEP2
-func2:"yahoo":88:MACRO1
-'''
- data_f = StringIOWrapper('test_suite_ut.data', data)
- out_data_f = StringIOWrapper('test_suite_ut.datax', '')
- func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')),
- 'test_func2': (1, ('char*', 'int', 'int'))}
- suite_dependencies = []
- dep_check_code, expression_code = \
- gen_from_test_data(data_f, out_data_f, func_info,
- suite_dependencies)
- expected_dep_check_code = '''
- case 0:
- {
-#if defined(DEP1)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;
- case 1:
- {
-#if defined(DEP2)
- ret = DEPENDENCY_SUPPORTED;
-#else
- ret = DEPENDENCY_NOT_SUPPORTED;
-#endif
- }
- break;'''
- expected_data = '''My test 1
-depends_on:0
-0:int:0:int:0xfa:exp:0:exp:1
-
-My test 2
-depends_on:0:1
-1:char*:"yahoo":int:88:exp:0
-
-'''
- expected_expression_code = '''
- case 0:
- {
- *out_value = MACRO1;
- }
- break;
- case 1:
- {
- *out_value = MACRO2;
- }
- break;'''
- self.assertEqual(dep_check_code, expected_dep_check_code)
- self.assertEqual(out_data_f.getvalue(), expected_data)
- self.assertEqual(expression_code, expected_expression_code)
-
-
-if __name__ == '__main__':
- unittest_main()
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 8d70cbc..d4e4979 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -20,7 +20,7 @@
#pylint: disable=unused-import
import scripts_path
-from mbedtls_dev import build_tree
+from mbedtls_framework import build_tree
# PSA Compliance tests we expect to fail due to known defects in Mbed TLS /
# TF-PSA-Crypto (or the test suite).
@@ -73,8 +73,14 @@
os.mkdir(build_dir)
os.chdir(build_dir)
- extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
- if in_tf_psa_crypto_repo else '')
+ # Temporary while the PSA compliance test suite is still run as part
+ # of Mbed TLS testing. When it is not the case anymore, the second case
+ # can be removed.
+ if in_tf_psa_crypto_repo:
+ extra_includes = ';{}/drivers/builtin/include'.format(root_dir)
+ elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')):
+ extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \
+ (';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir))
#pylint: disable=bad-continuation
subprocess.check_call([
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 6883e27..f35351c 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -19,9 +19,9 @@
from typing import Iterable, List, Optional, Tuple
import scripts_path # pylint: disable=unused-import
-from mbedtls_dev import c_build_helper
-from mbedtls_dev.macro_collector import InputsForTest, PSAMacroEnumerator
-from mbedtls_dev import typing_util
+from mbedtls_framework import c_build_helper
+from mbedtls_framework.macro_collector import InputsForTest, PSAMacroEnumerator
+from mbedtls_framework import typing_util
def gather_inputs(headers: Iterable[str],
test_suites: Iterable[str],
@@ -161,7 +161,9 @@
def main():
parser = argparse.ArgumentParser(description=globals()['__doc__'])
parser.add_argument('--include', '-I',
- action='append', default=['include'],
+ action='append', default=['tf-psa-crypto/include',
+ 'tf-psa-crypto/drivers/builtin/include',
+ 'include'],
help='Directory for header files')
parser.add_argument('--keep-c',
action='store_true', dest='keep_c', default=False,
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
index 8471959..594fcd5 100644
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -20,7 +20,7 @@
#include <string.h>
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/include/psa/crypto.h"
+#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
#include "libtestdriver1/library/psa_crypto_ecp.h"
#include "libtestdriver1/library/psa_crypto_ffdh.h"
#endif
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
index 866b31e..2a87899 100644
--- a/tests/src/drivers/test_driver_key_management.c
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -193,6 +193,7 @@
uint8_t *key, size_t key_size, size_t *key_length)
{
++mbedtls_test_driver_key_management_hooks.hits;
+ ++mbedtls_test_driver_key_management_hooks.hits_generate_key;
if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
return mbedtls_test_driver_key_management_hooks.forced_status;
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
index a0b6c1c..52395e4 100644
--- a/tests/src/drivers/test_driver_pake.c
+++ b/tests/src/drivers/test_driver_pake.c
@@ -1,5 +1,5 @@
/*
- * Test driver for MAC entry points.
+ * Test driver for PAKE entry points.
*/
/* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 937bd45..b223276 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -11,7 +11,7 @@
#include <test/macros.h>
#include <test/psa_exercise_key.h>
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <mbedtls/asn1.h>
#include <psa/crypto.h>
@@ -1332,4 +1332,4 @@
}
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index 809f1cd..24e05c8 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -465,6 +465,7 @@
}
/* Wrapper for psa_crypto_driver_pake_get_cipher_suite */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
psa_pake_cipher_suite_t *arg1_cipher_suite)
@@ -472,8 +473,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_cipher_suite)(arg0_inputs, arg1_cipher_suite);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_password */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_buffer,
@@ -483,8 +486,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_password)(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_password_len */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_password_len)
@@ -492,8 +497,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_password_len)(arg0_inputs, arg1_password_len);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_peer */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_peer_id,
@@ -503,8 +510,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_peer)(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_peer_len */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_peer_len)
@@ -512,8 +521,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_peer_len)(arg0_inputs, arg1_peer_len);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_user */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
uint8_t *arg1_user_id,
@@ -523,8 +534,10 @@
psa_status_t status = (psa_crypto_driver_pake_get_user)(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_driver_pake_get_user_len */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(
const psa_crypto_driver_pake_inputs_t *arg0_inputs,
size_t *arg1_user_len)
@@ -532,6 +545,7 @@
psa_status_t status = (psa_crypto_driver_pake_get_user_len)(arg0_inputs, arg1_user_len);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_crypto_init */
psa_status_t mbedtls_test_wrap_psa_crypto_init(void)
@@ -1008,14 +1022,17 @@
}
/* Wrapper for psa_pake_abort */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_abort(
psa_pake_operation_t *arg0_operation)
{
psa_status_t status = (psa_pake_abort)(arg0_operation);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_get_implicit_key */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key(
psa_pake_operation_t *arg0_operation,
psa_key_derivation_operation_t *arg1_output)
@@ -1023,8 +1040,10 @@
psa_status_t status = (psa_pake_get_implicit_key)(arg0_operation, arg1_output);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_input */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_input(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
@@ -1040,8 +1059,10 @@
#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_output */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_output(
psa_pake_operation_t *arg0_operation,
psa_pake_step_t arg1_step,
@@ -1058,8 +1079,10 @@
#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_set_password_key */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_password_key(
psa_pake_operation_t *arg0_operation,
mbedtls_svc_key_id_t arg1_password)
@@ -1067,8 +1090,10 @@
psa_status_t status = (psa_pake_set_password_key)(arg0_operation, arg1_password);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_set_peer */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_peer(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_peer_id,
@@ -1083,8 +1108,10 @@
#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_set_role */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_role(
psa_pake_operation_t *arg0_operation,
psa_pake_role_t arg1_role)
@@ -1092,8 +1119,10 @@
psa_status_t status = (psa_pake_set_role)(arg0_operation, arg1_role);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_set_user */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_set_user(
psa_pake_operation_t *arg0_operation,
const uint8_t *arg1_user_id,
@@ -1108,8 +1137,10 @@
#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_pake_setup */
+#if defined(PSA_WANT_ALG_SOME_PAKE)
psa_status_t mbedtls_test_wrap_psa_pake_setup(
psa_pake_operation_t *arg0_operation,
const psa_pake_cipher_suite_t *arg1_cipher_suite)
@@ -1117,6 +1148,7 @@
psa_status_t status = (psa_pake_setup)(arg0_operation, arg1_cipher_suite);
return status;
}
+#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */
/* Wrapper for psa_purge_key */
psa_status_t mbedtls_test_wrap_psa_purge_key(
diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h
deleted file mode 100644
index b313ea8..0000000
--- a/tests/src/test_certs.h
+++ /dev/null
@@ -1,1226 +0,0 @@
-/*
- * X.509 test certificates
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */
-/* *INDENT-OFF* */
-
-/* This is taken from test-ca2.crt. */
-/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM test-ca2.crt */
-#define TEST_CA_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
- "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
- "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \
- "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \
- "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \
- "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \
- "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from test-ca2.crt.der. */
-/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER test-ca2.crt.der */
-#define TEST_CA_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
- 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
- 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
- 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
- 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
- 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
- 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
- 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
- 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
- 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
- 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
- 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
- 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
- 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
- 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \
- 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
- 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \
- 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \
- 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \
- 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
- 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \
- 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \
- 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \
- 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \
- 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \
- 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \
- 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \
- 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \
- 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \
- 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \
- 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \
-}
-/* END FILE */
-
-/* This is taken from test-ca2.key.enc. */
-/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM test-ca2.key.enc */
-#define TEST_CA_KEY_EC_PEM \
- "-----BEGIN EC PRIVATE KEY-----\r\n" \
- "Proc-Type: 4,ENCRYPTED\r\n" \
- "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \
- "\r\n" \
- "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \
- "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \
- "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \
- "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \
- "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-#define TEST_CA_PWD_EC_PEM "PolarSSLTest"
-
-/* This is generated from test-ca2.key.der. */
-/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER test-ca2.key.der */
-#define TEST_CA_KEY_EC_DER { \
- 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \
- 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \
- 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \
- 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \
- 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \
- 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \
- 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \
- 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \
- 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \
- 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \
- 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \
- 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \
- 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \
- 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \
-}
-/* END FILE */
-
-/* This is taken from test-ca-sha256.crt. */
-/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM test-ca-sha256.crt */
-#define TEST_CA_CRT_RSA_SHA256_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
- "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
- "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
- "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
- "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
- "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
- "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
- "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
- "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
- "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
- "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \
- "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \
- "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \
- "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \
- "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \
- "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \
- "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from test-ca-sha256.crt.der. */
-/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER test-ca-sha256.crt.der */
-#define TEST_CA_CRT_RSA_SHA256_DER { \
- 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
- 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
- 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
- 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
- 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
- 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
- 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
- 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
- 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
- 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
- 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
- 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
- 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
- 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
- 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
- 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
- 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
- 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
- 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
- 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
- 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
- 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
- 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
- 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
- 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
- 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
- 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
- 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
- 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \
- 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \
- 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \
- 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \
- 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \
- 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \
- 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \
- 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \
- 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \
- 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \
- 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \
- 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \
- 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \
- 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \
- 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \
- 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \
- 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \
- 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \
- 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \
- 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \
- 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \
- 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \
-}
-/* END FILE */
-
-/* This is taken from test-ca-sha1.crt. */
-/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM test-ca-sha1.crt */
-#define TEST_CA_CRT_RSA_SHA1_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
- "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
- "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
- "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
- "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
- "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
- "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
- "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
- "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
- "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \
- "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \
- "A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL\r\n" \
- "hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm\r\n" \
- "8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD\r\n" \
- "zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ\r\n" \
- "0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/\r\n" \
- "mtxyUALj2pQxRitopORFQdn7AOY5\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from test-ca-sha1.crt.der. */
-/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER test-ca-sha1.crt.der */
-#define TEST_CA_CRT_RSA_SHA1_DER { \
- 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \
- 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \
- 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \
- 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \
- 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \
- 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \
- 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \
- 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \
- 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \
- 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \
- 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \
- 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \
- 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \
- 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \
- 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \
- 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \
- 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \
- 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \
- 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \
- 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \
- 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \
- 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \
- 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \
- 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \
- 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \
- 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \
- 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \
- 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \
- 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \
- 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \
- 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0x66, 0x23, 0x51, 0x15, 0xd8, 0x9a, \
- 0xea, 0x4b, 0x24, 0x68, 0xf9, 0xe1, 0xae, 0xa7, 0xa3, 0x21, 0x1a, 0xbc, \
- 0x60, 0xc1, 0x06, 0x01, 0xfd, 0xa8, 0x20, 0xf9, 0xf2, 0x67, 0xbf, 0x31, \
- 0xa3, 0x21, 0x11, 0x81, 0xcd, 0xf9, 0x94, 0x71, 0xb2, 0x32, 0xdb, 0x0b, \
- 0x85, 0x68, 0x9c, 0x36, 0x33, 0xf8, 0x77, 0xf8, 0x52, 0xf4, 0x0b, 0x38, \
- 0x8f, 0x92, 0x80, 0xda, 0x07, 0x4d, 0x1a, 0x2e, 0x44, 0x4c, 0x0d, 0x57, \
- 0xed, 0x2a, 0x30, 0x58, 0xe1, 0xac, 0xaf, 0x28, 0xaf, 0x4a, 0x93, 0x12, \
- 0x1d, 0x5c, 0xb5, 0xf8, 0x77, 0x5f, 0x5a, 0x5b, 0x18, 0x40, 0xec, 0xe6, \
- 0xf2, 0x8f, 0x9f, 0x69, 0x03, 0x54, 0x9b, 0xc5, 0xf3, 0x3d, 0x59, 0xad, \
- 0xb5, 0xf0, 0x15, 0xb2, 0x9c, 0x5e, 0x1d, 0x2c, 0x49, 0x67, 0x7e, 0x8e, \
- 0xa3, 0xe4, 0x16, 0x67, 0x9c, 0x19, 0x94, 0x22, 0x04, 0xca, 0x31, 0x1d, \
- 0x2d, 0x42, 0x1d, 0xf9, 0x39, 0xb8, 0x07, 0x3d, 0xc1, 0xe6, 0x34, 0x43, \
- 0xcd, 0x96, 0xbf, 0x49, 0xaa, 0x83, 0xa2, 0x4a, 0xba, 0xe8, 0xdd, 0xb3, \
- 0xa5, 0xb8, 0x0a, 0x28, 0x09, 0x77, 0x19, 0x4d, 0x8e, 0xfb, 0xe7, 0xc1, \
- 0xa8, 0xfd, 0x9d, 0x4a, 0x47, 0x50, 0xca, 0x49, 0x93, 0xc6, 0x12, 0xcb, \
- 0x59, 0x13, 0x7c, 0x14, 0x9a, 0xa1, 0x60, 0x04, 0xf2, 0x42, 0x7b, 0x59, \
- 0xd1, 0x04, 0xa2, 0xdd, 0x6f, 0x47, 0x7d, 0x26, 0x4f, 0x9c, 0x54, 0xdc, \
- 0x3c, 0x85, 0xde, 0xa2, 0x23, 0xdd, 0xda, 0x92, 0xe5, 0xc6, 0xdd, 0x61, \
- 0x66, 0xef, 0x1d, 0xc2, 0xcd, 0x8b, 0x4d, 0x71, 0x3a, 0xde, 0xe3, 0xfa, \
- 0x30, 0xce, 0x0b, 0x1e, 0xf5, 0xb1, 0x8a, 0xe2, 0x5a, 0x5a, 0x43, 0xff, \
- 0x9a, 0xdc, 0x72, 0x50, 0x02, 0xe3, 0xda, 0x94, 0x31, 0x46, 0x2b, 0x68, \
- 0xa4, 0xe4, 0x45, 0x41, 0xd9, 0xfb, 0x00, 0xe6, 0x39 \
-}
-/* END FILE */
-
-/* This is taken from test-ca.key. */
-/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM test-ca.key */
-#define TEST_CA_KEY_RSA_PEM \
- "-----BEGIN RSA PRIVATE KEY-----\r\n" \
- "Proc-Type: 4,ENCRYPTED\r\n" \
- "DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \
- "\r\n" \
- "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \
- "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \
- "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \
- "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \
- "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \
- "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \
- "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \
- "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \
- "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \
- "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \
- "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \
- "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \
- "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \
- "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \
- "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \
- "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \
- "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \
- "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \
- "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \
- "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \
- "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \
- "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \
- "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \
- "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \
- "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \
- "-----END RSA PRIVATE KEY-----\r\n"
-/* END FILE */
-
-#define TEST_CA_PWD_RSA_PEM "PolarSSLTest"
-
-/* This is generated from test-ca.key.der. */
-/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER test-ca.key.der */
-#define TEST_CA_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \
- 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \
- 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \
- 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \
- 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \
- 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \
- 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \
- 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \
- 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \
- 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \
- 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \
- 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \
- 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \
- 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \
- 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \
- 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \
- 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \
- 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \
- 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \
- 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \
- 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \
- 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \
- 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \
- 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \
- 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \
- 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \
- 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \
- 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \
- 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \
- 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \
- 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \
- 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \
- 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \
- 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \
- 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \
- 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \
- 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \
- 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \
- 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \
- 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \
- 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \
- 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \
- 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \
- 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \
- 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \
- 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \
- 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \
- 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \
- 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \
- 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \
- 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \
- 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \
- 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \
- 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \
- 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \
- 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \
- 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \
- 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \
- 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \
- 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \
- 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \
- 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \
- 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \
- 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \
- 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \
- 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \
- 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \
- 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \
- 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \
- 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \
- 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \
- 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \
- 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \
- 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \
- 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \
- 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \
- 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \
- 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \
- 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \
- 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \
- 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \
- 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \
- 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \
- 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \
- 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \
- 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \
- 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \
- 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \
- 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \
- 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \
- 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \
- 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \
- 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \
- 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \
- 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \
- 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \
- 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \
- 0xa8, 0xc2, 0x8f, 0x0d \
-}
-/* END FILE */
-
-/* This is taken from server5.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM server5.crt */
-#define TEST_SRV_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
- "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
- "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
- "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
- "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
- "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \
- "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
- "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \
- "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \
- "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from server5.crt.der. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER server5.crt.der */
-#define TEST_SRV_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \
- 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \
- 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
- 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
- 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
- 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
- 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
- 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
- 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
- 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
- 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
- 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
- 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
- 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
- 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
- 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
- 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \
- 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \
- 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \
- 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \
- 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \
- 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \
- 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \
- 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \
- 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \
- 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \
-}
-/* END FILE */
-
-/* This is taken from server5.key. */
-/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM server5.key */
-#define TEST_SRV_KEY_EC_PEM \
- "-----BEGIN EC PRIVATE KEY-----\r\n" \
- "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \
- "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \
- "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \
- "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from server5.key.der. */
-/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER server5.key.der */
-#define TEST_SRV_KEY_EC_DER { \
- 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \
- 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \
- 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \
- 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \
- 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \
- 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \
- 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \
- 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \
- 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \
- 0xff \
-}
-/* END FILE */
-
-/* This is taken from server2-sha256.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM server2-sha256.crt */
-#define TEST_SRV_CRT_RSA_SHA256_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
- "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
- "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
- "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
- "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
- "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
- "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
- "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
- "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
- "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
- "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \
- "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \
- "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \
- "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \
- "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \
- "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \
- "pMZqLmbBm/7WPLc=\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from server2-sha256.crt.der. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER server2-sha256.crt.der */
-#define TEST_SRV_CRT_RSA_SHA256_DER { \
- 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
- 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
- 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
- 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
- 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
- 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
- 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
- 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
- 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
- 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
- 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
- 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
- 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
- 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
- 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
- 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
- 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
- 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
- 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
- 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
- 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
- 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
- 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
- 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
- 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
- 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
- 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
- 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
- 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \
- 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \
- 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \
- 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \
- 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \
- 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \
- 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \
- 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \
- 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \
- 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \
- 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \
- 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \
- 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \
- 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \
- 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \
- 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \
- 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \
- 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \
- 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \
- 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \
- 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \
- 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \
- 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \
-}
-/* END FILE */
-
-/* This is taken from server2.crt. */
-/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM server2.crt */
-#define TEST_SRV_CRT_RSA_SHA1_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
- "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
- "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
- "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
- "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
- "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
- "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
- "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
- "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
- "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
- "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \
- "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \
- "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \
- "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \
- "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \
- "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \
- "Awgk0+4m0T25cNs=\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from server2.crt.der. */
-/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER server2.crt.der */
-#define TEST_SRV_CRT_RSA_SHA1_DER { \
- 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \
- 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \
- 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \
- 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \
- 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \
- 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \
- 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \
- 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \
- 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \
- 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \
- 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \
- 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \
- 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \
- 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \
- 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \
- 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \
- 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \
- 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \
- 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \
- 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \
- 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \
- 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \
- 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \
- 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \
- 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \
- 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \
- 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \
- 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \
- 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \
- 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \
- 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \
- 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \
- 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x99, 0x25, 0x83, 0x74, 0x38, \
- 0x70, 0x1e, 0xef, 0xec, 0x1c, 0xec, 0xc4, 0xcf, 0xef, 0x2f, 0x22, 0x9c, \
- 0x70, 0xee, 0xa8, 0xa7, 0x4f, 0xe0, 0x67, 0x33, 0x38, 0x82, 0x1b, 0x8b, \
- 0xab, 0x66, 0x37, 0xda, 0x49, 0x74, 0xb0, 0xce, 0xa4, 0x48, 0xd5, 0x14, \
- 0x99, 0xdb, 0xae, 0xab, 0x7b, 0xbf, 0xf8, 0x69, 0x94, 0x64, 0xdd, 0x80, \
- 0x3b, 0xfe, 0xdc, 0xf8, 0x7c, 0x3b, 0x84, 0x31, 0x44, 0x22, 0xf6, 0x64, \
- 0xf7, 0xc6, 0x81, 0x1a, 0x30, 0x8b, 0xaa, 0x7d, 0xc3, 0x9a, 0x01, 0xc8, \
- 0xbf, 0xc4, 0xe8, 0x43, 0xae, 0xe7, 0x7a, 0x59, 0x50, 0xc7, 0x1d, 0x94, \
- 0x8f, 0x7d, 0x3d, 0x3d, 0xd8, 0x23, 0x36, 0x2f, 0xeb, 0xf4, 0x73, 0x9c, \
- 0x28, 0xd0, 0x18, 0x3d, 0xb0, 0x5c, 0x83, 0xa3, 0x09, 0x19, 0x65, 0xa3, \
- 0xd9, 0x32, 0x3a, 0xbc, 0xd6, 0x9c, 0x7a, 0x2a, 0x2c, 0xfc, 0x38, 0x4e, \
- 0x63, 0x1e, 0x55, 0xd2, 0x3e, 0x67, 0x7e, 0xa4, 0x89, 0xfe, 0x99, 0xd4, \
- 0xd2, 0x0f, 0x48, 0x82, 0x7d, 0x8b, 0x02, 0x18, 0x18, 0xa4, 0x62, 0x44, \
- 0x88, 0x43, 0x3d, 0xc1, 0x6e, 0xe1, 0x10, 0xc9, 0x30, 0x9a, 0x4d, 0x21, \
- 0xfe, 0xca, 0x99, 0xb2, 0xb2, 0x6c, 0x18, 0x7e, 0x58, 0xb0, 0x5f, 0xd5, \
- 0x4e, 0x14, 0xaa, 0xfc, 0x95, 0x4e, 0xd5, 0xed, 0xa6, 0x64, 0x7d, 0xaf, \
- 0xae, 0xec, 0x99, 0x28, 0x95, 0x41, 0xab, 0xef, 0x2d, 0x0c, 0xd6, 0x29, \
- 0x1e, 0x42, 0xba, 0xb5, 0x2c, 0x95, 0x61, 0x08, 0x73, 0x22, 0xdd, 0xd2, \
- 0xb4, 0xc2, 0x56, 0x28, 0xc9, 0x7f, 0xa3, 0x99, 0x36, 0x01, 0x8c, 0xfa, \
- 0xb5, 0x20, 0xb5, 0xeb, 0x8f, 0xb5, 0xa0, 0x6f, 0x8c, 0x2f, 0x72, 0xd6, \
- 0x83, 0xc5, 0xeb, 0x18, 0xa6, 0xbd, 0xd4, 0x7e, 0x14, 0x38, 0xa6, 0xa9, \
- 0x03, 0x08, 0x24, 0xd3, 0xee, 0x26, 0xd1, 0x3d, 0xb9, 0x70, 0xdb \
-}
-/* END FILE */
-
-/* This is taken from server2.key. */
-/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM server2.key */
-#define TEST_SRV_KEY_RSA_PEM \
- "-----BEGIN RSA PRIVATE KEY-----\r\n" \
- "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \
- "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \
- "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \
- "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \
- "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \
- "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \
- "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \
- "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \
- "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \
- "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \
- "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \
- "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \
- "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \
- "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \
- "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \
- "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \
- "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \
- "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \
- "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \
- "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \
- "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \
- "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \
- "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \
- "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \
- "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \
- "-----END RSA PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from server2.key.der. */
-/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER server2.key.der */
-#define TEST_SRV_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \
- 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \
- 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \
- 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \
- 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \
- 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \
- 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \
- 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \
- 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \
- 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \
- 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \
- 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \
- 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \
- 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \
- 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \
- 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \
- 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \
- 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \
- 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \
- 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \
- 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \
- 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \
- 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \
- 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \
- 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \
- 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \
- 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \
- 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \
- 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \
- 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \
- 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \
- 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \
- 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \
- 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \
- 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \
- 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \
- 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \
- 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \
- 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \
- 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \
- 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \
- 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \
- 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \
- 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \
- 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \
- 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \
- 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \
- 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \
- 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \
- 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \
- 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \
- 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \
- 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \
- 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \
- 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \
- 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \
- 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \
- 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \
- 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \
- 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \
- 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \
- 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \
- 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \
- 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \
- 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \
- 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \
- 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \
- 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \
- 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \
- 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \
- 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \
- 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \
- 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \
- 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \
- 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \
- 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \
- 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \
- 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \
- 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \
- 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \
- 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \
- 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \
- 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \
- 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \
- 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \
- 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \
- 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \
- 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \
- 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \
- 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \
- 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \
- 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \
- 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \
- 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \
- 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \
- 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \
- 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \
- 0x06, 0x21, 0x2e, 0x56 \
-}
-/* END FILE */
-
-/* This is taken from cli2.crt. */
-/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM cli2.crt */
-#define TEST_CLI_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \
- "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \
- "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \
- "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \
- "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \
- "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \
- "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \
- "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \
- "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \
- "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \
- "a9Vk\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from cli2.crt.der. */
-/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER cli2.crt.der */
-#define TEST_CLI_CRT_EC_DER { \
- 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \
- 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \
- 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \
- 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \
- 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \
- 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \
- 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \
- 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \
- 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \
- 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \
- 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \
- 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \
- 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \
- 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \
- 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \
- 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \
- 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \
- 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \
- 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \
- 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \
- 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \
- 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \
- 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \
- 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \
- 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \
- 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \
- 0x6b, 0xd5, 0x64 \
-}
-/* END FILE */
-
-/* This is taken from cli2.key. */
-/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM cli2.key */
-#define TEST_CLI_KEY_EC_PEM \
- "-----BEGIN EC PRIVATE KEY-----\r\n" \
- "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \
- "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \
- "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \
- "-----END EC PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from cli2.key.der. */
-/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER cli2.key.der */
-#define TEST_CLI_KEY_EC_DER { \
- 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \
- 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \
- 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \
- 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \
- 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \
- 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \
- 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \
- 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \
- 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \
- 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \
- 0xc7 \
-}
-/* END FILE */
-
-/* This is taken from cli-rsa-sha256.crt. */
-/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM cli-rsa-sha256.crt */
-#define TEST_CLI_CRT_RSA_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
- "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
- "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \
- "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \
- "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \
- "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \
- "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \
- "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \
- "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \
- "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \
- "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \
- "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \
- "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \
- "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \
- "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \
- "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \
- "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \
- "-----END CERTIFICATE-----\r\n"
-/* END FILE */
-
-/* This is generated from cli-rsa-sha256.crt.der. */
-/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER cli-rsa-sha256.crt.der */
-#define TEST_CLI_CRT_RSA_DER { \
- 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \
- 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \
- 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \
- 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \
- 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \
- 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \
- 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
- 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \
- 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \
- 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \
- 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \
- 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \
- 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \
- 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \
- 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \
- 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \
- 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \
- 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \
- 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \
- 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \
- 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \
- 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \
- 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \
- 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \
- 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \
- 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \
- 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \
- 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \
- 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \
- 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \
- 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \
- 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \
- 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \
- 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \
- 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \
- 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \
- 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \
- 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \
- 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \
- 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \
- 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \
- 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \
- 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \
- 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \
- 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \
- 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \
- 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \
- 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \
- 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \
- 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \
- 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \
- 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \
- 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \
- 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \
- 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \
- 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \
- 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \
- 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \
- 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \
- 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \
- 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \
- 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \
- 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \
-}
-/* END FILE */
-
-/* This is taken from cli-rsa.key. */
-/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM cli-rsa.key */
-#define TEST_CLI_KEY_RSA_PEM \
- "-----BEGIN RSA PRIVATE KEY-----\r\n" \
- "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \
- "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \
- "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \
- "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \
- "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \
- "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \
- "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \
- "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \
- "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \
- "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \
- "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \
- "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \
- "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \
- "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \
- "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \
- "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \
- "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \
- "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \
- "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \
- "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \
- "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \
- "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \
- "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \
- "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \
- "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \
- "-----END RSA PRIVATE KEY-----\r\n"
-/* END FILE */
-
-/* This is generated from cli-rsa.key.der. */
-/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER cli-rsa.key.der */
-#define TEST_CLI_KEY_RSA_DER { \
- 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \
- 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \
- 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \
- 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \
- 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \
- 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \
- 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \
- 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \
- 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \
- 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \
- 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \
- 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \
- 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \
- 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \
- 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \
- 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \
- 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \
- 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \
- 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \
- 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \
- 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \
- 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \
- 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \
- 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \
- 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \
- 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \
- 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \
- 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \
- 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \
- 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \
- 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \
- 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \
- 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \
- 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \
- 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \
- 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \
- 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \
- 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \
- 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \
- 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \
- 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \
- 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \
- 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \
- 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \
- 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \
- 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \
- 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \
- 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \
- 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \
- 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \
- 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \
- 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \
- 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \
- 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \
- 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \
- 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \
- 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \
- 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \
- 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \
- 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \
- 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \
- 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \
- 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \
- 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \
- 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \
- 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \
- 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \
- 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \
- 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \
- 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \
- 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \
- 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \
- 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \
- 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \
- 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \
- 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \
- 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \
- 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \
- 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \
- 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \
- 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \
- 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \
- 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \
- 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \
- 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \
- 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \
- 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \
- 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \
- 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \
- 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \
- 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \
- 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \
- 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \
- 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \
- 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \
- 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \
- 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \
- 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \
- 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \
- 0x8b, 0x87, 0xc3, 0x00 \
-}
-/* END FILE */
-
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 55201c0..255849f 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -1791,30 +1791,33 @@
session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ?
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER;
session->ciphersuite = 0xabcd;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
session->ticket_age_add = 0x87654321;
session->ticket_flags = 0x7;
-
session->resumption_key_len = 32;
memset(session->resumption_key, 0x99, sizeof(session->resumption_key));
-
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- session->max_early_data_size = 0x87654321;
-#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
- int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample");
- if (ret != 0) {
- return -1;
- }
-#endif /* MBEDTLS_SSL_ALPN && MBEDTLS_SSL_SRV_C */
-#endif /* MBEDTLS_SSL_EARLY_DATA */
-
-#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C)
- if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
- session->ticket_creation_time = mbedtls_ms_time() - 42;
- }
#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ if (session->endpoint == MBEDTLS_SSL_IS_SERVER) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN)
+ int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample");
+ if (ret != 0) {
+ return -1;
+ }
+#endif
+#if defined(MBEDTLS_HAVE_TIME)
+ session->ticket_creation_time = mbedtls_ms_time() - 42;
+#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_CLI_C)
if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_HAVE_TIME)
session->ticket_reception_time = mbedtls_ms_time() - 40;
#endif
@@ -1828,9 +1831,22 @@
}
memset(session->ticket, 33, ticket_len);
}
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ char hostname[] = "hostname example";
+ session->hostname = mbedtls_calloc(1, sizeof(hostname));
+ if (session->hostname == NULL) {
+ return -1;
+ }
+ memcpy(session->hostname, hostname, sizeof(hostname));
+#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
}
#endif /* MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ session->max_early_data_size = 0x87654321;
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
session->record_size_limit = 2048;
#endif
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a7c4020..646daad 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -70,6 +70,32 @@
# alternative versions of OpenSSL and GnuTLS (no default path)
+# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well.
+if [ -z "${OPENSSL_NEXT:-}" ]; then
+ case $($OPENSSL version) in
+ OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;;
+ OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;;
+ esac
+fi
+
+# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well.
+if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then
+ case $($GNUTLS_CLI --version) in
+ gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+ gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+ gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
+ esac
+fi
+
+# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well.
+if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then
+ case $($GNUTLS_SERV --version) in
+ gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+ gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+ gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
+ esac
+fi
+
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key"
@@ -115,6 +141,7 @@
RUN_TEST_NUMBER=''
RUN_TEST_SUITE=''
+MIN_TESTS=1
PRESERVE_LOGS=0
# Pick a "unique" server port in the range 10000-19999, and a proxy
@@ -133,6 +160,7 @@
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
printf " --list-test-cases\tList all potential test cases (No Execution)\n"
+ printf " --min \tMinimum number of non-skipped tests (default 1)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n"
@@ -166,6 +194,9 @@
-p|--preserve-logs)
PRESERVE_LOGS=1
;;
+ --min)
+ shift; MIN_TESTS=$1
+ ;;
--outcome-file)
shift; MBEDTLS_TEST_OUTCOME_FILE=$1
;;
@@ -443,9 +474,9 @@
esac
case "$CMD_LINE" in
- *server5*|\
- *server7*|\
- *dir-maxpath*)
+ */server5*|\
+ */server7*|\
+ */dir-maxpath*)
if [ "$TLS_VERSION" = "TLS13" ]; then
# In case of TLS13 the support for ECDSA is enough
requires_pk_alg "ECDSA"
@@ -477,9 +508,15 @@
esac
case "$CMD_LINE" in
- *server2*|\
- *server7*)
- # server2 and server7 certificates use RSA encryption
+ */server1*|\
+ */server2*|\
+ */server7*)
+ # Certificates with an RSA key. The algorithm requirement is
+ # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature,
+ # PSS signature}. We can't easily tell which subset works, and
+ # we aren't currently running ssl-opt.sh in configurations
+ # where partial RSA support is a problem, so generically, we
+ # just require RSA and it works out for our tests so far.
requires_config_enabled "MBEDTLS_RSA_C"
esac
@@ -494,9 +531,10 @@
adapt_cmd_for_psk () {
case "$2" in
- *openssl*) s='-psk abc123 -nocert';;
- *gnutls-*) s='--pskkey=abc123';;
- *) s='psk=abc123';;
+ *openssl*s_server*) s='-psk 73776f726466697368 -nocert';;
+ *openssl*) s='-psk 73776f726466697368';;
+ *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';;
+ *) s='psk=73776f726466697368';;
esac
eval $1='"$2 $s"'
unset s
@@ -2449,9 +2487,9 @@
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-PSK" \
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
- psk=abc123 psk_identity=foo" \
+ psk=73776f726466697368 psk_identity=foo" \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- psk=abc123 psk_identity=foo" \
+ psk=73776f726466697368 psk_identity=foo" \
0 \
-c "Verifying peer X.509 certificate... ok" \
-c "Ciphersuite is TLS-RSA-PSK-" \
@@ -2698,12 +2736,14 @@
-C "error"
# Tests for SHA-1 support
+requires_hash_alg SHA_1
run_test "SHA-1 forbidden by default in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
1 \
-c "The certificate is signed with an unacceptable hash"
+requires_hash_alg SHA_1
run_test "SHA-1 explicitly allowed in server certificate" \
"$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
"$P_CLI force_version=tls12 allow_sha1=1" \
@@ -2714,17 +2754,23 @@
"$P_CLI force_version=tls12 allow_sha1=0" \
0
+requires_hash_alg SHA_1
+requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 forbidden by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1 \
-s "The certificate is signed with an unacceptable hash"
+requires_hash_alg SHA_1
+requires_config_enabled MBEDTLS_RSA_C
run_test "SHA-1 explicitly allowed in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
0
+requires_config_enabled MBEDTLS_RSA_C
+requires_hash_alg SHA_256
run_test "SHA-256 allowed by default in client certificate" \
"$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
"$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
@@ -3731,6 +3777,7 @@
# Tests for Session Tickets
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: basic" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3745,6 +3792,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: manual rotation" \
"$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3759,6 +3807,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: cache disabled" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3773,6 +3822,7 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: timeout" \
"$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \
@@ -3787,6 +3837,7 @@
-S "a session has been resumed" \
-C "a session has been resumed"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: session copy" \
"$P_SRV debug_level=3 tickets=1 cache_max=0" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
@@ -3802,6 +3853,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl server" \
"$O_SRV -tls1_2" \
"$P_CLI debug_level=3 tickets=1 reconnect=1" \
@@ -3812,8 +3864,9 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: openssl client" \
- "$P_SRV debug_level=3 tickets=1" \
+ "$P_SRV force_version=tls12 debug_level=3 tickets=1" \
"( $O_CLI -sess_out $SESSION; \
$O_CLI -sess_in $SESSION; \
rm -f $SESSION )" \
@@ -3825,6 +3878,7 @@
-s "a session has been resumed"
requires_cipher_enabled "AES" "GCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: AES-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3840,6 +3894,7 @@
-c "a session has been resumed"
requires_cipher_enabled "AES" "GCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: AES-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3855,6 +3910,7 @@
-c "a session has been resumed"
requires_cipher_enabled "AES" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: AES-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3870,6 +3926,7 @@
-c "a session has been resumed"
requires_cipher_enabled "AES" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: AES-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3885,6 +3942,7 @@
-c "a session has been resumed"
requires_cipher_enabled "AES" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: AES-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3900,6 +3958,7 @@
-c "a session has been resumed"
requires_cipher_enabled "CAMELLIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: CAMELLIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3915,6 +3974,7 @@
-c "a session has been resumed"
requires_cipher_enabled "CAMELLIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: CAMELLIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3930,6 +3990,7 @@
-c "a session has been resumed"
requires_cipher_enabled "CAMELLIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: CAMELLIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3945,6 +4006,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "GCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-128-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3960,6 +4022,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "GCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-192-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3975,6 +4038,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "GCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-256-GCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -3990,6 +4054,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-128-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -4005,6 +4070,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-192-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -4020,6 +4086,7 @@
-c "a session has been resumed"
requires_cipher_enabled "ARIA" "CCM"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: ARIA-256-CCM" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -4035,6 +4102,7 @@
-c "a session has been resumed"
requires_cipher_enabled "CHACHA20"
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets: CHACHA20-POLY1305" \
"$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -4052,6 +4120,7 @@
# Tests for Session Tickets with DTLS
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: basic" \
"$P_SRV debug_level=3 dtls=1 tickets=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -4067,6 +4136,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: cache disabled" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -4082,6 +4152,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: timeout" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \
@@ -4097,6 +4168,7 @@
-C "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: session copy" \
"$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
"$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \
@@ -4112,6 +4184,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl server" \
"$O_SRV -dtls" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
@@ -4125,6 +4198,7 @@
# probability with OpenSSL 1.0.2g on the CI, see #5012.
requires_openssl_next
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -4140,6 +4214,7 @@
# Tests for Session Resume based on session-ID and cache
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache: tickets enabled on client" \
"$P_SRV debug_level=3 tickets=0" \
"$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
@@ -4155,6 +4230,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache: tickets enabled on server" \
"$P_SRV debug_level=3 tickets=1" \
"$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \
@@ -4246,6 +4322,7 @@
-c "a session has been resumed"
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache: openssl client" \
"$P_SRV force_version=tls12 debug_level=3 tickets=0" \
"( $O_CLI -sess_out $SESSION; \
@@ -4295,6 +4372,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache, DTLS: tickets enabled on client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -4311,6 +4389,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache, DTLS: tickets enabled on server" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
"$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
@@ -4396,6 +4475,7 @@
requires_openssl_next
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_CACHE_C
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
"( $O_NEXT_CLI -dtls -sess_out $SESSION; \
@@ -5592,6 +5672,7 @@
# Test for the "secure renegotiation" extension only (no actual renegotiation)
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server strict, client default" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
@@ -5602,6 +5683,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client default" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
@@ -5612,6 +5694,7 @@
-c "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls server unsafe, client break legacy" \
"$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
@@ -5622,28 +5705,31 @@
-C "HTTP/1.0 200 [Oo][Kk]"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client strict, server default" \
"$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
+ "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \
0 \
-s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-s "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server default" \
"$P_SRV debug_level=3" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
+ "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
requires_gnutls
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "Renego ext: gnutls client unsafe, server break legacy" \
"$P_SRV debug_level=3 allow_legacy=-1" \
- "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
+ "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
1 \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
@@ -6656,6 +6742,7 @@
-c "Read from server: .* bytes read"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: ticket" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1" \
@@ -6665,6 +6752,7 @@
-c "Read from server: .* bytes read"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: ticket + client auth" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1" \
@@ -6674,6 +6762,7 @@
-c "Read from server: .* bytes read"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \
@@ -6685,6 +6774,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=required" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -6694,6 +6784,7 @@
-c "Read from server: .* bytes read"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \
@@ -6705,6 +6796,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \
"$P_SRV nbio=2 tickets=1 auth_mode=none" \
"$P_CLI nbio=2 tickets=1 reconnect=1" \
@@ -6743,6 +6835,7 @@
-c "Read from server: .* bytes read"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: ticket" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1" \
@@ -6752,6 +6845,7 @@
-c "Read from server: .* bytes read"
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: ticket + client auth" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1" \
@@ -6761,6 +6855,7 @@
-c "Read from server: .* bytes read"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \
@@ -6772,6 +6867,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \
"$P_SRV event=1 tickets=1 auth_mode=required" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -6781,6 +6877,7 @@
-c "Read from server: .* bytes read"
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \
@@ -6792,6 +6889,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \
"$P_SRV event=1 tickets=1 auth_mode=none" \
"$P_CLI event=1 tickets=1 reconnect=1" \
@@ -6824,6 +6922,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O, DTLS: ticket" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1" \
@@ -6831,6 +6930,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O, DTLS: ticket + client auth" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1" \
@@ -6838,6 +6938,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -6845,6 +6946,7 @@
-c "Read from server: .* bytes read"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "Event-driven I/O, DTLS: ticket + resume" \
"$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
"$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
@@ -7666,7 +7768,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2.ku-ds_ke.crt" \
+ -cert data_files/server2-sha256.ku-ds_ke.crt" \
"$P_CLI debug_level=3" \
0 \
-C "bad certificate (usage extensions)" \
@@ -7678,7 +7780,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ -cert data_files/server2-sha256.ku-ke.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7690,7 +7792,7 @@
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
"$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \
- -cert data_files/server2.ku-ka.crt" \
+ -cert data_files/server2-sha256.ku-ka.crt" \
"$P_CLI debug_level=1" \
1 \
-c "bad certificate (usage extensions)" \
@@ -7739,7 +7841,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server2.key \
+ "$O_CLI -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
@@ -7749,7 +7851,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server2.key \
+ "$O_CLI -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
@@ -7757,8 +7859,8 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
- "$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -key data_files/server2.key \
+ "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \
+ "$O_CLI -tls1_2 -key data_files/server2.key \
-cert data_files/server2.ku-ke.crt" \
1 \
-s "bad certificate (usage extensions)" \
@@ -7767,7 +7869,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
@@ -7777,7 +7879,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.ku-ka.crt" \
0 \
-s "bad certificate (usage extensions)" \
@@ -7789,7 +7891,7 @@
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
- -cert data_files/server2.ku-ds.crt" \
+ -cert data_files/server2-sha256.ku-ds.crt" \
0 \
-s "Verifying peer X.509 certificate... ok" \
-S "bad certificate (usage extensions)" \
@@ -7801,7 +7903,7 @@
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
"$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -key data_files/server2.key \
- -cert data_files/server2.ku-ke.crt" \
+ -cert data_files/server2-sha256.ku-ke.crt" \
0 \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
@@ -7954,7 +8056,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
@@ -7963,7 +8065,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-srv_cli.crt" \
0 \
-S "bad certificate (usage extensions)" \
@@ -7972,7 +8074,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cs_any.crt" \
0 \
-S "bad certificate (usage extensions)" \
@@ -7981,7 +8083,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
"$P_SRV debug_level=1 auth_mode=optional" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
0 \
-s "bad certificate (usage extensions)" \
@@ -7990,7 +8092,7 @@
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
"$P_SRV debug_level=1 auth_mode=required" \
- "$O_CLI -key data_files/server5.key \
+ "$O_CLI -tls1_2 -key data_files/server5.key \
-cert data_files/server5.eku-cs.crt" \
1 \
-s "bad certificate (usage extensions)" \
@@ -8133,9 +8235,9 @@
# Tests for PSK callback
run_test "PSK callback: psk, no callback" \
- "$P_SRV psk=abc123 psk_identity=foo" \
+ "$P_SRV psk=73776f726466697368 psk_identity=foo" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
@@ -8143,9 +8245,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8155,9 +8257,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8167,9 +8269,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8179,9 +8281,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8191,9 +8293,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque rsa-psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8203,9 +8305,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8215,9 +8317,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8227,9 +8329,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8239,9 +8341,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8251,9 +8353,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8263,9 +8365,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8275,9 +8377,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8287,9 +8389,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque dhe-psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8299,9 +8401,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8311,9 +8413,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8323,9 +8425,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
+ "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 psk_opaque=1" \
+ psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8335,9 +8437,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8347,9 +8449,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8359,10 +8461,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8372,10 +8474,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8385,9 +8487,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8397,9 +8499,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8409,10 +8511,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8422,10 +8524,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8435,9 +8537,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8447,9 +8549,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8459,10 +8561,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8472,10 +8574,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8485,9 +8587,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8497,9 +8599,9 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
+ "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
0 \
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
@@ -8509,10 +8611,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8522,10 +8624,10 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
+ "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=abc123 extended_ms=1" \
+ psk_identity=foo psk=73776f726466697368 extended_ms=1" \
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
@@ -8735,7 +8837,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
@@ -8747,7 +8849,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
@@ -8759,7 +8861,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
@@ -8771,7 +8873,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
@@ -8783,7 +8885,7 @@
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
- "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
+ "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
1 \
@@ -8792,16 +8894,16 @@
run_test "PSK callback: no psk, no callback" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
1 \
-s "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
run_test "PSK callback: callback overrides other settings" \
- "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
+ "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=abc123" \
+ psk_identity=foo psk=73776f726466697368" \
1 \
-S "SSL - The handshake negotiation failed" \
-s "SSL - Unknown identity received" \
@@ -9019,11 +9121,25 @@
# Test for ClientHello without extensions
+# Without extensions, ECC is impossible (no curve negotiation).
+requires_config_enabled MBEDTLS_RSA_C
requires_gnutls
-run_test "ClientHello without extensions" \
+run_test "ClientHello without extensions: RSA" \
"$P_SRV force_version=tls12 debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
0 \
+ -s "Ciphersuite is .*-RSA-WITH-.*" \
+ -S "Ciphersuite is .*-EC.*" \
+ -s "dumping 'client hello extensions' (0 bytes)"
+
+requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+requires_gnutls
+run_test "ClientHello without extensions: PSK" \
+ "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
+ "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
+ 0 \
+ -s "Ciphersuite is .*-PSK-.*" \
+ -S "Ciphersuite is .*-EC.*" \
-s "dumping 'client hello extensions' (0 bytes)"
# Tests for mbedtls_ssl_get_bytes_avail()
@@ -9633,9 +9749,9 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
- "$P_SRV psk=abc123 \
+ "$P_SRV psk=73776f726466697368 \
async_operations=d async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI psk=abc123 \
+ "$P_CLI psk=73776f726466697368 \
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async decrypt callback: using key slot " \
@@ -9643,9 +9759,9 @@
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
- "$P_SRV psk=abc123 \
+ "$P_SRV psk=73776f726466697368 \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI psk=abc123 \
+ "$P_CLI psk=73776f726466697368 \
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
0 \
-s "Async decrypt callback: using key slot " \
@@ -10095,8 +10211,8 @@
-s "! Certificate verification was skipped"
run_test "DTLS wrong PSK: badmac alert" \
- "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
- "$P_CLI dtls=1 psk=abc124" \
+ "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
+ "$P_CLI dtls=1 psk=73776f726466697374" \
1 \
-s "SSL - Verification of the message MAC failed" \
-c "SSL - A fatal alert message was received from our peer"
@@ -11797,6 +11913,7 @@
requires_certificate_authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
-p "$P_PXY delay_srv=NewSessionTicket" \
"$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
@@ -11863,8 +11980,8 @@
requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
-p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
- "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
- "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
+ "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
+ "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
0 \
-s "Buffer record from epoch 1" \
-s "Found buffered record from current epoch - load" \
@@ -11878,8 +11995,8 @@
run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ psk=73776f726466697368" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
-s "Extra-header:" \
@@ -11917,6 +12034,7 @@
client_needs_more_time 2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "DTLS proxy: 3d, FS, ticket" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
@@ -11927,6 +12045,7 @@
client_needs_more_time 2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
@@ -11937,6 +12056,7 @@
client_needs_more_time 2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
run_test "DTLS proxy: 3d, max handshake, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
@@ -11951,8 +12071,8 @@
run_test "DTLS proxy: 3d, min handshake, resumption" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 debug_level=3" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ psk=73776f726466697368 debug_level=3" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -11966,8 +12086,8 @@
run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 debug_level=3 nbio=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ psk=73776f726466697368 debug_level=3 nbio=2" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
0 \
@@ -11981,8 +12101,8 @@
run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ psk=73776f726466697368 renegotiation=1 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
renegotiate=1 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -11996,8 +12116,8 @@
run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiation=1 debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ psk=73776f726466697368 renegotiation=1 debug_level=2" \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
renegotiate=1 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -12011,9 +12131,9 @@
run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
+ psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
debug_level=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
renegotiation=1 exchanges=4 debug_level=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -12027,9 +12147,9 @@
run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
- psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
+ psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
debug_level=2 nbio=2" \
- "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
+ "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
0 \
@@ -14008,8 +14128,8 @@
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \
- "$P_SRV nbio=2 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \
- "$P_CLI nbio=2 debug_level=3 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \
+ "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \
+ "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \
0 \
-C "received HelloRetryRequest message" \
-c "Selected key exchange mode: psk$" \
@@ -14037,6 +14157,15 @@
PASSES=$(( $TESTS - $FAILS ))
echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
+ if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then
+ cat <<EOF
+Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPS)).
+Maybe a bad filter ('$FILTER') or a bad configuration?
+EOF
+ if [ $FAILS -eq 0 ]; then
+ FAILS=1
+ fi
+ fi
fi
if [ $FAILS -gt 255 ]; then
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index aca4150..8e49d2d 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -549,6 +549,10 @@
/* encode length number of bytes from inbuf */
TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
+ if (0 != ret) {
+ /* Check output parameter is set to the least-harmful value on error */
+ TEST_ASSERT(0 == outlen);
+ }
/* done */
exit:
@@ -826,6 +830,10 @@
total_len += outlen;
TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
&outlen));
+ if (0 != finish_result) {
+ /* Check output parameter is set to the least-harmful value on error */
+ TEST_ASSERT(0 == outlen);
+ }
total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||
diff --git a/tests/suites/test_suite_config.crypto_combinations.data b/tests/suites/test_suite_config.crypto_combinations.data
new file mode 100644
index 0000000..d3287d2
--- /dev/null
+++ b/tests/suites/test_suite_config.crypto_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of low-level crypto options
+
+Config: ECC: Weierstrass curves only
+depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:
+
+Config: ECC: Montgomery curves only
+depends_on:!MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:
diff --git a/tests/suites/test_suite_config.function b/tests/suites/test_suite_config.function
new file mode 100644
index 0000000..9e9dd01
--- /dev/null
+++ b/tests/suites/test_suite_config.function
@@ -0,0 +1,14 @@
+/* BEGIN_HEADER */
+
+/* END_HEADER */
+
+/* BEGIN_CASE */
+/* This test case always passes. It is intended solely for configuration
+ * reporting in the outcome file. Write test cases using this function
+ * with dependencies to record in which configurations the dependencies
+ * are met. */
+void pass()
+{
+ goto exit;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_config.psa_combinations.data b/tests/suites/test_suite_config.psa_combinations.data
new file mode 100644
index 0000000..1035af2
--- /dev/null
+++ b/tests/suites/test_suite_config.psa_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of PSA options
+
+Config: PSA_WANT_ALG_ECDSA without PSA_WANT_ALG_DETERMINISTIC_ECDSA
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA
+pass:
+
+Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA
+pass:
diff --git a/tests/suites/test_suite_config.tls_combinations.data b/tests/suites/test_suite_config.tls_combinations.data
new file mode 100644
index 0000000..cbc57d6
--- /dev/null
+++ b/tests/suites/test_suite_config.tls_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of TLS options
+
+Config: TLS 1.2 without TLS 1.3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3
+pass:
+
+Config: TLS 1.3 without TLS 1.2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
+pass:
diff --git a/tests/suites/test_suite_constant_time_hmac.data b/tests/suites/test_suite_constant_time_hmac.data
index 6a118b8..4adddfc 100644
--- a/tests/suites/test_suite_constant_time_hmac.data
+++ b/tests/suites/test_suite_constant_time_hmac.data
@@ -11,5 +11,5 @@
ssl_cf_hmac:MBEDTLS_MD_SHA256
Constant-flow HMAC: SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
ssl_cf_hmac:MBEDTLS_MD_SHA384
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 70e7bad..5cd02b9 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -59,10 +59,9 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -86,7 +85,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -98,10 +97,9 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -122,7 +120,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -134,10 +132,9 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ MD_OR_USE_PSA_INIT();
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -158,7 +155,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -211,11 +208,10 @@
struct buffer_data buffer;
mbedtls_mpi val;
- MD_PSA_INIT();
-
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_mpi_init(&val);
+ MD_OR_USE_PSA_INIT();
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -239,6 +235,6 @@
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data
index c852c66..8b6410b 100644
--- a/tests/suites/test_suite_ecdsa.data
+++ b/tests/suites/test_suite_ecdsa.data
@@ -95,7 +95,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64"
ECDSA deterministic test vector rfc 6979 p192 sha224 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A"
ECDSA deterministic test vector rfc 6979 p192 sha256 [#1]
@@ -103,7 +103,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85"
ECDSA deterministic test vector rfc 6979 p192 sha384 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5":"C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E"
ECDSA deterministic test vector rfc 6979 p192 sha512 [#1]
@@ -115,7 +115,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7"
ECDSA deterministic test vector rfc 6979 p192 sha224 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293"
ECDSA deterministic test vector rfc 6979 p192 sha256 [#2]
@@ -123,7 +123,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE":"5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F"
ECDSA deterministic test vector rfc 6979 p192 sha384 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367":"7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A"
ECDSA deterministic test vector rfc 6979 p192 sha512 [#2]
@@ -135,7 +135,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69"
ECDSA deterministic test vector rfc 6979 p224 sha224 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC"
ECDSA deterministic test vector rfc 6979 p224 sha256 [#1]
@@ -143,7 +143,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA":"BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101"
ECDSA deterministic test vector rfc 6979 p224 sha384 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953":"830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D"
ECDSA deterministic test vector rfc 6979 p224 sha512 [#1]
@@ -155,7 +155,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2"
ECDSA deterministic test vector rfc 6979 p224 sha224 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4"
ECDSA deterministic test vector rfc 6979 p224 sha256 [#2]
@@ -163,7 +163,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6":"178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD"
ECDSA deterministic test vector rfc 6979 p224 sha384 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4":"414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB"
ECDSA deterministic test vector rfc 6979 p224 sha512 [#2]
@@ -175,7 +175,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB"
ECDSA deterministic test vector rfc 6979 p256 sha224 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C"
ECDSA deterministic test vector rfc 6979 p256 sha256 [#1]
@@ -183,7 +183,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716":"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8"
ECDSA deterministic test vector rfc 6979 p256 sha384 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719":"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954"
ECDSA deterministic test vector rfc 6979 p256 sha512 [#1]
@@ -195,7 +195,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1"
ECDSA deterministic test vector rfc 6979 p256 sha224 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D"
ECDSA deterministic test vector rfc 6979 p256 sha256 [#2]
@@ -203,7 +203,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367":"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083"
ECDSA deterministic test vector rfc 6979 p256 sha384 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6":"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C"
ECDSA deterministic test vector rfc 6979 p256 sha512 [#2]
@@ -215,7 +215,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443"
ECDSA deterministic test vector rfc 6979 p384 sha224 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D"
ECDSA deterministic test vector rfc 6979 p384 sha256 [#1]
@@ -223,7 +223,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD":"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0"
ECDSA deterministic test vector rfc 6979 p384 sha384 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE46":"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8"
ECDSA deterministic test vector rfc 6979 p384 sha512 [#1]
@@ -235,7 +235,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282"
ECDSA deterministic test vector rfc 6979 p384 sha224 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66"
ECDSA deterministic test vector rfc 6979 p384 sha256 [#2]
@@ -243,7 +243,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B":"2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265"
ECDSA deterministic test vector rfc 6979 p384 sha384 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB":"DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5"
ECDSA deterministic test vector rfc 6979 p384 sha512 [#2]
@@ -255,7 +255,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16"
ECDSA deterministic test vector rfc 6979 p521 sha224 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F"
ECDSA deterministic test vector rfc 6979 p521 sha256 [#1]
@@ -263,7 +263,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7":"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC"
ECDSA deterministic test vector rfc 6979 p521 sha384 [#1]
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451":"1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61"
ECDSA deterministic test vector rfc 6979 p521 sha512 [#1]
@@ -275,7 +275,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF"
ECDSA deterministic test vector rfc 6979 p521 sha224 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_224
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4"
ECDSA deterministic test vector rfc 6979 p521 sha256 [#2]
@@ -283,7 +283,7 @@
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"00E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8":"0CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86"
ECDSA deterministic test vector rfc 6979 p521 sha384 [#2]
-depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_384
ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"14BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C":"133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979"
ECDSA deterministic test vector rfc 6979 p521 sha512 [#2]
diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data
index 68866d7..15050a4 100644
--- a/tests/suites/test_suite_hmac_drbg.misc.data
+++ b/tests/suites/test_suite_hmac_drbg.misc.data
@@ -3,7 +3,7 @@
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA1
HMAC_DRBG entropy usage SHA-224
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA224
HMAC_DRBG entropy usage SHA-256
@@ -11,7 +11,7 @@
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA256
HMAC_DRBG entropy usage SHA-384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA384
HMAC_DRBG entropy usage SHA-512
@@ -31,7 +31,7 @@
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384
HMAC_DRBG entropy usage SHA3-512
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512
HMAC_DRBG write/update seed file SHA-1 [#1]
@@ -43,11 +43,11 @@
hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG write/update seed file SHA-224 [#1]
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"data_files/hmac_drbg_seed":0
HMAC_DRBG write/update seed file SHA-224 [#2]
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG write/update seed file SHA-256 [#1]
@@ -59,11 +59,11 @@
hmac_drbg_seed_file:MBEDTLS_MD_SHA256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG write/update seed file SHA-384 [#1]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_seed_file:MBEDTLS_MD_SHA384:"data_files/hmac_drbg_seed":0
HMAC_DRBG write/update seed file SHA-384 [#2]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_seed_file:MBEDTLS_MD_SHA384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG write/update seed file SHA-512 [#1]
@@ -99,11 +99,11 @@
hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG write/update seed file SHA3-512 [#1]
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0
HMAC_DRBG write/update seed file SHA3-512 [#2]
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
HMAC_DRBG from buffer SHA-1
@@ -111,7 +111,7 @@
hmac_drbg_buf:MBEDTLS_MD_SHA1
HMAC_DRBG from buffer SHA-224
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_buf:MBEDTLS_MD_SHA224
HMAC_DRBG from buffer SHA-256
@@ -119,7 +119,7 @@
hmac_drbg_buf:MBEDTLS_MD_SHA256
HMAC_DRBG from buffer SHA-384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_buf:MBEDTLS_MD_SHA384
HMAC_DRBG from buffer SHA-512
@@ -139,7 +139,7 @@
hmac_drbg_buf:MBEDTLS_MD_SHA3_384
HMAC_DRBG from buffer SHA3-512
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
hmac_drbg_buf:MBEDTLS_MD_SHA3_512
HMAC_DRBG self test
diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data
index a6f50ad..5bc406c 100644
--- a/tests/suites/test_suite_hmac_drbg.no_reseed.data
+++ b/tests/suites/test_suite_hmac_drbg.no_reseed.data
@@ -239,243 +239,243 @@
hmac_drbg_no_reseed:MBEDTLS_MD_SHA1:"3e325daab3301856044f416f250b6161e447e63d85ca084f":"a9d2a53dbd7ef4b9150dd0ed4d002e56":"4de6c923346d7adc16bbe89b9a184a79":"9e9e3412635aec6fcfb9d00da0c49fb3":"48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a76e77a969ab92645181f0157802523746c34bf321867641051ed6ba39368033adc93d4e":"":"":"":"8925987db5566e60520f09bdddab488292bed92cd385e5b6fc223e1919640b4e34e34575033e56c0a8f608be21d3d221c67d39abec98d81312f3a2653d55ffbf44c337c82bed314c211be23ec394399ba351c4687dce649e7c2a1ba7b0b5dab125671b1bcf9008da65cad612d95ddc92"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"65cdaa5ab147d0c79fdd02b24fc94d0e427f59ef9a31f447458c6befe0c2cde5a58c6b7d":"":"":"":"0d164682b5bb552a53a2a942373639d98576450ca632faebc15060691a4219467c5aa106034cd19a214a0a4f31d402e68c4c565f49b33b680d522ef25f541e8202be779730376fdcf5b7b58fd6ac959204a88f91008651d2c02ada82505f914d4d9b9aea7967784e5320e185e1248270"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"650996f1477112af7604386be5ace78232904315d99d87d72a06709d331a6f930b447cf5":"":"":"":"d3341d7767cfd95640a107b3abaed7b4e1855b348e3ae5bcc53a0b0d49d4b4976837ec8f376f38327135578eca7ee583215bd5c79ebf499816f79afcc402ff1e9ffc4ad0f896761c9cff75050bf84baa194c355763b16b5d2648d480a2b48f22662685de39c7cee90aa0b6edf8062e42"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"898640ce467201a53e7731bdfb572977f7eb3e49050bc1e367ca74bf0a27376d339d09f4":"":"":"":"4f5eea927023b4abab5d4d9944e84ca001ee081cbc21d4080e1534ee6d1d8a6f60361029ffa983bcc79b5d65d4aaaaaf98983de13ddde39a739f9d95878fb31f57f96184e5f2f3adf654a468c616237fcbc6b2c194e247178cb90294f631c449a01f1fe09c02587c460305be9fc71b5a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fe405dd73956bf6ec875515eebd8c5ecd60553643da750914c83dfc93611d57390af7324":"":"":"":"d8ae0eb81913a190c439f8ffa56c06155a73f84b20608b2b2e9eab3061202cebad18ab8b3eba81672152c1c02ef573cd6e8623c392facb6a857425c6795cd7999c1e7f56f3fa9accca018076e0bfc106d075df98f5fb66f28933215e9276777dfc479e71a8d506a66197918d9b0f7a8f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b06892f6f455afddc8eb60aae35b35a64f63b2aa85a2dae4ef489266f7bc354f72d68b71":"":"":"":"fc10c03fc37d3bd5fba6591a97f6354a9ed8ba2b6806744432851f43a3ce6418e39ccb417b8539e349acea588e2abe5da06147c9825c6e50a31f8589a57ca3bfb10f0da9c8e89fe2e372b5af1cf96e0fbeec5d99228770c41a76e587da7d8764d5f235f5d1d6188d84ae61c52c2164fb"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9174e174e9e031f62b2e19ae5c0bef22eed7d5598e6e73504759a2c15b05c2473a721d26":"":"":"":"1962f2d473b31a2576dbd78022f4eeb974641fa2e9cb582f03ab741929f51f0f4663129e68ddc242e1c2ceafacec3dccb97e09527aff46b948f0abcea1451699dc3ae4d3fb5e04c84337e17b504af2fb5f1aa6ec0033ddf138a188ee162c497526563a67da8015275d89f0e1e902b2ef"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eb1d45ba0d8951b7b1d7ce922b7d1f6e94da8b821940126c9da5b0b4382425930743a051":"":"":"":"306b1f733e6f69b6f26b7baa5441af4967a5cad8faad18029440aa989aef6024dbf3ba02dfc2c694dad6496ff760d72ae6914a4dcd5e3a443f4bcb14bf2b64986f35c32449f15e3084d46fadfa2ae213da6b26f787cef89b6a23084a929608a9f6acd8315808c29f8ae435a40202a012"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78cdc1567caf2ff529ef8e3475c0fbb09a48b687a544f7399f503948621f29686fb15216":"":"":"":"2367067d8ec189b0819eda34602768a0698b4b545c7d5214fad58c9787b89809b97f3af5f9349907d2954f8c0dccbdbe63cc019bde3a6fae10497ae57f33e91ed55b6fc4a83fe8a2463552796d5120da8066f7285a8388958817b1218e006d7fc617f453ad0f9217966a0731ba99f093"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"25f9ee24ee25ad3d29a974f8f552b178cb292b847a6be80694213a6c0b33e25e29fd3ecc":"":"":"":"32fe251a619d164c217365b12a313a942b6a9c3df007751a5fa9f356412d1142c785c292e3dc9d0b1d77e080892e5d39b91c58fd142458c71182061920a0721db453a32fe7ffc8b2c20bf11894fa37d8f0e9463edd43a97f65362295119be03d5e06f617fdff6accaab8c4da72ac8f81"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0b644221788c266aae00a3b63a87f32ca96a6c32b116cd37caa4f75ff5d7e56be3b4e20f":"":"":"":"dc9245da77502cadd1a8ac4d1cf6a199c8e529deda10c87ab6c69ceea6fdef36d45f4d036021b93fe5b342c52fe1e71d81e617bebc58804af3109bab93dbb2e5c546e108bd0891710128b5e8e4a4f01df2003d038fec8cef426fad7f72dd5e091b4850e9bf4932d60deacb6e9ea3c5e6"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a6677badff70966a3cd2febaad7de7aa5849ba763789b20d0a39b6c569261b826cdb15e8":"":"":"":"e04838c970f5d7208a2a7310da893d65391666a5dc62d9ede71fc30816cfc3e8064ac59cc9aaf30283356078c812676ca20beb044a6d78db6c5ef9718a88559607f225002452c01459944433013cfffea84d6fe404fbbbc2d66bb50a2fa01d8a5d6e4ea9b402dc5256752461bf6fcb7f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2301d8c053312db04882f4284cf8b47966c1c9b8c49de847d0c11f14c5f70ce19346562b":"":"":"":"b46246526b28f3ad7f6d8732ca3bfc40f005d97a519640a4ce728486d8bf830d661be5a97b11113e89096d9bf15cbef73ec28ac13e3fbeadc9bca500918bbe92ea23e131cc622dbffe2272db16ec5d4ca30e9bd986d1709ae22d10180514bcd11bd6218ea1fbaba101444945a17a4c4b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78644ea1b0c4c55c4addeb476fc34471ea2c4393697aa4f170726010c443b8e1c4a6b3ea":"":"":"":"ef1b41bd03ee8460d55759db65a4c97758f48e3a09127be04c7ed08bbee5fa5cf119929df42c187e2a347a8df99c502b693a7ae41946f4918d84686880ae29d6d8fbbc4fccc9e295876a249cfa59effd331994e84717b4c76637df36beb960761880daab3d43376341439af2ce8e33cc"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bcf49cb642b3d915cf03b90e65":"":"":"":"144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e4547261c9dda6bafe9fddf435a80ebc96354c7c2c8847c5d26c6e73a967bfc4ebaf8613":"42849dc8eec611eaa49252067fa60d7d7267d711dc35b576":"815f50fc233f157f96ad0627c355bce407b269dca91af661":"775a1c9da6f58d4eb95b27935ecc01dde31ff17ce2e4e65d":"25adb777523a80a6dbb6ac1fd08e02bfc4b4686cec5efe3ae9aa2d4469eae8c9c3693fdc8e0fc107720b7789ef7331e23fe3799412ec86857ffbba515a5af4d91013b2f17669421c822005b4747942790a11a24c4974f27d54de69727b0ed507b6a48a9d6c53f93e2f3d33df73dd643f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"06d677001d9b3c97fda4d09778aee3de131b4123696b109f81bb6b0d7fbcab3c5842bb83":"f99638d2d4365b662cd83ab4e6a7bbb624e6c72b7b38e81b":"20b7d56f6222bafeeeee59dbca1933d8086218891f3a9bfe":"9de4f2847fe239cb1a3df4b8ff64c25d7b0870f3c9ebe3a3":"e18ff19837ce21e68944659321311b8584dd515ed8a6a1f2b0ac06e69009c3d0cf0489af876201efad962cfd1ba54f540b94131d788d3fea797c4bc079593bc7932baa70abb145a355741a98c584f0fa3298b8310b01e1a6debf5359d7d02b1a6c663100acb56975450bec20e91b736b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"abd38c0465cdfe018f36ffbb7a0ee51d67675ab4f0f1d1e93418bb4cdf6499a371af4d3a":"9a07d5571d841e3c1a9eb3fb48cde3b3e080e1c2e0db6a6d":"a392f79022aebbec0c82b981293627d139dfb5232eb490b4":"f5ce1f6b1e6715c49bea42ff439fdecd9b3b7f2e578133cc":"885c54ad25992fc38260498d6f4d8c73d6159af5f7efef06174da03afcd8384cb28690fd9ded1d26e2dff74aee4dd0c47a0d99c6fc1ec8d8faccbdcf6fdb12a528564ad0d8131bcf5222d7e6c69c52da1acba01b721c98ac5a33725111f12f6d8100009d7cc9efb7ad8d7d95ea4e620d"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b52620e58e0b52b8eed0d6a6c5f4ff6c1483c61fc41dacf72bf475b37d068d061d1edcea":"ef0d233de00d24622b7d4ff4215aa720787fe80aaeb65d7a":"81b735acd3dcb13e65231c2d980fb40ca850370581f230d2":"b2302d024d92cdaed4b12f79b0aeb20c98b2321710fefab2":"ae94204670196baf740768f97b3a095134b384afea667fd90a77a16c8ae390a732ff49a3073a27db0f7a2c8ad5d7cb527d334a37abf0472f292a20f2a28e667d7c9e9f7b8fbdd177f36bf92d66223aee3f712b6c9b064e07ab96f6a77613ea55008fb4f8fbcb2f1ccbb0da75316c1faa"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2592a5ed86ff64b9b4c1fbb81222d1bfbc53f3a639571ecc356084058b8855237da15c50":"a626c51ec99e72431485d2ba027ed9cabcae7b86116abe4f":"c430876552d28776570923c6b74e42c3210f01104006bf11":"fe2ebc239690a4eb18a0b5e75d08831cc2eb07c982c63973":"005045ade7cc15467b5ea784649d9804540a842ffba4db8d44df4f44c69480bd4fe965b645aed09d62190daeb2693a2192aec3d71453a8218e4700201ab922ac35d241d95150b47cc7a051897be4d958f2da5c2ebbfceb1c550cb67b32ff83ce4fd845fd826a0d2469b506f5158765fa"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"376785f5ff8a82ceb0aaeb010533cc1089059ec583c302b14bc47e2cb8c2711839ce7f68":"6d345e248339e893f75696c039ac47e5678696fd489a393c":"b0f3fa1131c3fdd5c7fd2de93931e45a66fa030422ac65db":"c66341e3f9fb82e3ba85f229fcb7d34457e4a6ba8396b548":"b92d17e1be94b0385a8cc3e16189811fef7b284a1b0b6b2520fde79af7826c745e746486a70cd8dd9930b163da75f7eea7c216e758d9ed6c745dcd7bde19bb9382c1f7c37cd15b703b884d7d452c255b25048a836844c5ff28aaacf733a52c28904b36e1b51729d7aed81d601c0872dd"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2cc2557582c5a90cd2ad0c4a5578eb0bbc9bde41b126e46d8e9c3563341ba238414eb628":"9d2fbb9153e3ffefae0770c79de10db069a5ff9f50e31787":"2e54e32539e27ef76ac1eeae2e30c2385647652e20903b39":"1f4e01255908c3c8049521f8972c01ede7dc76c425c59640":"7d6ccdfab33f322898c470be02d8257e0e952dd10f407b3a8eaeeba47c541d968d79eca29e15541c1505fe4f19a41797c9ca2280c06261fe9d0c58bab65d16f5794b57566b8795c38c7b43d4761c8fd107beb95147a0fe61ae8dc31e25eb2957e44c0463ca7c1b589ea587f0cae1428c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e670f896326b76034e43cd85f6f6f11fe6582d3471a8eb88d37a2302de010aac0e556860":"5e218091abee1960ef81f4d5a80415e388bd0cc79bed70cf":"7cf84b9ff30dbd0f608fb21646d7c5b542fba50adb38d5df":"c1c4aabe7616a4c97a4dbdadb08a9b63c6e10cef8d463fd8":"d8fbd557fccf31829b5ee11b05d0353e725bff15fdaac94d21ce95d40eff55edd852b264b515ec6384e2d28d014e47a2df0d4f56a4ec79309b06affc62915e231d62d02bfc60220c72b7ca7ba5671f882839b791ef534e707a04e5274c1011f7941fe1075a5d06a47af9fb2f65c1f211"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0576bb2d4c663b781193509251e2f76b0a8bb792e79449600c2c154feb70cf33ca942508":"ad15e4fce9f4dea43c12ff9f9d50c963b335a01332541154":"3c8a4d6ab96cebf9d02b5663dcb0e0db23699623455cd4b5":"43d2d3a8d023fa1785ce4781a15eb20ad787685a47da08f0":"a68e648cb07da2eb795a8c898c8631e565f33c2fe9c35e686d6f85fef145446cb79bb6d17bdc8224bfe437468a9630ed03c517caf1226c278ae510c869d67d50b6bf1cb378a34035041f290d8dbc123650ab4fbe5cf6074ed0ba90e45d9a8ae08566ea3d3a00ee3741c8ec8f56dcc78c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"f597ce05b9a5b1cf3847bbd4171e5085384cc256f77ac61573b435726cbd538b93de9f55":"573cf859f8fea05f16c6d03cb4e524b91e917f39eeeb1d68":"2a842454870c3f7936f8036b453d219557ca341f261d2519":"7afd8cc269899acd88f5c55af29fb0c4ce678a0d8ebf924f":"8162c16c1ce3d5c6b7c96f0281f4220569a882277935752b86e7d3f54646b276cb77ed96da73799911fca3d19d34c1f0b21068a472afcb77410412eff2abd03c753a009ce02b0e995477546366020294eff0ef0da66f31a413313e2774ca04f09a4d5076e0e85ca97d5bb6faac4c0c27"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"d5b5374fe143035c4fea41667bc8bc7d46000998cc82ab32a0040c705e01f9b354e8f16e":"ed8bb219e67515874c5b9e3f6ae6e4dfa9c42d1e69204e8b":"70f03fe6e78cc34ec1678b2708fcd8ae3300183ea15ccfc7":"9c641d7e73d1a2b819e113747d74a979b74c444ed36b7391":"d50df8e3e17c0f5e19673ba2097d1d0c4cf7a9def7465a5b91ac8d49ae1b6a821fe9efde841ec9064555c0e2d6cdfa41f1089f22a5c27090c5a136660d1af586a1e131a853f19bc3c8f4c79aa09e39c2f22b4456c667ec907e2a4124218665e7cce50399ae1e19ba9c2399f470444839"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"74d7c8c9b170e59e4f128c8df1955838df5c8071a5e85439d71e785c68b37e10efb39c9a":"be3d54203a1078d051519137774d5d851e81be026155eb78":"23f7b6758d79de580ed3eb995fc173da74939837aa8d9eb4":"6f0d5a333ddea0d38362df0dc3ebaa2be2fe5825ddb0ce84":"4462fc32110b25b3797c5cafaad830e8a4346d9270fed98b30f1345a7a8dde19bf5365d6f3788e7f715feb2762af263839c8c8188908c61120743d977d71c51f6324d887bbda380fc07eff09a31c2332e7b1aa1692c59c3379db95fc21cf711c004c4d385fe14f48f2f2a31bcce6aaec"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eaf27c3f69279fd523c0c3a1da5fc4f01ed64c27ffcfe3c1c596482f5baae1434e8c687c":"b038829fc95dcba8645ce40a306491c893f48139ae30a071":"fbbf7abb8cc2612eeea6d9463efd55c47245e01713332bd6":"ccd7e81f529de1ff4e65fc63d34c262ffde7ee49e6707197":"96dfb7445057633b2f0deb69135d10d0a2dc53faa9cded55ddfb8edc63f5424f8fec7627597a30328177dde7963f76f9e5412b5b440256c6a3f0c7c7fa02ca49e19ea176abac013696e9d529f65e51d4a7348e42dd254bbf19d9632d6c875b8ecd7a4139f1bf020a159d2a30af8d645f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"319cbf2b11b37c831c654b6cec2570dc6d7abeeab185272a518eaef30faa5acf5c8b254d":"9effa141f7466b659eaa50c32c8e683c2640f54027ab6aa5":"63b3acc237588cdf41c0d4bef16c4890cf3d458fcf1de8ea":"573d6a7960aeccc3280a8aee4d72e587e9d196b7b270e329":"8a568086fdd9f01206a5aaee34d253bbc9339112d3170699b9a1392e97062d5d0f16240114dc1789269217c5b4b2974895b20903890f7dacfef46fa4a4d02891c70425ab3b42f53d72f852faf3713ac7b8207dc453279f4df345091b8bfeb54983095c2d190358293ba507bdfdc39b24"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"56f3f5b08da10ead0c986dd2ae5553e4b2eeeb47ad5d22197b12b89b4a871c51c0d85554":"96c8630a1f4187fb0794601cf51e7e333e71756a0421ff43":"875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe":"4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595":"90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-256,256+128,0,0) #0
@@ -719,243 +719,243 @@
hmac_drbg_no_reseed:MBEDTLS_MD_SHA256:"3d99f9b7ac3a2fbe9cf15d960bf41f5588fc4db1e0d2a5c9c0fe9059f03593fb411f504bb63a9b3afa7ffa1357bb48be":"0bb5ebd55981a25ba69164da49fa92f2871fd3fc65eb30d0f0d0b8d798a4f8f2":"288e948a551284eb3cb23e26299955c2fb8f063c132a92683c1615ecaed80f30":"d975b22f79e34acf5db25a2a167ef60a10682dd9964e15533d75f7fa9efc5dcb":"ee8d707eea9bc7080d58768c8c64a991606bb808600cafab834db8bc884f866941b4a7eb8d0334d876c0f1151bccc7ce8970593dad0c1809075ce6dbca54c4d4667227331eeac97f83ccb76901762f153c5e8562a8ccf12c8a1f2f480ec6f1975ac097a49770219107d4edea54fb5ee23a8403874929d073d7ef0526a647011a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"a1dc2dfeda4f3a1124e0e75ebfbe5f98cac11018221dda3fdcf8f9125d68447abae5ea27166540515268a493a96b5187":"":"":"":"228293e59b1e4545a4ff9f232616fc5108a1128debd0f7c20ace837ca105cbf24c0dac1f9847dafd0d0500721ffad3c684a992d110a549a264d14a8911c50be8cd6a7e8fac783ad95b24f64fd8cc4c8b649eac2b15b363e30df79541a6b8a1caac238949b46643694c85e1d5fcbcd9aaae6260acee660b8a79bea48e079ceb6a5eaf4993a82c3f1b758d7c53e3094eeac63dc255be6dcdcc2b51e5ca45d2b20684a5a8fa5806b96f8461ebf51bc515a7dd8c5475c0e70f2fd0faf7869a99ab6c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"067fa0e25d71ea392671c24f38ef782ab3587a7b3c77ea756f7bd496b445b7a3ce6acc722768ca0e03784b2217bc60e4":"":"":"":"16eaa49510ffad8cc21ec32858640a0d6f34cb03e8649022aa5c3f566b44e8ace7c3b056cf2a44b242de09ae21dba4275418933611875841b4f0944a8272848c5dc1aad685935e12511d5ee27e9162d4bb968afab53c4b338269c1c77da9d78617911ed4390cb20e88bf30b74fda66fe05df5537a759061d3ffd9231d811e8b34213f22ab0b0ddafff7749a40243a901c310776e09d2e529806d4d6f0655178953c16707519c3c19b9aaa0d09fb676a9d23525c8bc388053bfccfbc368e3eb04"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"9f76503e84727297bc7056c7af917a1c98baa725295457db4fcf54ed09af7f15f39c46142b85a67b4b323594b7e97bde":"":"":"":"7d6a8bc5a7f057ceed6109bfac2486f80f81373b6b31d062aa1fad6d9eda5874867b9ef007ba5a92ba8f3fca624bfd9f7ee5770bbeb0391394fef783c16a7f003c06e5469bab03445bb28a2111def415d162e40472d3e5ae628c5c63170bb19f741c79a5331c883c12bca429f518bf71b14683a071b6c6e1e55d8c7a0f3942bc12a103556c49ca173e498b3b4a15027145cdaeb195bc8a7e1aa82ebdf6ecd516481a4d21f400d0d71b5894545888fee8beed80d3251647947f5abc4735b47fd0"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"e242e5b3b49d87289fe02840dc742a2a6cd9490fe2cce581833dddb1edc0d103f987f5de5c68cd345c81b032ea55f36d":"":"":"":"3a858345dfaf00defdf6c83114b760ef53b131fbf14bcc4052cd948820eee78a11cbbd8f4baa308e1d187fced74cbf019c1080d9efffd93fda07df051433876d9900c1f9ad36ea1cb04989bb0c55fd6d01e46923f3bc8887ac00ebd4710212114165355361e240b04232df55a81add3fb363f0d4c9c5e3d313bc7caac7d49dca8517cedacf571fde9686ae93d901fb9b17097a638bb9899cfab0ebc9d1f8a43c2eed7c9f326a711d0f5b9cfc5166c9b561824cbd7775ec601ca712b3ddaaa05b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"42cc17365f5ea5fd22bdc4ade715e293064d6794d82bed5b77c4c107a73de1f76d759e4b191ba01e0ed5dea788ab018d":"":"":"":"de06dee8c8fe453aa03ac2546c39f5cda12412864d52ed5cbd0d4905dd226746d50d1af9fd3e1d90de0f16295cb7f6f4d3271ef00564709df4b05eb9f8adc0f8e8522b05b9f32c37d8526813898b9f71db57fc8328e3b79144482e8aa55c83934d6e097e43ec6d0bc32edaf8c0e6ca449b2e8388b32b286e2d4f85266b0605fb99d1a647565c95ff7857bcab73662b7218719189d792514edca2b1d0cdcd9b6347e132ef4c323da24ad5afd5ed6f96d27b0f879288e962fa0baca3d5b72b5c70"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d57024a230b825b241c206f7b55e2114461ecc9b75353f12ac1d9ad7e7871481fe401c320f74afdb07f566ea500b0628":"":"":"":"e8930bd55a0a5a6d83a9b3b2cde7085c2ae467ea4a2e65ca303697d492ca878bcb801769eb1b7ec564586ec8b36d350e192c4fbf03a98be0ddecf56d465914ba353ed7734d19a680fc4593d9234c4ac8c23b7dfa1e26b013f590cca43b9fef126121b4842496b11dea3ef5e981cb357341f03f92a546a62609236ded6f7d814456acc0596d555cbdc02cbd47dae2caa1897831ea464225922c6600a8bb92e711653067f83b21e1df054309858948c11a1399736fc8391c5b0fc35629abfa5650"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"059ded79125b2d56d9d52bcc950bf608d1a2373515dafcc81efb6588005a5722d8f5f4181f9f2a316c93fdfbadf50e75":"":"":"":"db65d2000632c3d7009c227e99c210e5897f4d7edae608a242b5a4f17708613f8c19a4dd65d6bc3ca57737c9bfdcca068288eea49440af768d1fc977c32b065bb71aa3d8c4d77c9e8e8a6166f332a247978a6c41ed253a1b68ad934a3416b40344a681de28638f00b0a0ffb75514c3f62253372f809906043de35e4805b8e962e5eb957f04212835f802b2c0b3e76c7cf239c89adf31909cd6224d542d929f9b20a10ab99a7c631e4e6188fe2ba8f552c9c88fdadb528679fe950431641b8f37"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"4630406b475b1263b6078e93e5d4282205958d94eb97d1e66b429fb69ec9fccd0dd9982c338df935e929c42fab66adaf":"":"":"":"5d80ec072f550981bcaac6787c0488cc470406249ec80f4bf11050630227f8b5ac6b3b369db237d7c24a0980dffe8d3abd9b64fd4efa492349bd4eb6902edb94553546110227d7de5a864ddae8b9fed8de9f0df9c596e39de903fda323ee6f788831452eb9e49c5eef3e058b5bf84f61f735a93e042bb9e458df6b25f42a6eb8fb03d437cfab757fab4990c721a757eaa5e9048208abbcce6e52f177b20dcf52f1fa551a92b68bcdb01680855b8f79131266378cd1f0c2a4141c9675f01d1e48"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"6ea9c6f784f12a9707ceac8a7162ee5381dc893ee139f8f4b4d93db266829db4ae92bc52ff860d8ecdc9fc16bd070130":"":"":"":"234366f1591cfe244956f9496cdf446e0d390ba64beaa066945b1b4c5337dded2619dd2bd0133a5d612bab7c251ab79e3951cb134894c422553fc8cc7b3ccb29c20adbf52dda35af779142d7efc735342db2ee067649fda25f3e8a74f8e4f6620cf5a17cb943602609cafb85bdf482873efa4c74928cc0d69444b72aa6bc72694a3a21c6a721aa4e0fccab0a98aef375a37a3e8a15dccad13b6d70b3483581004642d879804aa00cba207b51affca43490bb98f67953265574366ec3829e67aa"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5c13056be92a7f71236fcfef460298acc8595dd474310727f5ccb9a7acb2254ac7226f86349e20e2aca737068ab0f2ce":"":"":"":"16d415eddefa4dc295a64adcbbcb8c6fe8c8f123c6b09dc08a56d723cff5978cc120fd0a68a2f4c202c220db372d3128ef52385d5786c12dfc6e60ecfc3461a09fa80453e2b1b6365eaeb4df602d192aacb25ab6b4a59689d4bf8d1c4c42a32779f62b06baca6461f154cf40901f5787c1aa2bf67cbfe7546ef5b2bdff20790d8c72d077d48c59c92d1af90a90ccfcdf643dd9d6cee0b1faf5f2f35cfd01d2077ced5e2d013ec1e09336dfab9d9e51ba9a3a2837306213bca2d79abf8dc3282c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"38f08a099fc2d405c32d1e0f867e5450d5ee0d53783c31de9ddeae46d962999da01f13a43320c715612cedb920cf12eb":"":"":"":"079ce7a5b540cae96c2883e95acde3039048a6c45a2d259cc648639e7205392d91fa3ee080e615f1e0741a0e536c9e05844651b93461bfc547fb452fec61f853e1bd6e08eabd0cf1c5f84f85eca9d42b53d1e5bae51be5fd35189e4f1c02b843c6361fccf4ca6648bf30a23ccb8ebc16fcf158746eb39cd96f19d46707c001e11c4e0e8ccbc89fec66c69fc92843b6bb2ee1cc7595b65ba89ccaccd6130a8417faf705e8e203e90ee64ae970c409389b5cd0ca80a4e40b642689741691b20621"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"0863c868c32442a1a64095a71ab6ae2f9e61c119b58dfa4f34efd26593bbbf68bc407904c43300452dd4e61df47fa98f":"":"":"":"585334828cf531828fc7127fee0c926f85b8e71e8522ea921296dc62b83a09a00397cd45e0664d0f26fa24edd3e3d8ecef8fdd77ab22431d4066f0efaf3882c97f179a7060efe9e8cba5d8145bebd502c0e09ee791231d539983c08860d7783edb58440d193ed82bc77c27723381a0da45bb1fc2a609f8b73b90446e39869a5af5038aff603b44db9771113927a5297fdc3450eaa228e313afe43c31b0a95b476c5ca312b4f589f809749481722cea9990c02b647976aa6c6f02ce1e5e6ea6df"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"a41ad223e41e2bb9c131ec945ca310600ab00c51f6e4fcddd803bd9ab9be8af5483373838894d32745a81ba9d6967751":"":"":"":"95ca31a7eeebdd2348cf1d43411d2c35faffdbcaed4052d50cf92f0e9d2e757686b72d631a56ca98b68215e7014cfed943abc1e13441c1d660f13adf2188d0975154e1b42a592a62a43b57f82cc21a428873a92fda83abe420efb5233140e4d6c7852cf81e85961fa5c606c5f33e06077f414b0f814cbbe50cc606bffbd474364e608825fdaaf5e74d862795539be8697e2ce05d71446881e3f65bb54ed95e941586988f6e0c34e1beef426696e9dbd9a214013d826a8c99a2a686d8402c583f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"62a26c1327c0ebf8b40691fb4c8f812e81f5474b0c7db70aa9424110fee3a05e41c0cf2e87210e34d0c6bffc269bf2ba":"":"":"":"6e20a00df1af37e6cc55e580ba21335111eb375395343618df7d630b9dc234496e3964cd45c5de34bda46a28964f6148704c30925feeaecae0574038434cd33c1dd943207a8dbdcd72dc9ecb76a25728b3c2a8ac13c1de3a126d7d43a46e12e0d0ca8991469e582b78ef6aa691b5a0e3e85cba7d7aea3c1e8e031674e85f5af36546eb2a0a28d4ffbaa316a9a6c944fce291cc0c235e8499882eb62b22b548ae07cf9430329e009f4443cb94f7a14e8661166b0d681dcec867205abed48145e9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad98591f9c02a1d205cdbcdf4d93054fde5f5":"":"":"":"f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5e919d353357671566d2c6ab6e1acd46f47d0c878fe36114d7fea9fecb88a3a27efca9e3d1e1b09d7f16832f3af75141":"":"442f17cb3cb1482a19729bfd58f46f6ef16285554892c01b0718968d6e011082":"f9557c93eb841bfd7b5d4b71da928efcbe3f55e1870493ef90d16eb238380d65":"36902134f1989cfe7eb518a56c06aada98997d9bacd04aee21f879a57b515ca3b5e0c2d5fed05ca1a8b054e8c46b389d9d9186feb0abe8e2e60b3a267281cc5b4b7341116ced35a0e07bc2b0330bbfd8b07f07248fa6d8fc5c9df13445324162bdfa22a91ba71453ab123c92f91c70b8bd540b3b180b11ab45ae2c59e57c7c43dab7576594959a96eb502d182267c86576b1846ccee1a694cabdfb42e0c8214192efb502926fa3c27eed020b7cc8866a5af9d838a57e78bf7acd230e1f4d8361"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"7a5d1efc9b7043060cabd67de7fe22740bcd6a8ceb355d69f118829a2b3c92006a5633e613f8769c1114b1822ffb5408":"":"f2ad962d992434468681c644587639901ff74e2bbdd8761961ec34edc4a0c36d":"75aae0d1bca9484c89fc4de3d1b34275ef0656775f3f8c96f2bbc50401aaa718":"5ca21af4b399db38f8b74a406aace69f994691f2765bb9c47b240000152739e059b163cd007de5f28bba17e485fcf9ff6f41f76e93998510e302282cbdbde09fe8b1a96187e57c9a3df94e2e748f20026476ca682dfa890b478f7a21f4927f74f99aedd9ae782ba10fcda1dc34c31b4f784722e01cc4679737276f56df23c5bd8c6985797b83c0ccde2b4c7a65c652745de7fc8a235ad7ed0f456f1e7568b2dad475f0bc46f02a7f35c05cfef9d0e2c773ff895e291a2cfc2424b106096d8864"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"611586ee40cb3ca4a9238ce112a237449bba5422ac9b18ea53480875334d8fa026da9d96c4e87f94b2f9a7c261be3edb":"":"2f835c336a3aa0019b0bf940c24643bc8fca58c9cfa6509aa9241de9e0e1a046":"1911a59c5f2568860ae71e803688889dc44d14ffb0d93e324c39f32d95c1c3ea":"27bf42f50476d8a2cc23f455e9ef477cb8e9c90f2e97c8a483093ebf55b2aee02e0356cff919e2ec9811b42c73498a6c2b96aa5b761ef7e715cbf66ad2e3ff8a6c92419dbf2e653ce70a87b51e26d9f607eb25b45b91f947d0026a38977143c8bbd94076e663b9cee35505b48e453e7cca83e540975ae8a53f26390aa63aaf1e2669410cc83427eea09428776a2d520eebd170602c52dd491c98042018a0372a0b39cb565cbe5e474f927f91515a6a7444fdbe1d89d8ae2c2482a0deb8ff236d"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"85b1e5da599efd4a20ffcefd4737fa3ea1d2b14be33861c2a4ac3ac2a49d3947b14cf18f4ff426cb6345f1a7653e9630":"":"cf5bbf98d8577077b0b84475dee0f0e9aa95eedd1d916507b5233b688bcc856c":"b333ec111e1e7d78c9ac916e420704832539d2db46aca3bdc4732e8ce72b5e80":"4773d32a9fba37acc6900f3ac70f6978ff1e40039d6e3286c264fb7fc59f1bfe0188c7979380c8922bdd0e363c8e09a49faef59ea85a9f0e400b94c74a8a50687e4e51e25266eabb86276f22628d0d2e19c5696cd221a9b80f94045d001ca4c20dc916ca0ff22c93a41fc822912dd7e247927fd45982e94d3d1fde77cbe78beecba830b753079326ae33274f13fb7cd875e85fb5e9e703e61cbd41bc4ad47d7b4d14afc873a39dd810ad8eed95adff8dce3adb7659b7c1d4e3f62403767940b4"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"50f986f6efb413fba3e8e0beb84d4948c2db0661ab8e064d9fee8b3c2f0a910fc35d37512f88bdfcfde797a21a006e01":"":"37c7b08222ba63f2136bb28f5ec09b9a899b56371615be41bef49a0b640590e4":"4a1e34a5d60ca08e3e6c0f1b86547ba2d12fa293275e7d75f83a0b846daa48df":"e27738c6fae66125fcaf4e725a0881d5a450fb5b02a55057d6cb7babd91d502c4f4a8431a83352f47ea8e5fd7e815f5080d144318a1dcbc755e0b935785cd5397955da22e3ff633b34a64ac72b2e6b7c51e78ff553731e6e8da911d147a6e05b36b74898cac6d3171bc8650e445ffd19ede2aa8218be17671321c186465d852dd80d73290546b88ef7a978b41c4c549e9c7fc6ef86e47084778fb5aed5d41e794ee0e700b77c0314a307b10df69daba605f3fdbe2dec708ba0b20d6b650befbd"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"641dbcbf99b61437c2bf65a13dc3e0324eb940335da123870d9429636dfc82979d0cc913c73e8a6321fc3eb9e973c0aa":"":"72580c11a87ce6b4207908aaf5bcaaa1bd217fce3e8bc0726568c64639b70767":"cf9f4527e074b72be735558dcaa1fc82f26ae286bf944b49649f769bf6faf49f":"345395723d048c2270c0eac990498689bcb862a4996e82995b4e7169e671eb03bb2242c4669c874c1aeaffec58aa653c7d7431abd1650f0cbce8cf5db8316693f3ed501fd9b48c1a44b34f7878aa386d65afc31f94f908a322b03d06c2a1074a03bd2b579cafb0f7cee6d6934588ae1ce9e4ed37b03737c553ca19af4b46b5e43767cee2e459ab91407df6cfd13a6f186abdb148b85a5f49bf92ac6674fb055c7fe123e9355a0d33de281c03a56f91891dd496dabfd6eaa6fff6c9cfb4e67c44"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"b9c305ada943a64a2b00494e869f9a640173eb1c2518dd9be93abc3c93c7e6b5bd0627a199d15f77b188824df00d5997":"":"ffc6760f9af02d35666275c074eda03f53dbcb5690580bb25768a6566b328dfb":"f26f436a820ef71597b75134b8d9dca6e9a6afd9b429222a4c9c878f3b92716e":"e5413a234859511cd837312bb31aac4d31962c5f7f27aec47417f367ca99b8400a4287e60412fc356cb40d96ddf5cb801285ebca42b2f6fe4a711451c1574174c58dccb2cd3342b7092a196ac7d2881a08e7f5de939ccc8f4eedc8f867c81aa88655d96ae50f618279d5009ba2ac4b1df4e63030cc0ec3541b6a94bd9a2ae5d1fcf4d847114a783c997a7c6b9d549010bf7b649abef692cdea3aa8ada14574e0f78b7fcbe17b587ac14980e40264d6de030e429586593d5ce3ae571f95454dcf"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"9875dbf59b760eab9998bf3341847910526d10071dc179f96081dd793a6001936881e7f39075cd382293a1aaa8c845d2":"":"1196583a99afe1d377b344585c8252a0690704b8f7a2b7582387ec91a60fd7e4":"20147a88e0f9f1e8caa8cb14488c9b5c38e5520a36ae913b4703d15af27218dd":"c808f6f296683d26208359a766fe61bc70ee8b6ed9ffb94ce269578fb5568fe2358d603638324b63b29bb36ae71a542e38ee69a2b93ad7e4a887a27a2852cdcd541a5fa6d0c8b087aa1185bd5788256e7d95c2aa2d5c11407b7bf762f416b01d8e747c45298f875200a2e67679d6d5ff7a7c0e50a010690b1920df1baf0afcfaee7ab0862004e23b5aa1ff47b8273d503bd74a54e7b39ac7e6d6fb0a594d30531cab8a67b22783470a65f24faba1c231b3ba45efae9f0be04e2338529cfec008"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ac92a6c791aba0406d6ea8255c3c0901eb711a424501c2c2c847076d78bdcfc3266b7c3bc578c7501daac6dda8366d4f":"":"13379a77d84a0c4cec95e62ac4c8a98ceede0d89b8bd317352a95300963415ed":"04d47ec89a3e1b7f22580167331225a00ff258da72446241a6c09c517ee4d48c":"c2e6528584c6dbec436ffec4075fd3aebe953fdc0b46b4b225a3c2886e60d21879e6ccce3746d881f6d80e33876afad439ab9f68fcc458492de12811fbd57ac49d868754da19279b4c0a38979201a588884def5677392dec97cafc94bccf8914d9f78575711bb6f2adf4116db91c8b54e36e9ac2f5e01caebd300acd7bd45eada69d20f1b4139013a8a614069315a1c99137a6f23e38f91c210e0c156c6fb498056e823dc41a05348ab43c2f6f4ce188d4e05a13d38f8025731ac1670949a040"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"63954ac7a0f989a458d2b4a6b7013dd66683624584b545060bd03a57b92822ef422764bbbc35fa5d40d34145afe44bec":"":"7b25d875dfb03333cc27b9d4286d00a85ea5921f4b8a4717b957349eb3509053":"8b70d28c5c80086c0cbbd01337ad45297af271d4bafc764b0fc5705700cd419d":"297752e61c4ebc4e1c68391335e2cdb49b0f19dafe359e451f8158fb7958d32a98455a852002d8f05169f438816ae6fccba1eae4d1fdd7a1176b04831d7ce892f711ec825062ea1c6b12144bbd3a0aca7f92520ebb87ac6045d2ac3a4a74fa559926f0daceb59d44fdb39f5fc3b877f34241531e863c153286f3f1b2ba2db4e2c8e2344be40c2a7a8cd01daf168696ce19f83ddb64d50e2313e78c5dfcf077f25e5b4d6f687279119ce856d4131a63ad133cedd020881939bf70f82eabfe46db"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d0944e0a3f3604a588271c8eb65913ad9b07ee2b29620f8106ca70ec10aeb896bc9b2b519c77fec5fc419e953ceb0be5":"":"d58593f2488f0a292ab552dac006c94b20ff500dd57af32be808921a5ee251c1":"ea9e579c9dca67f07ffd67d2483ec1fac3d2ec22fefff73c7ac9f125888d7a4b":"ae736da6632a7d8bdcc9e279cb7d3f9101a8f7dddeff253277d1d99b45c76a1a5c193334e912c3dfdff1bc389b209c3b29359a4ca53765a1e40cb900c6055d8a285cf63ebec79b46019efe95d5199f215f11961f3319d225bf3d60734fbfbf3593ab105cec2a17e308af469b3220ef7f055675396d289e6f4f8009881c8a2b4e9de88d53ad13e8bed8b38be6d8988f615b4590fde3d91caf50a86eac3fbf29924743145803978d261132b5975a9f108499250314e098e57c56e2f9327307cff8"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"1ef53464bc7a441227a27ea7b5c558dbb3f509aaf880213cdef7e8f6a1d287c173cd5b3148d46c48c83c5cad3ccc1f50":"":"b052a66992fd8a8cb02c593edfe4766fcbcd3505af29d698e1f4db398acf717d":"37333448311c2c6edee19aadb8f1036cb60cff2a945c1a0ea087713bff31e915":"4ea7054659cae1cc178ef431aebb64c2c8dda3a965ea940a84c00d9790e2e3a33521395cc4d49038994aa4c7dcaf0b52b44375d93b625ac2281991a85a5acebf3de552355e17b3528faf39d392fed981400f28540f5ca64a4d2eeb952c88856c8f7388a49611810941b46b1000ee4a8aaaadcd39944c4abca9110fd6580093f9303f86a6e129d56b5aeff5422c2261af33523cc6a174e0782e13a026c003c17430b8371bbfc3d51c3e06fbdc30769a278b109238bbe383cd5523053fe589b72e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"14148d69d583d4c1758c307e0eb0b762511165823fc54096f9da5513e87df53b96a7be8d31b8a38f24a82d846b0e13ef":"":"e05f81f6402c52dff5c221a2f191155bb56abe160ce7dc8a6bedfa029195a612":"214777e3faee7d953b5c796675e106d50cdc12836b3114d14447ae91cea3c1db":"eb0497b32af8a91ed3959c31b079b8cc5c39db3100913332fffbb6b1d5ebbcdc97d6e67c934f3336197c9b730d80995a7d7445e36cf3047cab22895f244cac803eabd001eb1ff5d5645a803c41ea6dde6c972b47de0372ce901667d03e2e02aa0a5aea809e0bdc7430440365908418ce6066c24191ace05d6a797ef9b94409989cacbb9d9ec31f3cf0112b72e1420b47e0c184a8aacc214d55a0d5e0869d09303e4014de0430c07380006ea75984e6c32b06067d7d7b931e2b74666b4b569f71"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"27d47020acc3a80a55149fa0ef43f684843ba89fda4bff1c29d20baa2b21956780569b7fa0c4078d9ff71a3790f1be3f":"":"c03ea0b88e2f9b53f902b22746bf4dde09439c190a7a638e3cb990d86739dbed":"3ef05e71487cdbc209b5ab6e808e55f0a93bcc02df766b01c1c1ae5875b1023e":"3ee49e2a58d800d922cfb66284da84bbb5944c85f194d95f1156b673392132a430e47ae74f1ed7c1d0e632d8cb604c88777437d8f37e7d0428b834555a96800540bf5bce6f430328fd328baf4b22b7f8e663c1d8583bc0119248588840510e11203cf47dfc4f6cdf8344170a341fbb7d93999ba86be3fb94d9c03922fd3d75e3fd5b42365aa62606e352676b2a0c51fb030d8d5605e8ac6bac2b4f8417d8e060148e3d4ba67b31e5e704d866bc87741ba877d12b10e8a9b37f3feca908fe1fc4"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"88b6550d49182ca7321d8015f780121223a93343dabaf21978ee2818e7bce6591d32b48eb4642069adcaa5986224e6d3":"":"809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56e70a04":"3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7":"4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"2cd968bacda2bc314d2fb41fe43354fb761134eb19eec60431e2f36755b85126e3dedf2af9382a1e652143e952212d39":"59fa8235108821accbd3c14eaf76856d6a07f43383db4cc6038040b18810d53c":"":"":"06051ce6b2f1c34378e08caf8fe836201ff7ec2db8fc5a2519add2524d90470194b247af3a34a673298e57070b256f59fd098632768e2d55137d6c17b1a53fe45d6ed0e31d49e64820db145014e2f038b69b7220e042a8efc98985706ab9635451230a128aee801d4e3718ff59511c3f3ff1b20f109774a8ddc1fadf41afcc13d40096d997948857a894d0ef8b3235c3213ba85c50c2f3d61b0d104eccfcf36c35fe5e49e7602cb1533de12f0bec613a0ed9633821957e5b7cb32f60b7c02fa4"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"023f5673dac29f62245510d0a866629c43c64bf35a0bad30f1270050876cfb1ce80b615a5a47ecb51217a46079e11fd3":"a6f797b155d6da01f5d155cb7291442e1b82d4190e93e279fe5b4aaa7d04ecc0":"":"":"507b824443af5db28f746229e03ab00c73cc3ee4956aa14b33eda00dd2b9b645c132dab7dcdbc659c8ba0e1a3575fe7dbc7cf9691f9b714acb1b33bef96943003c992f661e04fe9e8b9f648f4af9a58a45b08b8fa7fa3704e6bdc289abbe14a8c7e1747a52ac916c31ed079de0b900672e658a201279824d0d75ae35dbdd43aeab915653765d83e46f347fcb4fe3321fc28abd2d0d26a662661582ce21b6dc4ea6d1b236e9692a83c8ba0fb299157b80623ad4f448d25d57f537b10e5e30f80b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"96b5bc16ce0d101b90d54da6c4b3d85a70ee19d54cf4cde3d048afb5f758a6b52ea2c10c16feb71cedfab9bfa9e462f8":"2ff415e2432d2e6c4279910a5e56c0f5354a5af0099132d891943b4a8901ca6c":"":"":"ecebe717afe6dc08dbff3ed626bb06de0f9784283b70e378dec19d4fbb50e61b7be48ceb69851b2bb94641aec5027d53d314a96500a9bbb38a87c9aa42ebeb96a23cf29a0fbd5e48b399daa1b24dbdc85223f24b7d77332bb1a137ec709d27c008c709696cbe44bb2fc19fb10a2fad4ffd8a9d89492a939f2268d1557f44b6a64e2a57887830fd8bca1b6306aaedbd7f3f476b827995a1ed121388497edc7e639c87d092f6591a45b5647c6c091c15ed39f594b7fc4ae92331f96dd8e17be970"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"364a833a283a3e0b8a5b681daa50df96d806d4b54828f2b016de5d88597e6287d98cba8fda464d21aa1cfb7b26b9b226":"35b0e7534014dc2d7eb0f20ff78a69d5548d0a64122d4936a6ed177fb3ec66a6":"":"":"df4c799cae37173a81c545d019ffa336ef2c039a5865af425e5b60bc3d7202f4bc1aac5a84022bf4088061abd5c39d0fb047ba80163eb5dc8b9dd515948f16915832c6f76b45acc25b9c01e7f70955c0eb51bf50f00b24bb8e7ff53bd7c051b53d8b1a837a17a00355d7eb21e43b2b5b249dadced37d06e7047c2fd12012705a59d051afd26245ce3a59acb4b996b718c7dc1ae964bf12b1db02fd6c06ac2fec6ee5deb02c2c830110e9bbbd3c778a136b646ce2a0738563555a89409c56b81e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"bb4d38c775acdeed663256abb747ec25182bc16efd0de02cb4b05e4ad4749c92be6f1e856e423a8f3bfb0c0f27ad8210":"21591e796b7e68e7913fefbef4872af9c062f21c8023c0dbf47e040c3aed3733":"":"":"12575776e1b9f54b0fbc39e85a77b6912160bace4f1e9f049e3a1c5bcb452cf9be42ea10c028c3cc249401ac236dd3baa53ff327735435f4869d3289bc9465ccf15f826e4e4fff099986bdde0d09bd12e3caddcf452eed6ca1206ae4561b84770a9cc6e962567304ef79d8d3608529a3b5e4067fa83c8c35a06f1855da5f5ea7eb106e4c60181d12ba00cfbf7eac60bda00571d95c45c9d75c43b42e27a238aa5e0f02bbd96cde59a2e572934a99d05c399ffdf15c65f173748734c51999a29e"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"f9d041d24158f480600c3747cbfd868c3f7e9ac7f74b3760eae5320839e4f5130f8477d88b1d914c0d8b375d089a4c83":"b148049f4093f0032c7f105dae219aa9e3f70487ce3a6b6ecd99429f66be5406":"":"":"84c58bf473061da92fa8d56aab3a75598428f18dca504191a51746eb5fcad8f784eafac5ea81d636d579e330baf7db95c8d706432e9f585e84da090c0eb40dcd819bf10e0d5b8600150d186f732af50b431c596c920eca742e6555129fdf5df96b44005083d7a33087b150d63529bee4b6e1ed4189ae2d93cee8dc671d47c0e74ba04218dfe273484a4bb59a57743ea56843d516ff2c72ef9841996d31b0d6c5beef367a6b44cc84cf4d403a06b40406e4c9f47da401e3cf31412694e6164dcb"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c18f511ffc3479a59357c17c2fb3d1e0e6f0edda4c8b567f2413323c2037f2fd140fb0cf33eb59526d8c0dbd216939b5":"7387aa3b0b3d92afb29761d3d5ea16e32a68297b9ea6751e1d54c8612f6351c1":"":"":"949bf03868563c7d1498c69c327686682656374b2efdef6342e69a388229c580ca2217a9332d3ae77c2d1223f5dedf4b34ec50b79d5baa7283168ed7cbe71c6c3c9193bbe01b76e011c39d2d462017c2c74b7e698fa2140e16886a9ec0fc6c36decbae37537638ccf17777f1cfa49d2c2c7ba3aadd0a1565d61942de94aa6fa16ecafc2dafabc9082f23e75a0e2f8f79d1c0a15ce57fef7655f1a4fc6fc4d4a694bf6ca9e333959f35ad354524f614905c6a52ef8f524cdf01c5fadadf207772"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"6b09295110384eb56726f61474bdc532fdace31ceadb5fc23d587356cfac74338ab6f9d89394b907edb646650865a3fc":"7cafcb4db31ab411c396015b8bbbc990607e08bd1cef3337dfa0e295ae024f9e":"":"":"e51bc5b3a6bb2a2667f5d62c2ff9902dd07b566870b4c14242627da7581449ec985739cdc2bb5ef036033fa798112ce20df06d46d61aad7121b8282fe7556bdd363cdabbf47184e55edd85ee0b7b0be17b9a7f822f4d8906465b525c16385d0899b6c27728ff2a600870aef65f58f9d3777e8987d86e59fdb69cd232e7289fc75cf2174304137f988a17b60c57af84cd8e556aaad458f511fc0b3009516435c0c60098f35fb6a4a90d90bc6071d38000703ef57cbc19d6b78a0f797f3ba044c9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ec6d0f68240f5c47e822d9088364c6cd03ca53808162b4f06f5956da65290946f4d26653d079e50604f836c1d798243d":"b40b5737cc76c5f6d1df0f13bfbac7e26f92aa933125705b6197d9bedb11f2e1":"":"":"207833cf65599e1406ddaf3452f060c872099cbf7483f1f7f14033490f7258ca5fd7f5339f914498b6e61fa426cb872c880a9fda9b8ba590cd8006b990af7ad412f60c8b2ad969c2f9cb0e9d005943d4dd2dd7af9699046ce89d6405597716d43b9ad54641c2278b04b2bcc5b8ecbcd5e2044e4e6ec5a628605fcbd67249e813bb769d7df01b60404d030e69e9672b4fdeddf82a22042b83ca036578b69f9a0ad9702bcf95fe846705b49b0a0795dfbc4f671e0158ded6242bd8f8fbc2410c46"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"df59ac224e4ba1b6dff348f17bcf9c5a94a3235a54f2799a6cae29d8654b79d18b09b444a28a7d537e1a2bc89e95abd8":"14a0a91e0cfd63ef5fcbe2e8c7a44bcf5769c9f95b6c50bbe9d3b48b82a09053":"":"":"656438e7738d441b9ac116361e9f26adc0e303da7889cf559841b3e44127318edd356051bd0b3ecea78feb2b928227921a0c183c9f56bfd11ef31b28da6c78f3891d8ae1804bc158fa56e8b7a1a46be4954de493ef65a7f9beb46949a323a04e944034db30b19cebd8b70bfc155882ddfaca1bd5acb981c2c1b3e0862c6234d13093ddbcdff15129d586fc24ea2fd20946fe45b467bbbc77a6b6973eb6ea02994607c657eec29e4c4b3915cb730db056babf1779127047b401e25f97f606063b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"8da1ad6810c1d6b7ead210e48f51c370d4520547a330a4d591e61a9847aa043463f69d1b237999fda9b5697f1e7aaa07":"291c536dac72409e31e71cafb1b5f55c14421b2c7a44d792cfdc663dc8f62692":"":"":"c2bff571554c26bbd4442fbb3b0f8eb4db09840337658a7425613e0fd4f96e60da39b250c3a77379a53325a56ec02248c4d67fb9154e3b0eb8972a3109aed531eccc027705b267d2b9c037da79860d76e5e980b5b30b7ea588fa221d24d973f6d4c625de65123e91613a1528cdee59993aa827f319a759412f20aad6c50fa79a3debeb346ad92809470daf228cf344e09f03c839a28d580a2b3d7050685ef51e95649aba7228a2f0c82a2dfd89cae6ce549e8b27fd46f02feb473645765018ef"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5e8d6571f514519de6c4c0a7cc5b85df616735b8dd09c3bed2377499aaabb296a9b2c94642da10e8fa737cdfb3129334":"6ae29c71b76fc48f14a3d731a0f6f276f73e7672eff631dbb1d22b06463bb236":"":"":"5cadc1264314fb4bc7ed7fa74bfa16aefa624bf2fd60c992d0cba10429c56e0028ebb430b1a1c6662a9b3c7f6de244ca000ae63db9570f1aa3e7ffb1e97a9d848021d8e632fedc037712a29abec4063b9d57c60738f0af0b1aab3844b03f7aacc65d38bec91a11b7c3bf8d970f01e00fed9dbbe9e2e499a21c72a7c5a22864125133ecb073a4c9f6d9fd46024f5c1ee7fa447209afa6ccef1f97ae77ca67fca5959dde209d2597f87af6e154408579cec42c69fa9b7cc075ee3e37ee3d91ad9f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5c9481b2642855fac8931eccd1bd6c5a05b560a55f96d37e865f057a95812d81fe65c84c96a990eb7a302b58de723cb4":"b6a61b9a31207363d62c0b88f1632290f4f18feb41a6dedb85b7450ff9157016":"":"":"9cc77b68e1ac23fdd2e2a6ff697053f816bb48b39b1162f7aa3fdd2dd1867f68b13980c9e5989d4631b7983248501731326bd7bf6e967b3dee7d2d5625d3cc2e198623af9f77f86103491ebb4aefda5c333b51557b8f643e6d6c593fd7e27e4bccca13140f6129cbd024de076e4688567fd7e41dc7b2bd0bd9b3e966d5d3c461502221b52b001a4d2102894da04172efb900171a0eabab1fd134217580cfc33a0a94edc0bc132af91d048c6f5ea4e34ebc9686a99f81d19118ba4da63ae3df7a"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c43f883d0adc2b56984d4a497a8ad76813a01df5a0ba22b53144763b65c7bf3f6f722e4ceac59966a6e44ed898e6109b":"769bace2c263edb87101743673724ef67a935e1ae9cace87202b6015d20fd9ca":"":"":"ce61480953190453247d091838dd80117f7f85a7e9a1237c92edf10cfa26b423735788b1e89f33625480d9faae57112ee62c8e4840475a6a738018ad3fd4a77efdd8f15ffb621c429419b6adb20431fd35f9d62fb33d500b87beac4856aa4971eb89710576b609ecfe758f3682dd316e7ee9d6560b444c2446656c8941dca7d6eaa70fdf8a70f18386ee5d4c86738bc261c0e8e5f509dabffd0425a86858ea3c71de5be98570dabd80a37b4f7f954002727c0b712e58693603c23130a45e98df"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d083f7f8c65374627ddb51582b3a39e2bf074508d5f28ecce25787f386058de8afafaf2ad7e6449308e176be01edbc59":"ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad":"":"":"b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c2feb900032f2cca98d3f60536f563d8ac9af5fb2e90dba36c371c0a1c58cf5e4a60f2be0fa13b8266b715be8aad128c":"8e6f9be0c692648072d19c750804b10e2ec313c8013abd363de7a467787859f2":"72f54ba3f8e71ad69a040bb8493283acfc8815f17dbcea220ecd68372a2dffae":"adce8157ef60482841dd2ac5ac512bf7649120c1dba81ea75f2a70b7512bb6f3":"e76e4326ac69ddbc6b2408c529b05a96425c65cc65671601191238e9434d2a0147f3a25ce9b6818774f5263c92459bca421d2b492f9a9c2971359baaa1426d6e2c36d8924f39d02ee2fb5502c4e0b206dbe9aeeacd508abe6c055d547b5f9f35de4fdc9c05a2c63ad699a3a7e265598b8f40a8a295d7376b88c49af9edc790b8a5ee221e19877616678e2a5135d7b3756109200439d9ec8bfe0cc5f3c334ca9c022ab9192d5d554dc7ae76af1dc06d814427f46a7cfa2dcc62f4777d07ebde7d"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ad500edbe28b9a4338b55451b81c652797eb48fba753c186ce0aa9ad02a84ea2c995b7ade6de0fb4ec97bcbd61b711d5":"5770c41832a4cdc4039a8c332a4b45e7a7b2dabb678ccd2e56452aabeab14925":"d8d5516d158b41cb9d66566b88064900af78183f765f2f72a19548fb797377b2":"60a3a01a72e6b3f33a0c236db08237e7d656bdf4bab1db57ae23b7305569dea5":"c5ac3df66bc664e8bf84c758c7926992f0e8a03cd3f3f5fb8277c85b4da526601e8131f9d205f35594e101a86fb83ccf4c1e98c8e609062256701ff2132e337cb7287f0ee2e8fe3ef11ae703d7efe52e63cf89119ced05950c55aae6c822b6b0a8e1b91b537e5bb2de165a4b5b43a1c41fbfd65fff9bc5329d303caca84f5d1fc6acacee622623ed5dde36aeda0816749557c924d6ed26cd80e456fd0ae2146477ccb63a203fe16ac1d0eb2d12b6a2cabb21d412422e95f2df8ccdc23b4ef0dc"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"51a29bac53961792077e88ed3603d33bd1f51b3fdb2b5cd1ea131c6f643af65de81eb2e260396d2a69b4184c4eb98a15":"72e5285b92c4ea4458e8a2159687cd46e7df9c1f4513d8b72cc88be41c2e1522":"16a69f7aee34c567595f3d362ccbdbb7b9e9372c4b1729fbb80d9a089eee31a4":"825197262a43f6523182f0a91005d70b17d81c2bb692edfd02ab988130c7d5b9":"f63f531c242a295d7796c3b4844fc74821af5a53e0e7ae822cd8a7f9de91e6164164f3448fd7d18feafb97c9500e0625d501dcb3927e6fb39ef65dd9586d157076436452bd3066cb30d1f47dc0a3ffa5f2e9ab4e183018b40a82b39b0d170aa21b05600eefea906838b95456e04cf046808030a56951d2502c5eb6271228905ed08549bb171d6c0408d88250785f42e349ce1d9e74a6cd0360a008ec804e7ecdcb4d1fe24aa5a18cbb65f4de1619a29c6062b409a386ea6f43e60adb9ea3dd28"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"b30ff9c6e5b6bd258f1cea0fd5ef9adb81fbec233ff2fab01e79b7422878b2e950604e10ab80ddceb9d2b968d0d37ba9":"e8acd4b380aace0b27572057eaa947e10e6b49516140139c74a1d4f472221dac":"1d2ded0003521e2ba6a4a3e732e0949c1d858fdf0925fedd9cfd7f603e0e692a":"688ac5e7b4400d962c106fd2ce712a1cda6a0b8ac5196ad727f9b882329a3d5a":"c5208fec1d67517311a42bec07782ceb247e9c818e4f5f3bd160c9e53d462b61884feb278cdc8f64e22f59d27dfa98d3a90da8c7c5ba28ca40bd0d18934595a376553d1a8a19de07a83e2e9db42748c982cbcbf4a975c20084ea9cc6c6a41b571faf66b364e4b7e4d32efc80c30b219da1c02a1ea02f6922adbc31a057f999605a2d827f10907835c2bdde4157d7bf2906a0ad27bb72f113c6ec4f23631a2b8517bbce91b560d90d73fbf0699bab21da23e27cfec513bb5e375f50108197d664"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"56715dcbaa4f5bdbd157bdd950d1c1b46c1f4f8d7818ab321d72c0ff3c0a928064b0439f7bf021dcdc7febf2126e5432":"cd5547991b525f7795e075a59af1701375175bd760db99d316b91463f87f7f3c":"b2e4f02f1c14866f538eddab402356ff3b405abbb9154e88b98483a83be70f7c":"b8db321ab30285eee7f9e377ad62def6caada447d00a4ec882081daafe2ec009":"7ed8c2be58e3553eb65508377d63d7f24518d1a7235dd4c740bd987dd8bc1c1e3ca97a69a37dc9a270ad88989e4868e6cf8e4cf01703c0b1eb6aed8c3f8af431d819e68b6947ae134d360d87e33668cdef0e45e11f5cd79329ff95ed00e4a6952750f1574f489394b5fde3c6f07311a1e5d9c4e070a0943ef9d4a130a9e4b0a80c256e96ca5042961766874898ea0f772b78d1a33e866351a4eb425b822b5ad596cf249bce8ccd6dafb334b71a503fce2c8fa3fbac9943910ce5ff02ebbedde8"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"1c60a31760019e6a571e2987e57e19adbc1accf3edd44e501061cbec331b197eb68d0fa8fa5e3071d6f8b7c9c0a3c35d":"d4d84dc7311096791dd9c9d7f2cd291071f877afd86b9644427482d09ac9df64":"6473f4430398d7e5a2d218bd05e6aedac1e317269df3e4705d56c22d6e7abb0f":"379649b56a46399b9ab5f3880e1a73993a58cf52821d3cac87890aa0e6322a94":"d34152fa12fa341d0326a525aa838558630013857747f02634d24e9deec2da12f52fb405e7f1b973dc2d982d26eb2ddb4b49c35a9308b06809171dc990a4248e6da0c329a259f495247b9fa8c73af06604db7b629168e34081696a043977dd29a3c0362d5895f9aac24bcba58dd74078ef6f8d33eac864f2e6cdc479da3d224bad8099d011e914b6ccc3631a7369586e18c71a4087de0d47a7c29a09c12438c7de2d4b47768f47685b742c25b860e716c31e2afe4ce6d92bc2fb9f34400602f9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"eeccce7f7edc52f0e2559250be36526cd1839151a77c59d527f66fa24ea4d86b3fb298c8d72b6a0a8e191b60259d1fc1":"26d35895723ba3d431991a0e6fb2154ae5bff7e58609c926ee3269afc5cd631f":"227b9a71a6c17ecbf627161fc627f8f6f1a28ce39772b7a3d36064e2cc6dc4d5":"eb59f780c5a955e1355dfe15cc4a4e90a6ec75584e63bd0de734399f47b95070":"78ac77657dc56b23e617a9b38168da945c1cf52b6062c2b10f1d7a3814d9b9efa5545da050b0db5a65a2d2d2e02fa12e97eb970fa8e83c524bc809d675e0db35c9762323f327f1edb9b534ce16d02519750b41ebe51f747e9da43fd1afc60e46c7aba72e15cc7a22fad19ed55189f287a14737483eb6b32d966c3e3969d8198f01f2ed841f20d7d2e156d6285a29e07f6d7fff42bd575806c4092522b03e0d1b8df0cc88f5b82d24a7fd0feff6ada03a60ef2541a4ab041a49aa973c7163bf94"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"86f8104a081c9565dea5652f20145a068dadff125debf818262d8931cec6ba937fd5b51affcebee952fb67f29f197267":"c7ba5ff828855e6e78fa1732d63aac1f49701ff7ac1f3506e97941f998b4e9d2":"6917bca15db53a5359e5c4d30ab4d37fc6a1bc660faaf2e74864cb4aa52e0e02":"eea8db0cfc04f8de14d6053442b5b4f8733f822df4be5966a0de8b0f7d2036f6":"562b8b2fa3bb15cfc3f7e57f309e31b13c790c928ad6b32a005f5431c28576c5706c4ac0dc2c7a4435bebfa06571278f485932bd94382efcf727b300b230da9b9e9f377d2659ac75dd8247351d5ed8185effa0f255a2a2136e63717e0265d561a34c75ecee1c774c25e33fd938696825686acf9a419c1da3fa1ce8f695e231087aa0927dde6ab487dc61291ad4700c5c608fab1a418f6b30ff97b8b8f01ef8164287849a77b21be5d11d82d0c19056e07d59a30f6c576705c6cedcb9f22d3a8f"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"0db6f73ab6d31ddf8f78d76961310d68f081c9e6d5985e1883978c2dec48d9f58875ab658b3a8b795bf464af9470a90c":"d886936ad36549a10b5dc5d6e21203abd75ad63f826794b4adaad45a70424c5f":"76993d3bcc32546430efa30e3b30acc34c7672b6e18c7e2e9a1f1cc26f7f7a22":"54c72cf3457e6f5f6b35dc14167fee9383c44c867f233ec9d81f187bce438c0f":"c3523894d273c85d605d39f5b89e3388afad8c20787897b903d8db7e3de7590340174be3abd7598daba7806ab934e0feca02bbe66282d469ec01476bad5ccba59fc14cd9549bf4af49641f4326b1052b179c89194d21bec0501c97ef2c24aaf045fd348b765910fe92c0039612e37baad2445b57d9db6c1e550adf6688a79b117f6b7a37e0209d89f194a1bfe1ff2e3b28f0454b383af8872f32322bd5313a3c9ca48d33eab7c3807bb98f8f402c43b99b2176f0b33be08c7e84c86b26e971ab"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"3b1ffbfae6ec54a175a80a33c8768fb60f2af9ee2b8620c4e800a17fb9241ae47f77da414f67b5d7b24dd100355d2afb":"0d50cf61e2020a909ba6e36ba4d0a394579d3e4377cd4bf0068967e8d0fe7a78":"5d4efb3f6e6503c5d85a1c43398d0441ce8aefafaabe2f6d86988a24e033f502":"cfb6156a1b139abf21c73001240997ee1a8cad91a4bd777c0372c1e8fcfd3fac":"d3ef776c8d77fcc5e947bf53e0be11777e69c7dce138f24c1a3212d1b6b932580371479b7619fc82f029d92969628f810b54a8fdab8eba799e750945f3545f6a96226bc760ad736101516efff5d8581f5864b38c29885d39843a4adca17046e1e388c890542988797b576da64804eb4101638328d3f8bfa398ffaf83cb7290a2cfd39ead13290ae773a8958b33914ca02c8ff6a069aa25ac8b36f6f0f1dcd8f1c5fc838083a64ae7ae11b85be3a9fa80ed83949b622002e91776273fa32d6cfd"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"19767ce1f18aea366539642fad400a03a675b2f3c0b1cfd49925e535b2c2779043c5a1c57ef550acae733729516aa62e":"6bfa882c1e895eeffbb85578182653c022a4703091529780c075cd482809b990":"11236df1dca3de6e3e3a57d2741d1b77f15f45b05beb47cc500100b31188a42d":"98708a88fafae56c4f6fa780c6c0e33ca8f2592983b5ae607146cd6e92204416":"b6514a3779dcef2c9ea0ed7ddfa808d045c5907314c358302ca32b2055987a38ef601637cdcf77b1b8f7eac479f8f18972013c2e1a6dfe612e8a586dc529ece486505534c0ff3dc0b2049a0e46d7ac504a1fdfaa9b08d9fa017c5803415fa391ba7eeb576fd6ddba4404feb46e7cde56e090dd280be5edba7d6df9c5ba7d3454bcbd4d443b08fb51a117c1d5916f225dcd6c1c3fe2b2880f4d42962befe3ab76bdc086e29381dd985206e3e00ce722c9c040af5ff4cd4a8183b446d91b310845"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"f63292bab50668eb14b83975422a0c853fe55714a9edf9d8a817ba0b2f26ec40063a86ee3c79c694273342a02f68ecd0":"3c525956838e26b77b8cfc37f024ec398ed825076dbb749cf49a7d868c201e6d":"d9a41b47c3bf8743099dc8fd228f77dff01ae304761eaf57d751e11cf094bef1":"b790c37dbda20fbeafe9d1339a1151144253bdfbffe17ba87240eae49c606bf3":"3586b63315020b3ba1121314a0fa6c66d57de0ec44abeef7b7325e960832b7944cb0a81a747ee5c5d3163001536d3e5ad2ec869b0e5ceb14aee2e6915073619528c1421b59b80254dfc3cab0584898b0bca72c76ae25f52b7405b9dad38cb2b841e1d6a34fc5b277129db49928b2f6c0dd22900ee786ec128164ed12eb324b502499f1c5c89be2101901476b39c56034cc293e320e63a3e019186d4eaf9a098136e8c0ce7f6326f84ec95992dde2585ad3945a9534aa2954b8c15a48e3324d76"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"3df74683f298ba48648714e384989145c1b84246736dc275636809d64c75ff603056e703c435eacf21c0bb152d9fc2a0":"371217ca2337db03c4d06714624fa11f90d5dc575bdbe12a457c610be066dc2b":"f26b9cac8df57a33e4b5868c36f2b9322994a98269dcbd7956b93d147dd0aa27":"0a6db86c3abdc39878045b8fc2d5f0f77a8e298efdacb4cb9f74762fc23b96fc":"ff5252b7a39460a73094b9d668b53d1932243caa885c0ecd850612fdbe7e46cb275d079bb75a6b050191282ccb11ef255d52cb763618c4b624560d79bb9a5bc99319783de43c152e7aa7c4cd879a75869285320a9b749c897bf07220cc1bef1edc494bffa6ab93dcf839dc15f6f2e508b9e216e2a1786b75abfb01bb7bdeda722b47af895f551670f9562d9f9b78e98ee7ea5c5ca4f836af5bf153925b2aec055eee8164edf3f7b72e24b1203cfae1834705f74cac8c6043a3c2abf6bdf28fc9"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"53d70692f0f4dbda23d78660f0f08c7e70ca94441f1440348f76108874d13ea14652725abd1a94d315364416c90e662a":"6deee916ad660811cf05b5652f32df4e97f544ebb57762617359159cc9a425c2":"acda427eea1c8c6791be6e4d2b60be30302abc84d5c5a13be7d510004b8710c9":"d27d7f598a14205c45788665cd062135b6b65547d3188959e38ab675401d2b62":"f77f9de60e95da3f1d0d67b5dde29b31df59ce980ebdbad7b5e0a0051fee39e1d6fc4311f21efa016039bb05f3b009b223be6f2c007b468388a8a19bb468c7b82cc93dab3e160b2b72fda1240fcceea01c2638e9c8bd2d1ed9ff9b55bf69fba4b6ae8e694c150896ac6233b75567993f9a9adf25ca0f0835b9991ff4b8d3f4f1a3e4c5f9866d98b7a75196804f996492a61dbab5bf72f87658e2300a1b0777ef7f43ffe8962f6b6708d2d91dcdf6b430cfaacb3289f74cb0f67370bcc9af249c"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"85186650694f742c3f5f228f943788f05602d4827518908fd09a1fb445d8333db2d65f376d48c66eb9e0498999e1ff49":"499928c41841324749143be9cc769899c38d6f6e6933e56898896fabcd802931":"9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544ea01c96":"c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4":"b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc"
HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-512,256+128,0,0) #0
diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data
index 07fb24b..f7f5ae7 100644
--- a/tests/suites/test_suite_hmac_drbg.nopr.data
+++ b/tests/suites/test_suite_hmac_drbg.nopr.data
@@ -239,243 +239,243 @@
hmac_drbg_nopr:MBEDTLS_MD_SHA1:"4e8227e8422d674cdb79e52cc30b7b84f81cc05b03339704dba3e731fc81949e679a4257c5fd68a7":"2d6e4af02acaf230bf746157ec624ba7":"deebb368a79c1788528b589056b1194b":"1dbbc7a131e98344fd748edc6fec11a0":"0266e8a066dcabaf6991c7a91e1c6e56":"e51fc833a60b099e56996a66820368f5332822c8f9dffe8459c80d2512d451e1669ecf6e562a1c295fa6981fa651fdd3d8d936c18f88d5844393a2a371aaac8f485cfe92926f1a54980500edc43a0a6c"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"09effa3906a5e93d05530edc71e62b39c5e4da020537176c23823da52dbdbae8307656cdaf8f861471dba14533c880505874098917e338f20ef8d8a1":"":"":"":"":"d5de8a3388b11e45085f6d9a009462947631c4e74523080ccd03a0196aa56b63a93a2939f490e9456e9fce3e9000e58190991b9aed6d145ac18f65cf2b1c17eb021acc5256eb6a7e9023f62aed87d15ea4e4b328f265cc34adbc062d54524365cc9c5073a8371f35dc2f459e1d027515"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a7071e686936e60c392061f71b68500dd6f11c563732fca9dec3b2f859e06a857fd94e3ca1817872d94c2b7c2f283a0d2d12a6443e95f7e700a910":"":"":"":"":"72c0f3cb7792bfebbc1ee6f65d40d118a6a1c4e04e589c8f70273b4c7b718c9df383658572b894838a311fc0aa2aa6258758b33783e192b0c3c1d322809375dc925a05605fed8c7e8fb878fb63c84ce639fd277d9955f91602a9f4777b7c3b15404c4e761ec8d466674e32136c7b8bdb"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"abd3dafc85b23025792bcdaf9f410829d3201c1e8ca450e217e13ec2e3b744e8c54107174a6e69ad05f643ee5cec49cd47ea88c80b96a0944154b458":"":"":"":"":"152333e16b04283dfb8c43dbb3be43b5db2ec49a399facb65cebdf7ca3ed267792ba308cdb0649b0c19cb1126b144d5766b5afeca98036a1f85cd2cfe3b8071011b69b2aec382f8562d9dd4331a554f3a3ee632cff308488b30a7416be8bbdee7e250cd12f371d069a097e9eac43031a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"caa286c160d22af10922ee6088c269d0c963034e5fd2a85d2fc171d0c4ba0833b630a64ab09965f132a744656631bf2dd27430c7c2d1e59cdcf43a97":"":"":"":"":"4d6132b9ce70470dd36f551584ada639e74b85fb9bd3c3e350011d99f2dc0371f874e6b9d92eba3fceafe34e574c1441d0d476c475b704755a28733e31637962cae67e849bed18d77501383cdbc27ab6f60d5d8d26634ef39e2c60fcbb04a9bdda8bcfb9b2d3aeec12a21279ed553343"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f79156a2321ba930e15109501ead80a3b26c1747b7a9aeb922d1a9d474df64a1fc3483f10e88a7fcdde91dc06940c58bf4d747b5a9cd8cad2c2e9870":"":"":"":"":"1b3aeaff973b2e20cee947ff283277991842a22f45cce9d22c1705daa51a56ab43aaae1b51bad7a7363edc7b548a0cec6b376b925a6e35bc7dc3b4a33a7f3b57d66b1b35256908bd2d8f0495caf2539ba4475d766c21c2c2e4acff87fefb07c662eb344d9c99ed407165f8a09a22816a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2dfeb70fc433426e23378d048b836f899cbff52d4a92c6d7d218e3aa54c06793339a752f86f03b7fcf89bef725339f16ab1cd28ec85c20594bbdf3be":"":"":"":"":"d403dd8a6f3a914933253db9cd043421e54243a34043f5ee11a3b6a627e25d944434eac22a00172caa607ebf7de55b4c4305c2b93428d5fb4cf0a649451ec7fc5da65c4894cf4d2f3d52e90993544237e5c58745441c9cb2e047513ff81d9cf980d8b12769c21cc8c06f6d583b8be3dd"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c6ba987bb61c4131138bb8acd877763c2c7e1f86289a81b6b54d1d8b399b5a5ac7171c0c9c0b5943bd7f54bf72b20307834e971bb637b351a756823":"":"":"":"":"7ff01def84626825fc22a62cfe28f5f95403bb2618eff22529b6531aaf1032100944d5f9703496d165c5756c0aac55b1812a72940aa5317fb6a2944d124e7f65766f231b6bda06100c5ad0d1b37c488e0e9f11a6d8f7e4cf7337e04d094ea9de2db1bbecf40e0cc8d1fc1cf5a01cd081"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ba08acc3a00b9b40d2bad8cca4909d3bbec5471f78d0bf89a805d839b8b29fb753c9e5d3674365a7055a187a238ea1cd04f482d24d856b67eb54d71a":"":"":"":"":"9ec6ad840270051313c5825295a6f7527a8b1b9b3e7c867e5642a984b11911be60614e5737d3a0d109eea4223f0d2ee63cb19be702291a771b2e2c277f2d4559176fc5adccea52492e3d3ba7d17bad5b5f487d783639467997d7668ce2173ef777f9e31dbecb6ee716b5cedc8bc5098a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95413345228eadb85b67674b9981af34bd6a4ae04866229921be928c06e6a6a6fde8d31a6a88f24d6a1114ccbe08ded9d7c50c3360bcb8908a615381":"":"":"":"":"d4dc08e36f94e88f8bfb1919c13186139591edc681affb61c421d32dfda69e507d59495bcadd39b73c4036ef440dc598e339473caba60e0770ac4729264b1dbfdaf32ca6d136ef6810a6660fa5cbac91940a28053c0fa405c7b6ca5e3f147b5e0096f36b67da9fce64247cfdaad70fc0"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9b6bb9589f41e8ed6969dbf1a3b3d242dd5e133711f72549334c74190e4efb1d0452016ed4fffca9561aaf219e6793bfb6fd3dd9500bd61e6a62db66":"":"":"":"":"cee02e4fe0980afe6ccbb1b0d80041ba9841461397494f0fae5188228fbe9822e3ffc5397b7caa29950d95536e7000e1249e5bb93a593e659a49689add16d2f5e02ff251c76716dc426010c2961a176bd63c29397f6e36cd4de2f2b11e1260b9f9a00bd49b4b6617fb056b82c92c471d"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f276ba0da08274a082f3b8ad989a713908873b742f96bbbf8c81b4e1a7e4857bc99aeceabe534c45105306b14860883cd56f2438a7812b43f0d911f7":"":"":"":"":"24dd3eea9a8e1f9929ebbbc2a68379caec77fb42531a97f7f3a75d16ad053799ffc25cace4f4553c271ae360eca1f5131ef87bf0390b26785880db0d92bb351e6e22409d600f6dab5cbb2278b8784e67a40be4d8ea6d994115c67b7224d721d1b3c7fc5b24e15f97eb3bbe33798d1bb8"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fa5ed9189f21d7e94764bddeff23050112868cfe35220b863e8112f691c57e6d6c4a91c752c5f0b37b97d5f3e383480054877f319a568b064e6562a4":"":"":"":"":"55eb5ef1248b5a34c741f2076ea5d568da630ce4720b7e2c86a9dd535b48faece2229866a36024fd4114249be4730e554b772d557ce3f8b9d4d86d91202582213a676a076b87f941351c7606a452816db5d0f8194825d402d2fe7ebb2815532091b3830a9616918bb0e3298faf037bf6"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"d0c5003a6168163f707b25191b51211dc1ae361df1e069d0f284f66967aca4199809dc89368164213ae17285674e5574851582372fcae8cd2733bf4a":"":"":"":"":"24910e1a9304471d053af458bc3fdef527e8796e33133f5af005106b203e8fdefb274f1c0e8ff44e92c63bef3082c6e5607a7981a6076f1a1d15368f4330c7012509d5f61b4349224a87960bce9873725145f187aa931394c449f502d12b60655a0ab2a221134a51786c3683f9ffa2b2"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"bf5b5d1c891f7a6f2dd3f4d486d693fbf67f49584b7f053aa96ddacd9fc0cdea0fab8209d8f4335820ce68bfa04899b63cda15242e9cd3f7acb1f103":"":"":"":"":"710c8b33ab034b50a29de657b93f3c71df4727a5219a474350c88b4e3974ffd0d3452e8c4d26f579e348f39cfe0d20045a70a866c5e16a0c22aa0d69b739f74cbe8b046bc14cf82b86498460bfb26af0771371c2750f7c59320c6f6fe1d04cfb40c048686b6c1b69dc641b8957c2c341"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"525615164dce0dac5397b357546aad049dbe5982da2c215a233557553460f8505a3e7c8224af561190099ee21a06d62f9f00e282b32b486e8d0e338f":"":"":"":"":"3fe96c9b10c4c8e43cf3cd76ced4ad85ae576f32ea6671ef284f7c97491b72152a18a1060145e4f5e7c0c373c396cb4c8c0b6d625c1f0d2ae95b0691cb1c80a3dd5eaa21632a82aaa28e09a2bbdeff7fd8812fae46deae14bbb16da24d06878fc417b3554fb47b0ef9fe18d1b9d4f4ca"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ca81953d50430bfb09537a318a1a7b90a9200077abb721e55d9ac28946fbf75d9cebc81f11cf6d4db712a3b91d479e00ba30d736a763cbfe40b91448":"":"e50aa8bec96339cf2608bb82cf038d5fd6bf93e65271cb72":"5c5eed0d98c7fc7eb30acddfee002d5b99c965949d4e2095":"a1a7cbc79bfaf4571cd8020da094118d241b3f018ec823ba":"c8b7d9c15624ae018a8612edf6444354c45c6a788272281c16526c689a3dac36679e44d89c4acd7eb58ff40a577c3d1a9f4d0175feef9ac5674c115d5e4cd17f2369e0135e33b018bdc99e4099713ace986a145ef55e868f74846feb3592d44ca3ebba6044a928e9284b5ea75063ae81"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b96ca1202fa959ef55a683a9021068e14c75376e15d1f0394b1c091a8b6dd6b98b6f63747dae58c29186179b4155b868f5a81ca206a5086a5759b025":"":"a35096086c1fdeb1fb60dd84fa730eccedd53e5b127eecf9":"a3269fa749e55850d4aa9e466bced0beab2edf86b926c2ae":"29f6799f7c78fdfa2d0dbdde8381aec5af249556903f6313":"c63ea73e1ddc9d55bd64a63cf73f730136ab4f6d688a9cd56b945f9875ef4ff48cdbdd8b78b898486a685d8af8cccbc2a834a9804e566ee7138c7dbf488d263fbd387041f835ea46ad27cbd66721428ed5795f6ed044cdb17c8e7e3ecbf61dd68239e8fd644ae85776050afbaa06caf7"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"59af1213cfcaeea29e31400ab6b30f108d4a9a77d3b370972d29032cdc612b7c360c41f16b0c9d794219300fe0551e0e66d634a4eec396c50ec9604c":"":"66ed9352bed73224d35508754aab68fcea10aac06d60e888":"198a3526a67a0ce31ad0348bbdfecede4f82d4203d1d5ca1":"03faa2f4c34577cd8b2ed53e10c68c83c1ebc8d877379178":"5e24f1a9083f13274ed1020ab6935222cca644d0920839c2b142e2780983204453d2e6c58518cb351188bc3e5e3b64015882130d745511f004cfb6b64831139e01ae5bba64b74f1a1ede7e220a6d29b1067d7c68ba3543f4dda2fc97a3dd23590c2c18b85662618462ba2c05231534b6"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e6cc94c72f37999f28b5fe350bff622b433ae19111786c747d954adaecba47abacfea8cdf5eab05e2f750c0a679cfb9c2c2c071461178a054af40967":"":"3032528703dd66e42c7b6b5881483eca41e9eea503852eda":"ce8c03b0a05982ceadb516b1fe513da2403a9e6dcd7a39f0":"3f7ccb55376f23dfac1dc13be617894931f9c13d15fd3dcb":"558656cad7da2ad87a7a29ec5e612addcca96d72ac7b224cde80ce386c6efda12113fe9aa8e511714a42edab53ea0289c75d34b42f2313ac366f51f5dd3f6968bbd4c09ebf840dfd03852dedc1e3b6209d932889cb04062c644482106cf8b7a237d2937840f0c4d752d52725b5590d15"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cd4dcc8fb50672611f19e0cc8adcf9285f9d76e7e28bcac34e931163f8057b9f86424e5d514a13c0a25bbb49ee485501ec5e21061e006ad1569d2610":"":"24480094a44067b86ef47db38ec3e62914351196358bd9d7":"c6ac3b879adb6c150a8ee44428c333574ed9b0d6806848d8":"92bdc1514d87daaa321655d56c6302878c2bde37700163e8":"21c51a1568aafb56af1fd424f6fa146113d14d6d63e1a24e3168130ebc10dd84925bc4077c41897aa8b3c73aeb5bcf392d496dedcb6487379bfb3e12bc07fcf5c196d59fcc1fa730e55c00edaa2bca7b1e32a40ba06500ed3dd7fcab361995319979a0fa9cdc406a4d20650814e8bfac"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fdca0039e8485a06e6a9afbde5b07a1bbe49e13659a2164034289639d23dcf3f9874b8fb1a1af8495b6b2129b88475cc529c96271bc1bbb5c7c2ea03":"":"841f765ed5f00be838a270730ce5926659cd7cd9d5b93ca5":"825fa13ed554973768aab55917cc880183c3ebb33a532305":"736e9de931198dd1c5f18a7da3887f685fbfa22b1d6ab638":"dd8596a62847a77da81818dbbeaf0393bd5e135069ba169f8987f01dc756689342cba61d87a79d4bce2311790069d10709c3a53df974c7d6793ae1298253f13ecdbb5680928579b73d73afdcd24a703dc9b391f303d8835ba1129c3d46237ede5e44732a74f8f23b60a3a45ce42f042a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e246e3f95d89c166768aac69fc95fb49eec49aa633adb938ce1705b68987aeb0fae7f57b7e99e4f3e3e1b1db2d1fedf443bd2618e95193cefd905e1d":"":"130701f88cc1e7545980e6c6f6cc76b0336f089bb66cc347":"95533f4cc247c887d6a7cc0ca753009bf034ba95b7b1d3b2":"464fd16f011eb2986d9982879d79349a3ce4f5905bbfe832":"0d4e6b03af7a648337abec2efa585908af40e88d1f104b3e8c352aa29ac79fe8e448f36b0dfd701a1fc0f1d86dcab7e8a8ecada6ba218d9aaea1c40aa442ca51f3116ced3c9b8ba7546688ed4f3a1378f76b8a29ec763784fc82906dc0f688c5e60d59e6d5284fcd96f361bc5b285465"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cb0405e58270cecb34a9951adeb694c5513c499cf310f6a99985d4fb3973463e907705740e01aed4ca221d4b03ef30e69fd8dbfb4ea919a913800a1a":"":"0b57e688472e9a05baa3920417a2e8f9a9c12555fd0abc00":"cac05f79d9837c97bb39f751792624983c397fd288dd1d95":"344d2aa2b3bad1485429b66606bf215acb0a65bf2a318f6d":"b2a13d75ad389514149763199d711092a9b0e4f1e50809355cfefc1884a94f4d4a50ac5c5da0b4e9bd7537e413bb451fdd2fa77f1f894444cb5c81e4c43978ebfd96900a2c8986c885d0faf89a2ad5c6ef922dfba1b5219b0f3c4ac2095340c3b8bf0db037171b6545741c76217b2aa5"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e38ea7584fea31e48ab085c44f46b4cf68ff24b4a6b0b25867463e4a46ddc9a4de23f7272af1e9c4e0391aa9491ce7cdb5f96292e0d65cb9a9a4a3cc":"":"afe267e1491de3934054b8419b88b16731217eb4ee74c854":"bd0f3c43229a0ffc9e143e16738111e16d6a06ebf3eaa5b0":"23bd14ef8cf797cff7ff787df8ed8b87684fe7a9a33bf695":"c27a6ee5bab8f8e93783840e72894f3b024c7d3206a4a1869ce6fa8b5674bcbd24d4aab30f9866d797d850423c57684b7697913b9ef7bc0be933d0e21535bd50fea0feeb293985261fb9d4eb1ef97ab5ec6b691a08db4c8171e63745d14fb4c3a03c41f906daaa2877b7622b254f0449"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"71dc625242dcb94e6ba2bd013beb2112cfca576774e102830503b7aeda24c2c9d862f5212975ccc019ad2ea0442595f74d1d37dbcba0719d8ea32ba1":"":"0fef9f0934bb4485bfab2431f8811d963ec7fa7953ffc213":"a6a7501c4a5a93c396ef8cc969ebd93cac1c30b4783a0617":"c58ea233f35a22fd9b01592c6026aa17922070b3604c7118":"a1452d85799b54370cff65fd6dd74b575199606cc8fa64880b26972c913c372010b4c3f4ce9b7b565a8f5305072404c7b9d70f7aef6e2709c1694eefae66ffa80f16eb4b91f8041f4487427e69daa437e183e83d3b9718ba6a23fb90365884899e0d2f0bef56b27249f65e1c00c5411a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"36c1e048d16f9d6035c6b62515afb929633f356fed6a654282663e2284fd4132116d21eef66d29629bc712965d960f18cf3f7dcbf8a3ccd61b5b5fb5":"":"93bb372b7ae1035de6f13b2a36c3ae5682b9a3ea8f444383":"9715b72e4755993762e11a93857f1d50a051e70d094339a5":"2f1e73945863b237f49d6d20d0999a0203f295b9a046dca2":"ca135891b47f27c26ac891df49c80d085f90c13d236a60f1372eefd81eafc5819f4ae5aee5b32d46681be01629b078ae965f67b81a5268ef0b303d09e048f4449f5aaa11af51f80151b4697b13700930167cdcb3b6e8260eeb8bec7f6a67a2050a6ea569c825d61d4858a1cd15f70fb3"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"582425e13356e7a840cae9fa435b220af6a96fb53ac91e7ee22023cf6a0eef3923907883ae540be816e0631c894520b86e8c6adb8152e55cb6aed5ad":"":"227762e137f9eec6d2b3c63476b404dc5b0c68613a93034a":"fba72c01a9e51c93ac00c1232c717d32fd4d4c791556e716":"f5258bf318457769a93ef5b3ba95fa2753ad1c5c1b81a785":"c753a84ba7f41af2ab757ac1e4c9c450d2112767ff55a9af8f58edc05c2adcaef7b5bf696e5c64f71d5685593f254a87625065ee0df51ab4f7bba38faf5799c567d783fa047957f3f965571a7b4cb477566d1c434d6b2e22ae16fdf473a6c03057d934a7e25f0ea3537be97238d74bc4"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"836f5d7521f26d884dc34af2ca56ab4a752ea18b909085a87cb6d07dba32b654390a25b68ea7ba8fb790271c712f387145052ca46cb40534355c1666":"":"99d9aec334666d7c399e453455ef6ae884c2173e12e31cf2":"d74d20dc22c55c35f0b66a464dfbe8f349616916fc726298":"407b0951404079fb3b54559c0286143d9cb18957bed7fb1d":"809f372d1af60ff972049193fe9f173684a2fc9828b60b32164c1b6738e1ba6aa12cf739287a74c6ad528a3ec00095b590b44705b4975236a0b7ea02c1213f0e830f275f53bb79efd98679c4766cad27738e6fb777e98cdd606b971fa60745289d5ef72a99e1919686a53a241fe36cf0"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e555ed6c7ab344fea68d73c6432e4e6da2e67d8b33ab79e5719a2def258a852d17d93212840583fe23900949c301a29fc92095f4716018144e64583b":"":"5262cccd138256fa8424801435d118f39b9aa1db4d11ca9f":"9b55d76b743bd7fc5700fde8ffca956c0ed6091df1a22aed":"f8c99af8029110c41a6a01fd2d3d12b7103aa39cbeea90c8":"d1ec06e38af7c6e0a70b73ac62bc3556183f99a47bfea0f0c4a59e7ba4b0718df5438e369ba14be84db40d5ffe8a1a5952edfb83f61ee4d984e3d2fa67f557aacc58291cc688fa29be530e66c228e68607e25c013473b4ffbcfeda721ee35f5dfc8809528eaddad8969ce719a411216f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"12f2cabd3b6f640daaf27ed6cf6bd7d06e2ac372733c6971739e36afe2ba1ebf4e7e5e9f5591480e3fae752fa59bb99a1949bdeccf0c100f6afe886d":"":"7766c36e6583cc8e3c26a8058fa0923bfeb3ee22033f46c0":"63e60d1bba9aa29adc3f3b8a5db53f3b703c7ae69bcbc2f7":"f416f36717ba5f0a78125ca52ccd004b2f4f2dcdd401f595":"6196b2b4adff14a26d64f440b6c160210266d7f5b77d5e292e94b8c67bd9cc774274741e7c0c9a7ab21c31f1194ef4218ddcbbe94059042d22ef44ecfecef214a73db64505d46d5493d7475d0684fc0e431c5265c12b35310d4404b3c4db6029facbaec88b0c0ae9799e5af0aa49e842"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c50da90a1f7987d5216950ea22689584b237647d96c1239f9251942f4d13d16f418b0cf7265b91c4ad97a7acbbda065a48bc1bc5c7a9ee1523c50e3":"a74c108fe870b91a2defa971fa1efcb7a209f293d29bb5ea":"":"":"":"8853eb47c4ada94a3d58a1b517784bccc8f831d02dd5239c740fd7caa3869c5ff7bbf522a78be2d510c49c496a6657a09f0ede00daee9fd77061b0f04e7342518dc6ec1f4a7ff99dd7c783882b58f5e8bc467516c6b85985fab65c6761d4fe756ffc27fd62cfb92778391a258d3b0b0e"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4606e3e19a8a53e8aba05d9d1fda1ddf15e7709aa2bae8b54efc4a14e734b45a5cbbad00a749d2bde540258de74ff8fe886d05570300af2086d0b9a2":"23ef5fbde4b270c084a745e0e299a5eba228a37074fd4f07":"":"":"":"8caf86df25de5cbc3749fee4b64fe041cf4ef2859e20704bb01abe126a90ead8cffc427c2f98aac400aab97184846125a2a66888dea9c8aa108e96e03b05bbd30e566fb90c661dc1990ebfe75f73f5b0de7be419c225bfcba3713805455dffbe5d6fcc98141743b59c2cbd70e78f5977"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"08e2e2175fb34e4111179fc2580c05afa16d224440cc7eff24082beb16133a992fc4f4e2762634fbf68177dc3f11c4d057b71661ade56e7768ab9e6b":"0a4af33e2501ba409b132459ba97603888e727aca0a0cee0":"":"":"":"39c60b6d9f85cb69b2128bde86aca2b055e21ffd7716d789f834ecacc69a043893b09459991793571d3d8070f03382a11bd1c1bf38e86fae13a932c6dc82c540fab8c8eff478e598d3295663ab75ee8a56376c0d607fe43b74ac39479b8f694a3a13826b1b96344ec67b9eb0a5858eec"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b436ebeda1119de3fb2b2e532f7ebf59fac632a4d784d904f844bb73f2cade5a88d4790c8c1d5973fc73f6b7f929303b62d30b6818a25ddf705bdb9e":"07de5589726c49dc5a764de9b41bce74675e4ca3c71769a6":"":"":"":"2099fc754ecd19a19de8afd21d2ae2ce456c32d6ce7772a98e37ed47f54001f44fad8e9b591a70d3bb28f19bca22940321ba17c33193613b7b5be1ec54efa470b70cbd6be2931193c35cc73d80c139bb4e670e1a2cb74d3bedd3610e9d0f9d154372a70b608fef824c346fb16241b301"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4d3e993c296c66983b9c751d2c0aa2d519f801a764ac9f1fd8d86b57eb226bdd9f69efd9ad29bf16af483e7dc170f8af65c16426c2ab7c0fa9df0175":"52ae4cfe985348408d3678d60259a78369aac02953911e74":"":"":"":"bead2cfc29315133e6f5ba2e85bd7778dcf9908081032ee634f90b0124ed9371c9009419b9e2a409fe4abd6295cad57cddcb6042986cc98f2fafdff99f7cc1185f3ba0d5f1e5f5452ee5f9df03c0e8a4f8426ca246afafe81079c2f0d165b87056e7c8528e8cccac5f49d0bb5ccfbefc"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c7c4e18c56e9191ba43c967cebe48e55bf9aff4d6449c3e6a1f9846bfd7f92d535bb7386c0155cdc5aa2beec888de0d432f695ec79b1c78841ad941e":"c36a381b1b36e6ab00ea80557b5e7451ec9771101dc22580":"":"":"":"da74b23d309fc7cf7670d7feb6cb6ff4da1b763ae2e8616edeec12c71511f5a24b9c466532283f4151a902ffa5ae211d7c1efa84477b93fc393ac95522f3673f97aa9e379e48d198d5929684875150633fcf8a0918d2050551d8daa91887f3d2685737b6456d0c61c0a117413f193346"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"78426f865483ffbcc6330db2ccd65bf8f247706cedf68d4cbcc289bacb1ef32e5caf05f28a21146a9b18e77b3a7ed0d24a0803c9af7264fe4e23d692":"e5026090f9806ff6f158c4a834588f6a39e9b4a44ef2dfa6":"":"":"":"111cd64a9950cc6f20a1b38811fce4a08929ca2654bed66c0cdebab0b81552826c06ef12ce463fc9c91c81a35d2ca0553905922b9a4975fa8fee2c7f9ffa9f2ed8cb2609f4b7d32a44927c7b5baa8f43dda137aba9b49a2b0394f7f67d37b7f71a5e4f4c151db6b96e8e4dd9cd0bd84d"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"43ca11d53ad0198e4db5e136de8136bc461851a30ce59521f931ad0596d13365bd8297a68dd42b7dab7f40808b3ce6c12f14d4de741ce451b6637a10":"532b05891fe406ce72421013aceb434581be8a3a13549dfa":"":"":"":"4c42f791dc8322d779f9a1ed9a28b0cf352601a4ef6d74e4e822ee5d9eef06e700314acb7a47dcbb62805babdcfdd236e3022374defd44bbf747764f72fbfccae10893b54b29966aba448435987c22ace4c931d01dc945091860cae7744365bd9b619059b8b646b229878966049cf83f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ddcb3024b681e30e16e05026d8e23977497fd0b2c0ac24017de2744edcb097d3a104d4e3c6b8adcb554746f9a43671f0692c01a8f89fa98ec3a54ac7":"bd9e41974f6627ac5bbb21ec690eece459e1dcedefb327f9":"":"":"":"741b2a8e82aa3ca9f3a609d05a6e2d570be463ef957f235344cdf9e0f89b3610951aa1ef0b9406785b75e59c2de8349d435e4db82fc2a4a8b94e366f4eb13c432fcf8fac08f0c7fdbe67a44e81706b53b460f78befb8cb6dd2a0ffd13c87df84f8a5197ed47158cee171e5323593df4e"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f81c4ba8605dc14072e2bda2d2ef64e71ad856061056b8d8374fff5a6fd9a54a814fd725bda8944037197492c52c62b97ea02df33325b35b91726839":"217137084f4519d046ec896144cf2c301baf911e1440852e":"":"":"":"14efd71fa13dfbd498bbe13ffa24e646d04ee0ef32c99c11004c3e9d8f748ac2f956f9899a72c8d97ae988d06275855f77a92bc30f1b957dbcfc93fffec3852715c239c5313e765affbed257d302b6d1b74977b8012522b69902adb86efc1ad768d99d657a5375dff720b4cad886877a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"8181fd2cc5f7ae2d4ed2c96b9511aeeef33e50ecf164afc4eddebaf76a96d97bfb40377959e1edc44d24df041749ec6239ff226e40d5a5feccdbeda6":"7d6ca5ab652a37cd79367d84299f1ff2c5a3c2331c77b98e":"":"":"":"5a2cac8110a24e1d8c5f8bff3e82857ec8cfcd469c316fa18b0f65a0d30866e49fed2a228121f50901dbbba561732c4fe82a98f341bbc0a397fd257a5f8a4a9122c991648b1a6507c82f866d26f9b22e0ee7c9a51c4d8e5104f0b4570043c9257bb9dd6f3730f1daf94f80baf8907acb"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"a0ad012a978bed2268d05086b823f5d0dc9bb98ee03980d755bce968f9ac81db886a2a05b59df40d8346334a0276b73f528db03a118545acb7f2d70e":"1a8aca3c118f2bc0c2196df81ef22c267d20ed7c607cdae0":"":"":"":"b9dc0eb1e4aeb482dea1b4a5e6f6ef9636366face696811db2d912e9430b303f23ac95d65682694ef9513ac5b3e56a053b2e1a2ffbcb901c375cd122cab47d31fca5a0606daf8cc2e5e6e99b90fc8ab4fa67794caad91985cc92b2187dd2965be0980240d9be2fb1c4bf06e60f58f547"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f28b143468ab87794230cef4361d047236444180d0cfda58cbb9494cd1ad21be96297ff799011042013789a928f18831ffb0169126dd046c774a4fce":"ea7fc50e1eea3d84bffcbf83b240e921348b532e7b33f094":"":"":"":"5c22e92f25acaf98f55ff06e1bd80d382da754d1d33cffb6fca933583ba758200357551640c439770f77f843e9ce1e9a054f69588d76acb9cb92b7a2fa2903bc51391bd7001ccc1da67a4cce9e5dd08c2d489295c36de2c148ce27311d0789310de1cab2641e92f859b036383a8058a4"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b628cb448e477cb439a2de687861a992e738db6b2b25cc6c27aadfc3a0a640b3411de49c920407303e80abd7a1d4f45c4749980fe1550bff69518210":"d5f4f8266da9b7f17ac97734201544104a5c0acb53c6bf22":"":"":"":"34a834dbb7da0b6a2e2353bd9795bef369cdde4d172b3feae7b1d9fdfb0446454cfb1adeff423d0a143c33c0e0d8e7905bd1720889e8b1121f1ef82cf15443c2f9c8999c5573e7df60b52ef395ca1d1b60e7eb721c012c344d06b336d519fa2b7b6dfbed8383456504bd0b4893bf2ba2"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"5c7c9690a1926a4580c691c2e5327e736d5c3aec0ce8f5d32d4946bc4b607f712a8759428b010ba1b268b0de64fc5eb32d3f7fa9b8d4f20fab45c72d":"0310b2d8b5655cbb0fc2041ad15a248a7b1f2ac78845e29b":"":"":"":"6f8b6df55d9d8acf87dc2af20b7f4512f9425987495f512975de8059135e7ebb8698cb0301a8816e7299e76053cb66051c8b35bd2b00b4695cff4847f168d2d60697495cd9007ab7dd74ee7f61ee90b7827543f624b7c1412bba3d6df1242e6ffd90534ed393341429fc00bd97d9bcb7"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"96ae702af50c50c7c38818a5133938bd7ce51197fc78e21815b6c5a7ff9c0395d764159f707d5813e5bf47c1b8232b44a007bf7decfef499d758ed53":"e96554644097e9932585b7f4bb14d101f24c8b0376f38c05":"3f698a5f6f4fe67ef2ddf23bd5a67c1a2df4f3b19425fb85":"fe1f6a90fc0ed396bca21c0d40a1bb583eb63df78c98adac":"5942b56148f27dd5388f00caa47ffd4925e854237fe14454":"150b9260ce9aa419fe1860332ae7c9f42d9ada1649679b53f46bc9d20de3431186a54afb5df7b6269cdc05540a93fdd50a2cd3a862372d862841768df02846b057993dd6aa32f874b7220a5a1fd9cb573d720a54af5715cedfc16f0d9a467735e253b2b1a6e97421fcee1f2d670dec1a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4834717f669d9b599f0ee526129057b5a7c5680724ae0459ceb0e0d4eda21e5fe92e63fd23f08f8a0b094a85f3f377fdf1018ada0c461b5a05c334e8":"870b7857dae97cd361a005c3005013e4dd55ca76e46b62bd":"522534ba1a09cf9abf29bde66ce1dacd0e273e8954eccafb":"45f54169665f59d92211f266892009958ee515f14d09581a":"4633819c2ae83c71059ec8ae41ed2c68cadf9b2085a5b8bb":"7afd6cfafd9a7bad155b59a8bb2094f76b915b93764e92858821d5c32ff4a29493788d3dc1627ffe7980950394349eba88b9c2f6869ac5086296366b6f4ee37e8529d291c9d962e30662423faf375b7820e0b650db03e3c99791d8042da790cce1a1997ea21441dba4b936bd8b393300"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f5d1d27eb344b63e907d82a2e57494b25dabcae440ac88738512d9602ac8bca243018f2495599e618dde0261e43ea38d45e7c09ccdc4bf3dd8e5c100":"12ff844e5c5bb3fd871feb37ab796002846ffaca5a741c54":"f642c19602754584afa3083f567d80fdcd1e5c29202ac3ad":"cb6dbad8ce1a5677b4825cca934336b936ccf841ff98d894":"c11fcc157c643a943e54274f1d942d998fd1ea0333e21588":"6f25ae8bf8c26d5f0b9d2a81acaf221790a09241b6e83c9e527c7784881d1f7398c2d7771174f92aab45134b4633ad96430df30b130ae34af52de90b425405959ba24a41685a04d2411e2f0e8564bf5bf3280cb6d75d0b910d06c73a625cd56646eebff14fcff81411c055921cdfb4c0"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"49a10569d87a790d34bcc3c8fd77d075a1cef9eff337e8929b51bdb8d6c5df3ad31045684fd1dabb1fe6f052fc9886384fe43c0a7abc7adca043d35e":"34d6ad434a436a690e7644f0dc2207131148192ceb2e91b6":"8707328fc5a1721e4d72b23c2b8ca3c30ddd95664ac478aa":"82c8d83a9f5d5639a6a1ce26d244bd30dceb1cc978627e19":"2a53b0b80b29c7d071983b65ba835e4eda66bcfe7b3d90b5":"08e24ccaae3b44b7248b2d735af985dcadb84f74d202bca726de1cd663bb5ea1bb67c669126ac97218a9ca45491df90beb387615474249bba1afd4534be7a74c61fef308f13661ddfcce40f24b410cffb1cc3cbba2c6d20a5e4c4814d44bef07bb697cfcf1e9932e43349376dc04865d"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9a4232a59cc579867f8330c288a9218251030c00ebe50c9cd97d6cff6e49ad079df509644ec2ebe3ad4e515654af383da265d7b348dd4b89ddd49cbd":"b4498a32f664d4b489c2b47e67845d2d2bed5096e88f86de":"b8471ee87531817d81ee32578d27fa3a190df33561da7a2d":"2e74194aa62ef911599b37a51fa742817e3a4e6c254ec179":"afc7f13ae55e738cceb976ebdd01698de4d103db797f799b":"340c28cb7cf4c3e143dac3e133de864b1f458c76e3d47f3cbb6845f940be174b8819fc539f42005f4485fddc657f064c34873094e25a9bf7ec341a98cb97014a1d694b1694170ca5a8976e86f6e4e41232f526ec8536facd02394f492fbcc7c298ef0eddb3c5a148399ded7677366cf3"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b89744009793d2c118365b1d2f343d6b6c59374b41dbd805e793f27882467c5342015cf968b080a88a15fd6a7be3757b05313528525ab1e2cbd08ffd":"f3c02be0a880e194013c21b09b6703a61a7ccf7a73e8a541":"bca27f10060bb8d16d499b3f6ca05ed8462b51b0b43a1fd7":"eb6fcf75884be9112219d359013f45fcb1959ea971bd0bc8":"50a03bc3652f50cb9ed1167ea70ec1e74f896f81a8090216":"d2a529722365e7ff3e660964eeb27040a0e92a4d19bbe94592cfebad71047414676ca6ca72234f5127f313cb7f5be613b44d989fe141c9a0ec1f0b4d83c36e744cfb1c72c32a02b68c21d28832da008c57664046255ef18488ed750ec5e73b18eead939f932d2809f12939670c3c1033"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"6d2918c15be7871cad99dc9e06f73253ef905d9705c4e4ec38664043b04f9a150fe5953bfa7aebd926be162b7edd72fdc14ff97e67dae6257ad654f4":"489243eaac215f76a573b92f0709d116bd3c817eb95c2c39":"0a84cad7a1cd21a5afe6557d7d2875d9c62183cbbf49a123":"0c14578ac9504902cb9aa654086246d113039f926a87b325":"1aaab1e3a29e144cec825d29c3f42dc945cf2772ed30cb5b":"33438ba4edd0c38db99f2b6a50b35dd89aecb3491990ec4e60460bb32eb0186ff9fdc973b1b0df23ae65da31b8af5a37a69f81ab3e577a4c2c31e51cfcc4e844b044fb597e937524f59a0019ad5120c460329c982fc93e8e7a4b4e1de5619103b23a7a579633fc925d147d8fb856a277"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"1330c4aef54ff84387e0372f7c8d273cecf0af2ceb32ef6edb6a4f1ace802f3b95fa69cf578e2cda1d6060ec2554eb3152507387f325d8e26009bd80":"89d7bf8f5754cedc2e1a249f693e29276170f62c29c5edae":"a6b58f33d57570f4df05bbfb792a00087d331e17417e09ef":"f57fc701e4f8f5cc2181b5357824f932f6e07679ec0d3cc7":"586c4e8c5769156cbb54c025fb01aad0b61aa6238c231656":"0bcb6ad4f2acefb549c46271d5a4ed41d7decc095137e2044b60273388c6c6d79cb89016abcad1d6a138621720b71fc11ef82fae04026e08926e94042694a0c008f99281e03da580fbb6543aca2b4596d39699b97f1fe65ec60a70b88770eb825b716a10ce41383f31db596079a9d54e"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"3f0564b9ceee32c8944c8f2bc4b4d2179b38acc880bdb91eed466b881e2cc21df77bc3901ab5ce5ecf029a066784503f80d1857979b09c4563944433":"5d54fc715556c20f5b2d01d6b0992f1c596e5ad77f81da75":"35cb6d07862fbab4f50038097cb463aadf14e519c8834651":"abb21e501e85ad1edc66108e3b88380fddf810b10b883317":"3c690cdd997dfa9c5677bee976fa93cac21f5bbf382f7f53":"bae872c9d221b1531f85c15f466b7a3af3fa9c9c6b72bb8f5dad77f3d12df52d10347ba5d6504cd0a285c3be578bb67f0a9f0137463dc01cdcb847e7853c5db4cbb6a115ebff7b80db0406baccb0e3e68a4a4a95364c2da29466e160fece7b8ddb65dfab000c66cc8109380a601d5ed9"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"115c973d6df41ead464e22572dbe0761dcdb9aad930b2e55a5558075fb7c51c94efc5f8fe5dfe24d30175a89f1bbcf146037a07b324f572d0d4c27e4":"d3079ee3a3c9b2d69ee0fd316a6448bc7d8e3b730948c46d":"2348ee87bd5a3bb45d51a7b6a109043a9b6ee3db011dda28":"937fe1a7a790754bff99ad51782e8ef5b4928d0057b0c380":"3e89899f4aad241a9189ffa127c87c15b5e3bcfd80bc316d":"0ffc883aa19b3cbdeb39039fd3760160a93cd663b8b358e9fbb6300df164689303ee5f2489ab4ab2d522f6a33c93350eab553a2499b15f8ca198303ff45e946a06d8a40959f33a759c5381b3a59da22e68032abf3da3da6aadb410cb41f54b3146ce57f9bb5d28bc823e3e03c0294794"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c28541425a7cf33e29adaa91f326f216de89976031977f104f44fcbcdcf4579337434613801fe4661642392db29f15f0924566e72b596b23ff7b18d5":"44650a29972aa8521d6fb9dffeb15c00903a283f20ea9914":"43cf4de0276483be1382f3cecc6a803551a40602584cd84b":"03eaa10612895db8f66d50a2210d73d1f563c3ca929d9f54":"8d2b20abc4e8890c772bcaa05cb7b3eb5025ac4cacb5f7ce":"aed27ff8eb54a7d2787e73ed2a51877c1250c0d4eaf10aaddb30409624289a9b7742cdebba54218c7c448b57f209182e214014cd180916a8c125ad438af2e5f5ca5b00f9cf063f0c307560ed4378382b4572b97088f8d24e0bdf0fc3489f64074f1155fbb1163b54c93098b841257c30"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"dfa52082afb4dd137cb5209f6771f04eda25794280983ba1d8cd2f3d7f9dee556ac26d8a5a368d29096ed643089b65e9ab17b5f58ec816570499fbff":"16ccfd20408082829aaf8a818885164581c9a1bd09e9fc12":"abe13d12a9f0133bdebe14785dfef5f08a133a6cb5c26a92":"485dad7804de594356cf3c571d5f22263c0b7cbd4dca1f1b":"5961f8177b6015ae0119d22e0a45a4aa1bcdc580f7e7f975":"ee48e57f1b5bd72c99c911d3353952c2c143689c3cd9b474a46e4ada83811efc67f2557d323723526809825aa338a80e833c95297d6b16490db633ac1f1648071c3ad4cdcea056c41b4eb157ffc83c3454b0cf001f1e01c31e48a61587381e293e6cff97270c1f157b069df3e591c2f9"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95f3a1aeacd07218a2ccee44c807f790e568e0032a42fdc7c8dc9a71f76bd725aa909ddbdf5457f1dc4e69746426a9c56fbec603867633ee36a7fe62":"658b7326cf6adbf7208d37cd69547805bc3f58fdd874e143":"d44350c7a668e64873ff97c31d79cb23b0f1620aed7c9d23":"dfefff80f10c3143b82de3392c395ab94ac8a2f4c0a30048":"a6d21a762aaaddcdbae9b9ecefbcb3149d514c94fe83eb21":"4f5e544491b72b84a0d0532d7f9ce01ec2de6a05ab5056fc75d8f73bbcac5ffc38e20745d0e8aa1eacdefea6dcbb92475b5cf9ce0a617e5603b7b9fe34f4f4cb04ade2db35cce1fd315140e3e4ab8472216c7cfdaf004181351f210b397c3147dcd279f6fc2ebd96050e996f77ad6ba1"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a1897d6ea5de66e551f8c106f601e421ddd940812530df00f634682f249aebdaf86938c895c11f9fcb0bd1fcdb183b4f8cf86b3429a5372caafe1d":"d655a179edaf4b8381a9f6a332ed5b754dbf34f650d19867":"31c87be686b6f90f3d1b0ea90c541e16f3430292a5c4755f":"ed49403700cebec30d1057503be7baacbeb45bcdfd9a43a2":"952763380af3243c6c327f23cb74f8368919e0b6b9c25934":"fb29067bdb23c0f0153932523edf32d0e3c18e46616e07f39a4b78091eca90349f636ffcf26b68a4cd0902431f2ada91bcc86dc223db4aa7a42e7cb57a852095704a27f9f07962880a50d2ce16c125be1e8d4f54a0cc5eaf63150c32408db6f39b22fc93b853caaba9e49581f13a8815"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_nopr:MBEDTLS_MD_SHA224:"387e31bcfffa51323a92d90713b438a1f4ded69707be3aa517e1e72d448abbdf0a17989b3de7c43c621e904f52db52ad823daabff9c10b3fca93acfa":"e08fff320a493d70ea4cc85a4cc604664a0deec8f6c7666d":"969cafc33e99964833c4d0f88f906f5429b5daa552f53bf0":"8d6e6f05301ef5cefba752f3d0ef58a25775d6b69f6c15a4":"72292aaa69fbef6f010fa4d5bb63d6d7a595395d79a8c110":"77ead908484044482da529f9a6f4ca6e6d8d49954d2e2d5c7dc455e03bebf484021673727bbc40adc8812600201b8c2de8e658191422b80d23502329c84c0ca061b212952fdb2ecf3106dd20e6455f1f231e1dad1cfbf2fa019dfe9c162a670ae20b252ae2e5a4ca0eaae1c679a7fd3b"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-256, 0, 0) #0
@@ -719,243 +719,243 @@
hmac_drbg_nopr:MBEDTLS_MD_SHA256:"1353f3543eb1134980e061fc4382394975dbc74f1f1ea5ecc02780a813ac5ee6cf584db2447afbe2c8fa0c15575ee391ba60219332a67b95d90ec9de6b8453d4c8af991ae9277461ff3af1b92fc985d3":"345b0cc016f2765a8c33fc24f1dcfa182cbe29d7eacbcdc9bcda988521458fc2":"6964b9b9842aec9c7ec2aad926d701f30eec76fe699265ae2a7765d716958069":"6a03c28a9365c558c33d3fdc7e5ebf0b4d32caac70df71403fd70ced09757528":"a58546c72a0b4d47c9bd6c19e7cf4ab73b2d7ba36c6c6dc08606f608795ebd29":"5b029ef68b6799868b04dc28dbea26bc2fa9fcc8c2b2795aafeed0127b7297fa19a4ef2ba60c42ff8259d5a759f92bd90fdfb27145e82d798bb3ab7fd60bfaefb7aefb116ca2a4fa8b01d96a03c47c8d987fdd33c460e560b138891278313bb619d0c3c6f9d7c5a37e88fce83e94943705c6ff68e00484e74ad4097b0c9e5f10"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"096349506f3a7653d54db7ec1d09e93413edd175b6ddbeb00e56752a520ac8fffc7983b918acadaa71a67e1624f1b5024260a0495fdaba58aae41df82505012d480c8e4f751fd7ebc39f9becd694b2a3":"":"":"":"":"f4c7bec0c26cf3892d214549ac6f3d82f34c6966d4295099ee56166e879a70ecae130251facda351e903d877b6c5eab5153ce87ba6c7cf8bcc61cbd14cfbe34cf1ed43678aee69cd87b60e6bcb6ff48ebd44ce9e31982d8fe20aec34fa51d625f845f61056575969bf785c2ffab4dcc754f13de63423e94bad8d5e166d96a62a602d3ee4045df162028b89cac45e6207d9097f2b3ac0ab17729251985f276f1287f5c56cc9ba1a79fbdbb291f3a945fbfdbd63cf13b82ec91f7b1085b33279e3"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"aece2087b713992ff49d3bf404dcda18403e015632ac03735fed29102cfea6ec1b574952687c9bad0e9aedcfc1da568be632162a83c802ab94f32bbd87f6cf4af1f2703f4a02af7d60e22383a770b9ac":"":"":"":"":"c0344807d5e3ea29fef73afb2b83dfe0aae186047fab6b603d8608df49476be18bf1f0f4707198fefa18804404887ea3c598d887e938440e1fbb8ed0a1a330cff84d952cc6405b12e7bf51b0c67d5e4896006dedb44637e393a97925890fd5176252f69d43920043844a91d0840844d89b8715052cec31e257c121d3fc0ee807b84afabee59624a00703f464b0079f12884a6e888ae4959c5423604f8ae2e6b57f4428e10b680cb74cf20417380dd5378449a24ef95d9438b0fee386badee962"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c39e77d579755aacd454ab7ca6528596c397f28bcd5467cc7e0fb47f398e875da83892a840381c1bc03b7a223e92904a714dff45759124fa33464a97d7f0d7fd2d1c6c21663d31fe80abdad59458c228":"":"":"":"":"10f8ec63a550c31ecdaf2fb1b373f71f18d146ea033dd65cec2ec0b73b55bb6f3fbb7136dd045e09c4073247f093493cf26b6683bc9ebc98025f75fa405fb8deecbffeb0236a33f0ed6c7600d992ce5a268c86085adadf68047178ed89d93d739351f892723d8d6e4f428946e4e6dad1d640a9c11de23ce9b793324e31dfacfd367d86855a28cc544f88b8a91506753fa061cefcb9d77bccc15a23a84dba644089ee03db8374fee91dc23af6672159b0d2db219ffd07390b69879910b5c336a5"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"d2e8a25249ac850fd3b01f62cd1eae3dd94d38e724f8e2644b7bb510c37f203890242b11be773beb202e9ee93899b60a00ebf08db1648c8750b14d7b784cdf0a6d4e7cdc816469cbdc3a08d6d32503b7":"":"":"":"":"019f74eeef674ef100ba4a1835bddeb925fe6fffa97113dc00d7d8c0ed486a73e831561ae44c5bd90e189fbe2bb1bfb84f3e82ec8809699ee8c2fad80b464b6b344999c364868300c1edb065ae86109dc29516f2bdfe2a046ebc8725044c382d93990f1cba185f61f71fd22fbd076d727de32a6c1d2f430bed491c9d09eb6ee669a1dc4f8048c7be199c7cbb5aa4f14d1423c8a54763869f5dee947f776ef2543ebb88d3004739089efd86b7b22327ae952747068b35d4b3d86cac1debce3e41"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"cffc6c44279e641856c39f14ed35440ea2f149c77459106f960caf910af21c109067c0f9445320adfc0aaf0c86120a38584747b4049588e5d93569fcecd358c51507bed59f96145bb8db6bfb4ade3a2e":"":"":"":"":"928d6d9f9128b0af64028d5d2e94414af9f8dddd353e4155f42a5d08f3e530930e01ec0dddf25d65de7f49de702791372c71fcaf5f20bdb24eb999752bfdfca28525b16308d46cefb0bc3b260490115778161db2faebbd687b940ba098e3d5be640565b81ed9d434b6861fbb4cf034ba77380562119aa3164dc53653d4e82ec84cf351c35b1b668343faf17f172eb4c0cc3999d7d24aaba58dedf11225336b5bd747825d2ae9100cf6da3276f26cec198e52edf9194162483aa4a45fa348d0cb"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"3a1f0474c279548c086de9e12ed754c49a0322e6631f7f441c8024fea654bb6ce245c357b13ae94064d1b41c23e5e0496199e8ac9d535f8d95fcf85fdbd31eb33c20793f35075c412ba7213194a873fb":"":"":"":"":"954b58042d028abd00f7ce3d39fdb61e0cff6c40391ef8629e87101915771b8d0c7e24292751aab1219645743c6f54306866775e28b54818c759a6bf807c4982eddd4be5e22fe35a303cd503d122cc3fc5cffe50b03117457e2efc1fd91a9768964552116811b0e65856e8f8256681c722ea2652deaa2498025e84262a3fdd78bd33bc36c057e198327a33232ecd36501a0acf997d0149b4a833153b710b90c8722b232a574d22e7026a89a4d9cc3506cc9942705a162b34db9f49301a087dfe"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e5f4fa500982bdf8b023788f9a5532482b29b12e8ae776111adaa617a958ce8977873caee6e82c5098ae77287bde1d8295b8aa125923dd7f8e05df78adc29898836be76df7c5aafba6493b211cbf8b94":"":"":"":"":"5b3fc1a7ea418debe79994bc0a8c86f487ed2f320c34293db950a1a026c239b8da6226d1dea509a0fe76f5a811c9391a622343324c293a0090587c10193a2961e358d1e71c269827e0d44e93d87984f47acf5b4751c8c066156da1c44662af4826cdfb5f7cf98b1f0200d3a0d7b99fea7f1b17dee7acfa5baee8f95ae4e0bc050bee2eeea7c09baa729e6e02ed19476ba3f8f5a8c1660de0353df8723efcd98f5fcaa56f6eda77f2d15c76d26989aa998c4afdc53ffcde47dafba8fe5818e8ee"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b9444339a8738df6cfe95b6dc28980d02799b2ec5c8dba9ca98fa8075621a04172b0c9e414ea33c8bc4b3beeb536161cdb9a2a516f3e87bcc9f92ebbf4ac1a900559756903b72c4c1b5f9082d8b341f5":"":"":"":"":"09465004f009ed378f440c10fb122a265f464d373e7f1a1719c713f6bf38d28fb5447c269c127a0c10081533a847c0e19f4b640be0b1edf84d95025d56679e5880922f29c942e7284296a9309b4fab1b5bd9957d470db28d3d36a3585fd37573e8e3355d03690241d6f7211d8c6b054a813ba25f9cda76202d3270bf12f66d2e5ba5a946c7d28dd22d55d34a30a040aa9782d1e494603143d436cbb0212fa0df6d1bbf4f19818b99a68d9cb062aaee8fa05636fc60a072ec6e5ef24566c6b96a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2aa822efa22d4cd65359107c46309033984b8e9c3ecb1b77078a09ad9ec746ef4f64b287bcc3064867b678f81ab209db3ee132a11f8c9246ce0a3d6deb3345f9b15e4cd048289991c64a21afc46ac98e":"":"":"":"":"7b79baf0126782bebf1794fb48633dc69ba88d63504d27a206d974854d446737da4ca1fc5bbc54368966b583dc441b105bb30b3be19f2778ed31564acf333b7c4cb1727480aa985afd80396866e10f6da31287cce07358d6308e56e3bbce8613bbf472aeaecb27e66305e34af593c8631508cf7d2c512df7c9b3ab04a4ede436b9d2e6919c03a525dceba10afbf6e8a641591d09e8a90543f1905b08537b8868337c774c20ed47df32d115a7f3306d808bb82d06bcbdc81042d0a16a3fc8d0b6"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"a32ac0aaaee05d57cb3a626fd26854ef08a3ad42a3c688ec6a9f9b67bbff02f86df150db0de2e3612cf106d9f158fb570901e1efb12252666e7a680513cf22bc0172c4f8c0d8b2eecfa1d471c10c9ef8":"":"":"":"":"8271bd7aaa795b58d8f741bc207332335a68feb66ac9c3bfd5dac72f20807029f555c3bcac629d228c3a77d596d99c5d545a8dcdd0a2fb2a5eed5c3492618dab4f763ecd7c6580817c6a7acca42d81831bfc13f38ed56ed42055877c7f31dfad35a73eb2052f6f9183dfc89b5926680dc2aa85995d42a0c073c881f1ed332794a784553493bfd842225030e0056d76e52810236b17f6f067d1272372395ffe9c2df3145cc65ed2c6f2f121dfc6c1eb8fa6132b44ee0373c7c027af80383d4a7f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c586e0f5999f107281dd5c7ca1ff88d4617b4fd1bb61313895dd4bede875c27b5b0e6c5ba15e8725eba8fa009406aa3d8b8b66f13e07c8918c0f3f55262debfbedfc641329e1fcd6442c245626cfd206":"":"":"":"":"9d4f4f688406d8e57d96369553ee39267a9df9020d7fa78b39e1f246675b70a8080cac5aa6967e78c55071241e20a9446a82507a215a6c5faa3a2ea3c05c12905558d98a8eef90c8abffe6cf8b874c5ef057e365fdf179438de6a78b4dcc075b41aace875a5dd35a44f2d2b17d6ef6aa91f79354931c4d487142f7ac2120fd78caa6c7ff5298729de16c0e8285d73a3c6a95ada99f329dc9aa0924b0059a6585853296789b7e1129432baef4bbd2240a8ef7b19046fba104a85d43aee0ebf021"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"bcac6c2160455e7db38a9c94ebd329c1ac043b6ff607a9c76a86156974d30251b4f4b14e6cf01d407cb426ad61608d1599a6b7ba9402756bea2709cf3b162cbf040d0f5f38fc4584cb9cf4e6a7bb3984":"":"":"":"":"37d76ebbab0d4c8354086a5c5edd5aa6314a4770749d468b9e5d3454f2dbc9b25432f2d5d9f4b88bea7f9835edb22f8a7b09bd604703870abee1160369d0575bdd3847ee5fa93a9fe9aaaac0d436022f94d1b96655ab00feba1f40202425e51b084e372249fbc37f49410fc9d4d16173a9bc29181b62e342a8835f818d2647c45b6ce6c5b6f29add13d57e80513f767339575671bccdccdc9d093dbd72c91ba07d81c58ab5256b6744a94f0e75482e3848de891dabf384322d1419814cfe1590"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4b667d35a481779ad919956ca06e07366a974738c09a5685fa23b3fcc1a54260cd39d725a7f2661ea86a2d57cfcd2a91e08419476bdc5534df58c6c3b077d3acd27ace0472f91854c164de7f76a9b1ac":"":"":"":"":"c82e5e2fb08171c233670e9e5403b07c600be4e91ff5b57ae284c4d733139b56ece720e82d3f9ac185e37d0f44d5281224cb5f9d230dbdfcaf1756389fe752575a2764f6ae775d0a82f2eb1d901ab04b59b54b5fadb2acc9b9af3e829ef19571dc416752b1bb0935ea2f3ad69dc452285c2f08412b11794134ba3bda0a10425576e88ea7b069b74b436aca93fe9dd1dafc78da1227b13d70157f60c9bee644451f8765e4c8badddad6c779d6b42d4e8b5ba65269186b04c38db348ab5f7a4146"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c0db9453f84c2aa74bf93ef21b9e7802bb8995f6fa5e634cd4064ca2a0075319a969bad1345bb5432df63412807a646d2008394d83989cb4a506990f59f8da80e6b3a1df3fb8d726639d59cbaed1562f":"":"":"":"":"120bc268ca0d3f55d5aff5b360ca4d29a4b8ec5cb624f9674ef0a67b90bb70c238b94b2bf804fe74ca18f8364ff8b1e50b2315f8aa0c3fea663e93c80544284136de1d162e9078e9a074a50b493bcc7e0c83a0047199164a2d32133db57abb05b751a357abd3ad5298773be21c534f98645e94f0935afa53729462acbe55993b7d801bd6b0cbc8eeb5a1c5f0c0d690702f8de0a1a78dcca8862538201fafbefee55cd5be62afa8e5111c89f1f68d0f1760cecc86bf6675cb09b20e097bace037"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"31836d292cb46aad594171e76237a3422844f62fb14d0cdf63ba587e73501051c7cbb280d4b46412e10927c9523bed1beeb5163737db7f910e444e5d5221c5469655fda4ab7218e63e1451f461b4fc70":"":"":"":"":"1cf3b49f28b791e7c81706fb1a870f1af134a0fb0d2aacfcd6e446caf0a91c04dc160f080ebd5503fb7c16ad9229bf0a7bffcaad07329d5bde4576870758a4bffebb6b5c309114688db8e59a55413b4b37689df38d72bc5358291bbcc0b05af487a33934ce626efde918d0ed5f2deb75a17bd8912a31dccd783354477fa850520c3b97b56c6d2b9e4a05d49bc36e6683271f2322c9a546fca88c502187a5f4a2035bf5c527aa312f16c357c37162d722510b52ff8357490a096692572cfd8b0f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"a0c341ddf73d9404177a5fde32cbe21319c318f35cc9afca9ad41a3b06e13491e843cc6afdf2bcd00ce77ff06ce3d8a54772c46baf142e569ecd9131d6185af3575bb62a41cb646bdcae8a7a9fe60cc5":"":"b83491ec1bd89f3fc84acf1aad6fbeb8ef6ab949f41adc6d0dedc53722c171fe":"b76cec3d6300ecc4a02e810296c7e70bd9b4e7121fc5e971cbb94337980fddbd":"2a25cb0ecf913749ad46b585c76097739a14ca7b59f1f3ce4f79bc8a4afd1378":"98c01d4527fd131cc327e9632104d9eee10407cd73ab607228d37b9b72ca2c987aa794804d505d072561ccd5016bd4189ac9e3db9187822877dd533347b5d2071818bb7683312e1e8806e9b73b021777f7f878bb7d304ec58ce92e5e36d3d05a7383dc77f3fe6eb84b615f3f290bf8a43c34ef5478a30a6ad616157c9d7dd046aa66b522bcef61c9d19382c32425d38ed3fc049e73035af1e8b97388de22c4dcba0bdc09fd36ab7eb3f67659cbd92b8d7f6d74b56fc8daf17068c65fb016e29f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7817fe880c0a4224eaed0da5f3962727e4b3be567021d37d3b6d4cd779274378f1cdab91c4e7c1433dcdcd0afbe4b43c32a2b5ffc520ac3721bfd5352fed023d04439c176288521319b5e315b6e5e85a":"":"c7708c25003e6587fc8c8116c500d37299f5d5ffcad3405349351d4fed623874":"45f88f2df43c4b9c3d829b7cfe61904ddf658c16043271f01c5f06ad3ec7bc32":"883cfd717ad8466035e6d3f3c04813e21657ad62eeaca449785aeb0836ac94f8":"6e0633c532099ebf0b10d4ad35d78a48b82fbce37913e655484ae40e29772a25630a7ab37f1d0ecdce27773a2ce88521b171432c07c02269df1822d2b6cde0d9f768375d9c60e688f497fb7ae262cdd5f7e8b84b84411d619c36529b41576ac456a240ed94d750fa722db874098ef7200c74c3234a3e5f21fcbc2cb5d50c4297d1e70901b8936964ccd242098002f4c8ed7dbf49de8c2a924c737f248d46ac1469f676377ca52cba12f28d9b534504d6e8423b5404b7e14de954b4225bb53551"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f2bb6edec000982bfdb301d1d88a23ce840e496a4f595a662e4127571264f1d7e9e283c567f11e7e266459fa781c6fd95339015836ebd69aa42857010f44e8a72b81f501c96931fb491dc1192f6f6a27":"":"ecd5ea33146cb74a707eedb8df881eddb1797cbb7b16c16f8d741d23795774fc":"d410d6e2e848f2241ee45c9870064ac0217d97f59a8e80f6b5107ff0e4240bd0":"8a8c58fde3b8c9711757cb17e46587d0c5187f758d64478e9968604af0367136":"990b1f68152b3607f3011f8d04ea33a3e8fc479c8a6eaeb589133569048fe1284ab44d51bdcf4f0cd4c8d64f4c6337cdbe5f4f497ea90ee4204845bebca2ffde7831cf49892829322644c4e20a45a9885ff619bdf5e79ee53c26f47072e20a46d2b108d180d6ba5859a696f472bfaa80b2fcc7eda374a3f91ac0b06c9f13afac1af244a389cab4489d0ee04a0598f9c5168f39b40e7127dad9f20d69ede6cae7683b25ded1cf9d903541fb4b0a804d7c163ab068d22949f28a8f4e853e691e51"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"6968f5b87019b4cdafcc9f3a89321f25ef5d8d70fd0781c9e3bb01b3ada18c8b61d9142b639aa75f5f9d798ca538475d09b121048e8a0cc4b2286efa12fa8b4b959938261a1ec8e607526b7a27931191":"":"fbe6b8af6685422eeeafc32327a99104b45ca5602513aed0a5c6235328e8a7a5":"04f137391e27caffecd4413c775117feda27cad839aa900ff2af47c700034b08":"f185925cc180e556a0703a5956ab6d846121f9d9cff97f65bbed3bc44904cb5f":"c8bbe16192bda74ef89d9859b248ac658896bd40b5491c90e923cab6815ec3d2126c62410370f5f44e01fbf1d1653064aed835604d5fd0633c8b71cdde6c831cd91d69e420db83e6d5d82c26c47a11f2ede616a2885a884835cf2142a6ae4cabe989700125df12902374bcce04f3fd78f034e50398d9bcf463dde6796627820c75a7efee82fe4e16375af57ad3154973042e0a92110ef745f468377f6cbec5fa1a1470eac80408f8e96d37248b100ef8476c2a85cccdfca5696ffefeeecda9e0"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e8e99ffcf08aad8e50386f5d079d79d3db783a74165c6126b42b3140f744a7c723541930c8c772adb62981dbef8d054ecdcf1c30228904bd7ba31798bfbbd64757aa251ac9a1ae8c20a050670feac59b":"":"546e04247d6cb5212a57b62f99e1cca767a5768cf79296f45f0db24732ba6368":"fd45f66c8dede41387373c38674605f3e075c9b7cfc66123a5478b8f8e3ab276":"39911a79c6edbbc805a50d2aa018742094177a8e216d647c64428c00169ab2d6":"871577ddf34b29e5caf132aa82e1d2f1586b76e39aab62acd02f6d4440908a772ac5f6fd48c5f55f1ebe0e76221ac46b834a8a4f5dd9958721ee053ba3aef1574ebd980a5da6a94693662717ee548af0f921421d1afb814e4d1799d351889d2a1bdd57570a913e428e6613b16e158c1cfed038f6578920d60db73dc10a40da9bc363a0206b4e7e49670eccea866efd9a05bc237042cf052f2a4140f9377e3c6792b88ea06323fcebb99c643fc1c3653758d6866cdb148837fb0fdf77de1564cf"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c7774e199b5a8c0b306ca236163249044ec2153dc89bd1c1459cfd40cc6069fd1921837aaa80f4dff34a97b4dd7e94c0143efa24f34924fa52abb4275a63cae7048a7fbb8b76300fa8d109f9561f1699":"":"1f437f758512071bd23d091c2b1ad8d51b99acc663e1d037fc5421092cbb1a45":"c622ac1071b50e4f899e4760cfed476adc013b6ff95c9b7be671f79cd2487ba5":"f973f45f75fb0d68e0bc5a723a72e722e6c8f3fea08d785141c78786da5101c6":"9475c697af430e94ed396c707bb7d5ee5bff18405131a0e898ed38065abc28ebdc1dc33d767c4dab69c846e3350bb414ef2d43798710958a6ff3e6b55de93c2ac31793a1dd4b07379e364ce72553323b9bcaa8839cbbbd347b4a82010b78967219b84c6fe9f9285ff741a0036aba6bfa7dd0d5a4ffc1936341b0e2a31082123b6d2af6740cb3ff43bb4a87ee74ef7eb06030745453d2ec225c8f31d214f1dead0f29af01ebfe90d2f8a8bf5e031242ebfcbd136b3e3db1f63a46f69a26d6159f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"898963d0237c58e4b7b6e894ab271555407d3ae8c1c4599f5f5490ad5701984a6e5ddd58d311b547f6fd2d4d67addb4ca6b86839b83978baef72b8cfbdd0cf180518af0e32e52ad4a73db460af05e187":"":"cbe5f14445cd310aecc97113232a0121ed2082f2c4152b4be68448f36c91b1f4":"efe0ef028e4179ae10b378bcda3d96056ff21d94404bfe022b563cb6690ad563":"98cf6a771c05f904b53ff9b12709d20bc3f1821385cf27ace7a4a584e73866c2":"5682b6bd667b45dcf16527a817852b52a7f5d0fa8c962f3dd3af63e7e71990da92b75e9fcf5de59b1565f525a734e978ba74dd80fe89a2e527960ce4207b9ca514d933676ad93e6dff5d57314a45889637a623eb7832854c3897faa511ed6dd246d2b8280e7d0524647d4bf7715b5546e0a9a1dec246b1680adea2eecdc354fb3122654102cd0bf94ac9333caef3fdc369e7649653352739783d048e08e8d231b332fa1558745e2ce89dd76d1dc442a71dc3d5eb7d3481558941e261f989b097"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"426bfdd4ead656611ce49bfd9f213843c194bb6863534ebc258415148f457e6e685fcf539922aade348a2af678038610af676246632dd70920d661518d4dc5221381b2fbf1c2f3bfed01cbb930398095":"":"971785b18e244d03e25b9a80c2c2204f5bab6dcbcaec986342450eb9b376bb5e":"5de582cba43a610866578604c9f2a542831f41c277d50b324f4edf1e2e5d498b":"46e4c325d2c45e00a3c17ab35115b5370abbae61337eb2da4e6aa91f951f55e9":"f2e8be2e994b74a4945fedabb167778523865ed27826f9c26ca2b49bf32af1626ae62bfeaab13e9bc52a081f365062a5cdbed0872f6479cfec5a5e79171d97ea898e8d10ed71203882d1d7b7d28c5d59b8872985abc628e73622f616c4c0904ecb1e4518be8b4398662dff8806c3f43750cc9be95aaac2a4730f40323d63af157d13555d043c4d0d7cb53f202df282fdfc5544a234f71121e893814f4bfa926351c5e9427e90f1117a3bce7a16f0e08cd06c3d7c458f9d07ca3269e015733aa1"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"ddfb3d1d93e977aecd08efbd71dd48168e67658d93596b742670ed7c8804bd3e730d34a80ca1fb4ad2471ee22461bbda670337d675a17721ac63c3793153830a26b1871b316a3e10e49c555f44719577":"":"390c53a5ec1db52996eb042f9a76e45f0bca76ef6ea31b4642f00658342e601d":"b5436e880c15f03c3bb846d90f3ee5fc5bf5393865a112a4317d724738f5dd25":"d193f932af858698ab086bda36d04dfdbfaf487fae4298b38fef97bccdf63f38":"bdf9e1ba1fbafdb8f4628098aefae4810ee7fd565d0d285ddc3840f8e24a9985c2de57edf5a511079ba6c952c95c626e296fd62f3579ad03db536238fe69158317c9c26d373816343505c60a48e07a00edff8fbfef0ce69ed176e5484d056af02a270bb6fce7bae0b223bfd98ad359d53b159f3295be3fd630a568d2363121c7021ec23b14693be48f5b55e06be3d729c2a80948194b1266da96317bc592362809409a7666d5c168125b99de26da741f17ca52d63685ee8d8260d45764fc78ea"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"457e49a71da81a2a08bb19b97ba8e62ae4b5ad4ae64daf758a83a75506f9251149b2bd7180f69b9217346f8165b7cd8f100e0b1066e2877f5e5da21b037c2bbf178611dae627d9beaee64a9d0186462a":"":"c3181f694695c21405588f600ac33871b519e2b8e3b876424b32753da483d6ec":"68e717410f99ae13712175e402b51058b7625b7da27224414b472f9622d163d5":"f2cf13d05e853a13ed47c5d0eeb9c0416688050342f0d345ac1bb21d5ae675fe":"fc23aad02870885394ca831b72201d76cf736f08f6132b12178e8e3b016fef8d3bbb849e5d935ab732054ca701154e7d3e87d1b51b7392ccfaa19c4ad28638c67bd149ff67a93c09ee1fa5c2ef7bf9d40844baae79169e52e9990c93f099e036b63b000fb8ea67a13167b045c8f9163045beabe0575fef00b89fd90390b0124961698f4ad8884a1e1faf576de7a179c03221402279b31c93136b9436f9a07b5a67b1c199e7c6cbd0b5f53ee5bd0ef845243077c6eda0e021ac9219f6db5ad503"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"79e96cc8e77d8fe72cd6c66becb52753cea28bf71680fa541f345b83be79973db4081201bf23c94d1828e9ca1e825ac18aedc5ceb87a4c1b0c333c88d97e0f12d61b338e5ace5e15f71283d31a1ea90f":"":"4304ccb2666b227c92e2b00659ce0b34dbb53451591e32914a60d6e6cbbbfdd6":"d6e74777c02252b0613357b9a582f4d8cd7e436daf1674a663561b62d8ee7143":"0de123897d5f090b52db88e4c0f9fe736ccf27c134b0f5eac61b200d15e07986":"55a369d136e2d903c179472eebfc45ae236994669c46cd318401bc662f38a1f714f78ac9f15c819d2bd876a7af51e6caecff3c650a3e661e5d137a354cb16aed5b1554545bde08c10baaa5bce22284083b43a6dd9941a37f1a18929ced61181c137e9e38c79d107465a5a12f2a2f37788c8e398ac48b2be944d6dd3562c05922c25569c26a1203fdd244920e6c268028dbcf6807c05bbf1559969981467a479d7117a91f210118c1159749a1dbce4d8a0d5f2f8232c5152cbaa6441865ac3a88"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b37180874dd4a7e08b1256966ed5845001b0773b5136956dca7194cd12a9d9e1f1dd35534f579307de11c1e64875e9377081de3095d83ced0ea3df2ee8d5be4daee545b431dc908bc10efc04db16ab4e":"":"d3c8aa88cc8d5b59af3685177cf3826cd675854deddcb9b501c40c4288cd9cdf":"6783f5bd86fe178e6a4d303342374ed32853925f143a5ad083c04a9c298feb99":"4774e5d062eda04b680d717f652d87bf5cf635f597287b76fc35e2d5ce593d08":"e478d45fd3eb6f4c398a0ec84f93ea6861f00666753c143506c5e417100077e2c4c9ece450d98c9372d68aeffe9e57ef9176d4084f9c6d02479b516942dd4792a90ffe1e4e49a8156bdd872f1f05facc06e71e581f919cd94fb97208515ba284fcd255ea6f1d1ebb7d351e1ceea1cdee631072d3fc3f4ef9d5fc57a9ca98c88b81003d858cb5be0a3520c34e52d3beeadf91388ec9a495b1fc7ff7a6799ab0af211abf52c15467274c04bd104df14033df000d8624acd253a6c954c0d89b7238"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2779f20c02d086d30d53dbd6e7396a35e677214650e39f2ae83077fad70c068005faef347e7f73efb53a92f0629e012c7e1246d07b4e1bea7008dd8ecc7546e3f0a6e0e950e083373fde3fd994e114a4":"":"55edb840b85b391d4f1940be52a3e3824119349c780811c570d2c88dbefcea16":"e83ef56f09f82af4dd91a0b887d3f182dccd973435b74b7b3c432b39a61fe720":"eb9f30f2886d0486c5240f43104e426b36aae0006c4b9c64dab1bb713bcef7e3":"68c3feda06172a191184e0bb77a8f3c9096048bf71ed95b20cba1b1726660900d7d9f97b7ac648c76b50b921c28eee3d401ba81c8a46fabf82301fda8ffe9d76bd93cb275638f7c2088cfde88620661eb844cf953cc141b31e946338a0203c8ae67c2af1330a53251818aebef893010f16a519fcf22060a9aa9c597f3409465cf3c9ccf753db8c0bd3b465b028adfc447e37b5129c17ae9e8bd01f762662c466491fe57384825c163ab8a26d67efdda01b053c19d3bc6545c3661f2ad1df1e33"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"71c9fb2eb8cca98860f955a8bb3669c70b6f5374256da23fcbc4ffc2e90bc0a043b8ecbf1cb0c7b65a2cb7a47211541f2675512138964d0db8074727158bfb4f0d3c093f1e2c2bf697a48c2ebd27153b":"":"13b1d552e2c8c84f66961ac8c919166a248bc62fb896cff0b8b001cd7e147bd7":"27d626121ef579d9969809762c77068e4573af44b6e947a2892337a11404c133":"456ea206c38662750af39aed5fe0a39760f4dac85b83d7ccbc335f53a160a0c9":"464aee8af42ae68ee776780113805cade246b83a698c34bf4c92e5d81f28829ecdb808884bc7d784397f2b2f8c76a2e3517b53bcdc7257f44ec9357d014af4e8ddb44df98da72775567356f363fb85885f8f22505e5b5a80c824b4a0bc48029e3419d3d2f161b1469cead730cb123ca8387a2c8276635a91d0dcb2220797ae2702468587ac3a70b927625f3a6e2980d6fae6fddf4b380ca0d91eb4aee37b98644bdeac345f49523a241ca392972da02d70364f9401c21fcf39eeaf414a09fdfe"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c9e54bcebbbdf44051e80b91cd10c87dc24267923350b6770406551a5069ea2255201f3f15bc3a2e4caaf0b45510f19db299a41db8d56ce993ade44323c455fb1a3f504124c35a9e907d9765e810c939":"":"2819b3ee279d57145ea1020ebc77c46031d69524a843158192e081f2ac91512b":"269ac853ccd332fef61330af7e80a33791ec44b6cbb83006e5ca0670597b35b1":"fdf031b1e0a8016bdf6a6ebb533dddaae1a3a5b14b9cf52a1a8028cc720b10c4":"a1c4c1d6e72dae5e4714bddf4a1cb8d01cff8a3973b12022011270c0de7ceb85ffb6a6aedfa54d0521ff33d748fdef8f29c52c7c414e692a30dfd0013776b58f58421605369c83d4d891a19c782a2d036f9638aba9e24b0eacdee87d4a8011699b638c287f0a12f11ede86a946be9c00d21a31584a2a0da536dcbf86e2df63be9a7b771999c9c7a6b748de713b7da757de2d731a8d980b75136b0fdc75ca7aef47cd36bb9370c5ca0ef81b9a04fdc78698720f68e5d54e1a777e557a1dfb4c22"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4d95f31b9606a5f6d04dff1d89b50becfd0882e6cf51c1c5d24ad843bc12d977eba4582c39d793a63eadb63f292568c7fc4270e6c9aec83186a20819a7d35e7f1155ea108794302d593c53ce9d25422b":"43bf6f32b3b5f580b54179e4102d063536e7c47681d6de3cfe88fd8ec66e4873":"":"":"":"e991d000b24ebdf838ba11f9849591b0029feff33604bc4d71acd94301f8d045eeb1f81f3a101a297403a35859113c099939638680d481c86067f54762892f82146f61cce7bc2c85d395348f3ea2aba6bb3e59dbcf8e41a81918b6cab304d44ea1e32573cd6936f38cdc11d3c2f96290cc27b0dfa3bbbafa9394acdf2f4435170b428563427c4b02ed25924226edf8d5a5eca4eec4aecf98ef2e6f75caa70bdd84877df2e637b7fad621c6170ca5bd86e21d0bb01cc90fe2e76353a9d5687bea"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"1378443dfec3c03d36b16bacc480edfcb1a4a509c17cf4b35787dae3bc91ade6c113a1e0df927a4449ff9e2f4f1cd9a27b07f57ccd6777f6d6bbfc9655f0676d7b4f91712efd43315be7c7f30e51da89":"f67cd35afbc96756499c68a5ea19991cd1ad4880fdc13afaa817608a141e9646":"":"":"":"b32d9838b3f45e3c4b3ede1181bf0aadab96d22790d8536f5913fe95c3ec0179dd1c7ae69430bc8c68f4f30105199b785a11adf7abec007d18abcee2e65df5a211adfda35fed8b9389a61d2fad33fe020119e72c782a316f17f8a588239567315bda461f5f4518a1aece4d0ae028c153d67a8d4ce620e571faa0403c56bcaa864822e4d8ae6d14feafefccbe879ce4baeca70d436218e0eb3a62bf15c018fd4cf66a50e3d9d7cc9e4744e29e9c945eabf03a6a2c4ca57e582b60914417da57f6"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"69e9396c58ed867eb52fcd046504922e2e9a9b059234cdd3f0a09eee9fdfd45dedf5d3860b25115f8a3d0e2f3f543890a23a5aa278f836577956944a098d18f05900d1b076d30ea745be745b9efc0dcc":"1b6e1bb613d199a5e6f1b5c2ed041cf6f6633e2ef4d50ecad89b28102bf70554":"":"":"":"ee09f7b24cdc6b51a8212ca00613633c1a5f044fa921bec31baf679f5ba66bfd723721a03e0f260a44ad5cc4c580080667a781427a34c3d2fdfaceb4b040ee675491c4dd0c0d13abbe81336384806e37f2729e7fd080fd57011b54b664d58534c831c90d182d4d955676938d484087b0086d2bf2737a912afb66101575ca2bc5acf845f4970bb1ce4441eb667d5096319d6282714a8a9708ef9964cadf596ac3e7b1ba18fdec7e2e22f5e6352e825e965a494cb880aae78477aa3bcba9428107"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"d2f390fde0b50ea4afe6baf29a75e698fb0275c04c481df03910d238f4e72c6f63a6231df89123c2dbecfe0cb0313db34288f4143694ce2df2484d20884dbca097e35c3fd8ddee5273b53c1149bf5070":"2bc38d852d1ddee2e89b7174032d96c0b97f955e16bc61716c5c64248eb6232f":"":"":"":"e62346c72ef393a2904e982158992df4ccab03142c41d8d29c1454794926c48570eef34bd021d44cc9106401e9cbce6ddbb6c92257e89a787499d7f7a2dd527833307e02f44645ddbcb1303f1da95382c89805c76a2f12eb13d2b0205b7ec0ef21f596c98af608a2f2a2c5e3534e01a23ba25bd5fcba0481482e1ec8138fb1c86840060919d7620cb7b879d1096f64aecae1ea085a793a9f4dd665449ce73cb3036dd5f2a49138ce88c461a0a9e2f0c1fb8338f5eea53ab0a0ca8a8df9c315c4"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"0cf86ffa1456c453b53305353ce43ad3ba44ebf4c6943cde8613cdc417ee9f6e759c0bf4676f1ebd05c519eb84dfcd3e379ce61016e48cccde24753878f7d8fd5da72518253b2f836f32e5b594d54ad6":"088c917f84679641f491aaf105eea0f02d0a8ae0b7add69645d1ef304c74b417":"":"":"":"79e71d9a974cb88d9022d35997032bb5fbf8f0daff411467217837a836aa44c493f868a333d1ebf66689895b53c9e01d58019dd1da2354fb966c88d2d6adbe66ac0b8901595a24dddba609478ec36e497f6fb6b4bcaa88b1e9a9c87088f66611446e8c2873e89ee1006b6d92d2eac54714fc6481e7782b38ed4b18d5f9714ae6a544110cb6063c8a9964c52a7026f52af448783c3427092e0339efd7d1a8522848a2faa8aa19c21363a537766c05505cb979269c73ee90679feaef8df13b6506"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7179c434bffa377d9b6821da9571667c8b962196f7d8aad062e75b6091a34a454e8f4d14a60fb5253ae373cf50edca93b8d2eb2075076ec8c7a42b7adbe7723a6ba8b51a55fadb16fc3a6fe9da020482":"bc1c39e646afc1bb62685b746007148494209a419b733e938c1a5d02e2350860":"":"":"":"3093a2e1f502d44d8be4f35b386774162f0e10870f9cd34e3b9d4e77c7ec7cd10cdfa0bf8228be96cb5741f069440a6b6f9ec155d88ba66b7fa84959c53d3574bf1cf9f1561006c776223b881dd396e9e9830af2c1b5f7457fc45e823b411c5c2ba3b11219aefe5508f75cbdb5e40edf6b1f61453541ac98dad9ed502bf1a8afa79604261c7a89e78cf2941d520e0c10bed18820da6c23a5ed1c0dffbb04cdcc9c3284d400644e9365c995d8c99eebf444f2cb051bb62f231301d31ea815c338"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b063333128a6ab4f433f151ae8aec4283ab6d1cbf4a69447850fa1a25930ec0f4204da52752a9bdc788c5cee6d8b92e1b8530dbe0c81b1d34037ee53f20758d5750d9863ed60c762ae2a8b4c973acc22":"067708b24df7a34811993d5c65d5348eea73e6c6680293afab5804b4328e7a96":"":"":"":"5f74a1d199f30fa22f2020baf036fc61b1cc2acaa80b48ddff1cf85fe5dd200a9afbd8bc51dd1829636fa335660f36d5d2a516e4c38e8ef0c3cad979e79e7e226b820634ef1d76ae81bc3e3807913eb0731b2e959c43afa83feb1d8da31dcdcb3dc3a4cf8f454c4ec41bbc822e58023f0d797c844bd8f20034b31d99579bff142cf53d2651d7a31b212d2b9d5705b048860d6c4e3f45ef1bf2d5e46433fec593b9f68be8b1e928ea04ddc4ce2fcecb737bb8f9d054c2ba5060fae5e5fc21a650"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e23fa0c86c8a7b99ba0d3ec3ca47349a57798c07587b666cc4ae1c9eff83b8cbffb49d1910bf05db3c7d0db7e27285ae9f6b4411d84364b27a66398f5b0a897ee2085526d3ac4f65e70800067d57a51e":"7ffdef21683a75484f6ac304801c213dc8cb7e3cf0f94c358a2e1ccc9969e834":"":"":"":"f952956cb8c528efe2c831c67b69e8aa7e79c013161497b9c55415fd40c7fae778a6fa82109a40dd72fb2f4d92e1cbc47f52d055485c99d893fbea1cf28dab35be1f162494cb79ea45c44a63a1685217cd3733dcfa88bb6de65c68f2390e479c0fcc6b398dc5498ac93002e7e7f360535d082c8e46386611075665060845c4f8bdee38c23d2f90d2b1d78217e865ecfb6df02498db837fe581c43382cd1d3a508b6dc052ef7c4d20349679db8d8bf8dedd763da8e5df775d133970be062a9ced"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4889013333cd1e2b3b8c4365bde690b66e06bcccbea25f04132a0962f13a7d458e823f5ec0ea091a07065593ca44fe49611602d165a35aacb352206844acdf41dc2c88b63b36912ae81875bfd3e098e3":"b4761d82a93e17d8a0a461ec8205932edf218157459a25a7f26ceddb59992192":"":"":"":"72aa3601986e6c970b8c2253118b8381264577e391e48bddff0cceeb5101975391a2c731f5611316b255c2a6c0554ed6cbf8acbbcd8609e3f99c3cec38aa060eedb863563442b7beb78f35221736c608a933aeb0d4a7cc050fbcca351cf780d42c5380284a6163520a80896ee7f71d2961d7629d673791f8fac10bd01d32d95e8efbd65381424c378bbf54b532a70c285d98bdbb559c9f37d6eae889b82d5006fba2892ae16acab103aff1b247711ef92dbc6e516c92e388fda4243808f95170"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"cc32ef3ea3b0db89c69312cad56b1ddea73ba4c302b85ff3c6605d1899a96f49909c6a54d98baf096ea5bd46abc2535309676d9d6bb9917271bf8c86c8852e29bf3ff5b2fe56ac094fa35dcc51547f62":"cb80942bfbcd8f112ed601cb12a5ca52cc0f280522db11da92ac6c76be3932fd":"":"":"":"2c972cfe1537bae42ecc46b1b41a691350f6e63c202245347e91602b93a4cbd5c8829e5a4f63f7ee0e29adb69386e8b659dca2e6000aa03beab132db6dada8dc35ab68433671cf621fe4593018b1eafd3a2191507fe015e2a5694fdfe2c3182fada71d18c5fdeed065089862249c5508f055ebeceb9fcfe5d16e4479dc17e2b59b5a0aa31cf21fc6b5925569b0ca63d1a5cd268a4d409f1039d902556236fb06e61c1c054ed3798cbe4d8c2a7b2d18206212591174cec9da519fb876c583a20f"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"142bff9332c48103221359040cda6632baa92cfbd1ae7f8b3d0e33d6a8193939d9d20d17fdf6edd1b3ca9ff600fe965746b0ba1b61e9aa5141edb77ade0f191b87f0b33c0f3620801a755dca02698883":"8dbbcf0c190783122aa6da6e05ec9d82ee29f8e74e59f8fe6eb9492fe410df6a":"":"":"":"2537a8638d5759201cbc225e844208c1d08443b055fafe23329aed5eb2d814703b0fdbd0a89c2d62f8f4ea7746905b9bd90706b734060c96e4e406675576bae84317bf36d8523babab72236b71fc6087dfcfcbe765de13cd1ed316f495e3bd08d780cd6a58849c929ef24b41e9561868158046ffe8d2a89d169ba31331611f0872c6d075b9938e5170a3b8612f9ecff4743c0db5ae365fdc2678ec262eed3b7c337e65dd1ff24a867574ee460bec7c374fc6b3fe9b0eb7bd9f5507ec5988d313"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"821ed44bd793a4af223aebf52413ba5e0e231b2029b3d71475ac028d8c10f86d2382eb9c62bab540be847e22344704d339b798248d0bf2990c0621316e3c98ec07f05bba8887783adaebe8fcecc48fed":"8d2c8cdb2ddd6934271941f071ea47dfab869a5671dff9d424b916c1ccabb02d":"":"":"":"a5fcf13e4a6b9829ac30171920478a7878aeda658803f2e314f9ef8cf42c9c1933cbd8dfe5053abd30df644ca062070662f4b7e7851d28ff801cc4b878523b4610891abb29c095a70665de1199182fa193439665cb19cbdb00aaf3fd0fefaa2278194e79ebf652713a28c36f2cdb83f96c8eb1e85c9969381b52bc3444e8ad5d82c94964544b3e6649ae3f532d25a2e370e9fc8c77753239f130091c43720ffcd2bbcdb70a75223cfd9346091e8c056227f66648941552efaa5a0a369291e9ee"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"977bad4c5d1d16a2439863af8bb6fdbc206ad0bf20c4036c044645962c36e2e853f0d702a54b70421a509c25de124f27e330eba581fc82efca522e43956187c9ee4f58f971e4b91ed51cc8aeea26fdc3":"51cb91cb7ff1b39e18aacc0baad20443522bf869f26d9d7182005b5cb1d018de":"":"":"":"df4acafbe4f28ee47acc5134ef665a50deb68de9b3c7e075b26d5731049f13ffd00cda05f612f20fd901ff127277f269c069607442ed9f7b41892711a72b83ac592048bfb28ab2c64c6b9f5eb4427450f4475b1c04dd4665998b638d06fe8f463e2f07ff46073003132b66a5d4d19a65bd08230d1db0234fbd09a98864f8ca824e7a0ca9f1d1662027a60c7e95382122674d88224fb192cfc129952ed6515912aded9c72a49a39a00f9f9a16abbd361b20a12b5f3c4de54012aeb1b42f6fa3bc"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"3116ef07685eafff1c77f185fa840bb5627fb9a5d79f72f8007cdcdfbfefc56bb1769991d78e9e48fca4c97b01d720d1d3ea6fa6ffbe2569da94b6bb36cd34d72c37d0218b3d02c391e0653e286b24b8":"f138ca3ec867cb7ed7d5fdb0868d7470de5f802fdb941dc400ad524d9032e23a":"":"":"":"59f01ec06c97a49cc5de469cc2b39c28db7612029e0e24e3c2b24f92c0af2383bfb9a0dccbeefdaec4bbd2607dc582ee7eaae6a4ffab251404e3c59c95e5460ccc8d8dea4db73e924ccd7528708e1b6a9d62d485c93764686f93df6fb8a9ae86bbda1e038697b5485e27e0bac9a18126bff1e7b104401306cc424e783f55ebe9940176d7123ef58c9460e5fb8311f745fdccd39ce552547adccdcd853bfba87aeb87dfe8ae72080fb7b3e5c4718e743c9f576d7752e3db1fdb29f160bde115f3"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f5ba27c487a40dfe342fe18e7f9c72bebc1ea229c7634cce87defd7aa11448e3f584d1769f3e76a017430e6e9bae6bb6c79170925e1156275311d86d4a03cfe3dfbf85f80bbd70ea98af76220833a0be":"34fd124aad5a10b852b2fe8481cd0ec46dc2d02ed9583f6e282a4c908e319024":"":"":"":"977fa5b70f4ca3c04b6f495de3bfdb4b8aef93bd14c82653e30a00a4678c602aa889766ab7caa434d9c15bd68bd14e66cdc609289a691dbcb391611be66c2056f8e675de5db9b2e2f15e5a330d00a8886eb8b8eed4076306d443ca292d783fb056186aa86e1dc9f18a113e015e535dffea954319cd26e5572f4173766207ed7d9b8b2c42a741340c1850a07139c0b358cab942bec51b159e50f5aa9d8fbe7ca9d1d2127a98fbf0f8c3094bea4e3039f7f7ab083fc9d050e29e7d4cc2d3d44caf"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c4868db5c46fde0a10008838b5be62c349209fded42fab461b01e11723c8242a618faba54acba1e0afd4b27cbd731ed9d30016b5827dc2bfe4034c6654d69775fe98432b19e3da373213d939d391f54a":"135132cf2b8a57554bdc13c68e90dc434353e4f65a4d5ca07c3e0a13c62e7265":"a0bbd02f6aa71a06d1642ca2cc7cdc5e8857e431b176bcf1ecd20f041467bd2d":"93ee30a9e7a0e244aa91da62f2215c7233bdfc415740d2770780cbbad61b9ba2":"36d922cacca00ae89db8f0c1cae5a47d2de8e61ae09357ca431c28a07907fce1":"2aac4cebed080c68ef0dcff348506eca568180f7370c020deda1a4c9050ce94d4db90fd827165846d6dd6cb2031eec1634b0e7f3e0e89504e34d248e23a8fb31cd32ff39a486946b2940f54c968f96cfc508cd871c84e68458ca7dccabc6dcfb1e9fbef9a47caae14c5239c28686e0fc0942b0c847c9d8d987970c1c5f5f06eaa8385575dacb1e925c0ed85e13edbb9922083f9bbbb79405411ff5dfe70615685df1f1e49867d0b6ed69afe8ac5e76ffab6ff3d71b4dae998faf8c7d5bc6ae4d"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"46c82cb81de474ae02cccfac1555d06e5dc44b6ef526e0e28356ffc8bc6c0fd0628d4d942834b94fc977609c8ec0a6392c0693130c6215d55e37da43d67def719051e99871db68128e245217d2aa3230":"5de51e3f49951bab36460724a63f046e75f6f610be7405f55016c93a59f1890a":"5dbb13f5b4eb275cb757513e6b8af6fefd7c9c9e0f5304fdd9b4c0968458f22b":"3ebceff3232e75c6beb79d97c78e93244a257f0772f82e234518c50e322630eb":"dc64e5a1fc7b32f0294db138dc131946e5602266f4cdf00037ffe513a44ff83c":"e3480544036a3684a88e23ff41a4bbd810f827021ca45e800aaaa36ed0b9bffcbbcc99a1ef1f1528b4bfe39514c7a390ba132d1681138c4b1b9f1a0fa1758837dde35d0f6c38683ba47a904937dc5ee3d3b75f909e5fb6311c6cda5e1121edc774e66092aa1dbde83e4680ff95c0bbc2946aa4d46770f247caa7b71bdefac9641ee99700fbd1e560f9f7fbd462ede64e009ced90c44c6ff03b890e16c79c7b8c959a27defa6f062168891977c637ec22ecfe20601d499443f1fb0ecc7d9505b7"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"df8053def0260ae71f67e197ae8b547a228e9b67ba7909fc1cb3adca51058b15f6d5951f0b60c972d139b75dc44a3680127a84799fd7672e429f20876c175d135e5f894edc7a4da334eb8b73a334be61":"26890036a9b17d8e805c38568630e1c196091faad546ba8eb976f3aa031a8905":"40ea6bebb0cb94b7e527787e17ef9f7d3efb889fc1e47e49893ac5c4bba988c2":"090271c307b43b951c20ad3f081d2838df0936a4bbdc5eb6f2e16b1db482b1ac":"c203cc1a3af668e45653bab6b1aa39ba0669491a06d00cd39c97b777a8bfd4d7":"0d68d903c85c0172419dc9f782c5d67a0b3367d13cb2f734fed95c7fc082291edbf4fa83354c6588227e40bbff082be2dd276c264823a8f31ba18b00955d7a1fd612a2f37d824bc82cdec972d3f8384dfc78b51dca61e815766c877ef3d2113704c805a250aee7b55b849af048feb3536fe73ec4f0bee97006881d5eed8ea38ba1b8d16a3bcd91fda749b77d688997bff09f104a2d8cd8e133ea4aa764b237787358dadae1c25092cfe09f79efeb8eb6e20c39cafdceed90e602f221fe6b1d69"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b1a1b468e1d59716a23fb028e295588f17be6a79e589027237681fe9ce354860b1cc33918a64c8be171e595ee6a3b1ef46c2ef21df2815528482ab4c7a32449b97ac75a51dfa1c7e67a763f17e97bcd6":"77e5a3eb6ab38419f84b57997627c6bea79703c95bc1cd24ea73eba2edbed540":"52aa0be951816d21a2ede89f53913f6d5d70cc580a1cda8a49f8e49a6befa909":"5bd8e4ac61bdfe752b5a66cf2e048e812a8aeae8e20c3c8c43f31180e4b18303":"af5eab21e4dd9443b1b16f40413faebdb0e086991dd3c53c8a51bc434348311b":"d477404bcaf0ed53788354705f0fa9f46c4e2bef2cd94932b614b3c34e0b0c7c28d7483075c9745bfbd4e31e587fb1db77d557fcdfd3fea47da3f01e42635ed3fd87cf6c98a2f20aa833a1bb74a15b158e47841cebe53e4d5d8c85cae78ade156e025a7737aa9197b122e73a29ce0a881c7adc8ec228f4c14e56c722acb0165b1595f010266151801812c031efcee4a7739876777816af8baf4d29496912a012f1f33c07107b2db5ebd681722dfd76f3a58e9d7426e7fa75e326eaa416c5d820"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"098b8c107fbf943bcdd2199dfd15f130a20d518e95dc81988748e1f0ecc5c45f74622ca2940807df86fb05f0aab4727525f19d1d3bda1f70825f3e1fcb18d29e8e410616c105fda9324f4617af39f021":"220bbf23394c3cef156f683d05739b76f37538a0d360600bd52f0076425b5f5f":"af88f076ab39db1dd0e7002bae187965cd144382a3d1ca7b1ecd65d346f7c090":"bab9d09dce5073d11fcdf9539501dc998b6fffa8a0716edcf583a7d7385ff41c":"caf8d4e10513e5ceacad6f9f145a6f79e5c245aed4965ae85e2e7c5914f97510":"f556494b3849d78b06ae75571f0b9c8c108885fcb041dbd7892bf639d8ff6c82e19e8ce2d5aeb58e8b964ce4f75976a0a9c7f3ec8373b83150b88d6c58ff9b810124d4ac62d955aa64d194afef2f77de6994642ec86cee40aa7a5591e99a63edbd8bbdb22fc3c2506beee6d507fe34fdb4d4f525dcbe30b5747ff920a13f9e230899ffffbc5615e994ee96a1bfd8890cf607379be1a39d173662d0967c9dfea33b14d78cc8818c2a1956197f85e92bc11133ac4f7657f2db20eceecae8ca636a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f54e9df92752d30eec01c3756d569bdb39abcdedab80b0aacac76ab406723f480bb359a5fc6c7aeebb6719ab44114a75afd340af202be3ca30e4de794b826237105202dcff5d1291cdaf266673275825":"b69f77d5a08850a13f8e6d06847c4bec181ac0f6b720be3c06c0b67d44843c6e":"40f14c3340e7092b898758ea3c36750943acac7fbb6a83f0df3392f7936749cb":"5bcfb0786c447675032d2a32b304f25737de59cd07c84d3875c45475b15797d4":"656ab204e2c1834f346d89c37a30164db414827d83ca732c71ec71efa8182c28":"6eb8f276a8ff516f789d94d997f33c2e40b227776fae0681c83fde659462b72d37cd48c95899530ca072bf2470986ef29dfb193be7ee9ab3f8cde2317c9bf02a5f901ccb62bb665bc3a109eab7e3910888a522c765eb49b11d1ad0fbcc45abe3841e9bb4fc0e73188497cffba54f3ff82260767d0f70ea1668f45192e6719102e75aa5cc43084c50bdbd1ba491bb61ee9e5175092c1f50d56bfb68977a567e41c1e05d2d1523c198ded737079131fb12dcf847219d71fbedb5659411d7aff2bc"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2cc330b34c976c859936c21e2ad88bb60ff153e41131567f58ad34bff5c9cb418939fed56356af7fe215986a5d0ed8e9a078dcb1d3fcee6b99714eea3bfcefb37a344a69d414965539ddce9df239be2f":"bf531083f35066ebfaeabd67b82d392ef6b121e7d9603a5407c5bc74cd596023":"51f223dc461ac2df1c4877f65ca876d635d50939fa9dd586c176d8ab73c6d605":"ff9d6807d71ded1305d9e2cdc811dac2d73746b001b53ec8a5509c4ce0a07efa":"f5222c8966659974dd8a7244d2cee588b6c9a2700f338683fff9ccc45b6d3807":"981abda0e405c976435ec7f938570d911e5bbb32add52a8b94e528486e9dafae139eb15cc2b56fedfb9e4b2d10dbcaa5e6ab985be16c62b9b75a037684986843a7a0e3baabc34859253df2a053dcb0352a0554fd2d4530de0251b1b852d1d3b6e08548e215902ec8dc46ee89f3fc262c7a35aef8216b3def65bd56f0482a18a329f96863afd951307740fd8653d333f932940e2a87523afbc162c5c1d2bbe16f33a4b0ee0ec75bcfa6aee6d8348265938738be638f78506ab731d3e9ab345551"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b4e5aad9bf4fb03ded64e4bf40ecc6fe2214049bd5889a5aeea0bf47be8670d329e6ed04538dd6d207767c367406d482ba7ad29231fd944f00b8d9b762935b93819ec62e0ccfd48f619ac40c9c208304":"67826d2bf9651404d5df4db84ea64dcab10697ecb90c68041f421452109af3c3":"67d6983465facf33369eebe0be12dc65fe736969e8f41478e44ec25d461e4435":"65f97c99140c8c9ba2ce37710b06f822cc0eaa03589157a3b575bc9c423afc3f":"19c37886d613d24b0592ea0b3a465ec8f8a9229abde3fb5e0122032e1ac8dfc5":"05777487bc152260a852e1b31a091f8e929ed22d8a652a77e4391abce7efcf0570df3d466d56dc51ef14bbc55309c6831655ba97c6050e563083fd1f2fe65b43d0cf8762ef6598d967b473b68c4143287f70d096a6ea120e3c07f2a95b80b393ffeafac2d0309d349bff017a49b9ea547a5776b5c38b9e981ed0a4825853cafcdf0f17269b9df6189fabc30388a383e3c28949625ef3d59a2c371ef416ace8658adc0e0b0104f1acd4b349b91b660d64412168d3c9e29680a5e324e4d0ab9258"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"27ae2120824f3d416bbea1f987440c507a4f01fed08a1be27e6ec16390c92c4f8dab04203543caa3981373fb991d855340c29baf439f23bfb599a5eeb95ec2059af24dd86c0825957ea8392ce3d980f1":"cd646b0d1971f249f4c4d1eaa17e60c311d813057e0b71819a503aa41e5c6b21":"90ee2d0bf06cb94190e6505a75d12dd77c266497dc99c5f89bde60be6789099e":"7d82b50cdfaab9b5d23fb6618b59dd28cf1a83c77ff2993d9f1edb87ed7bc388":"f7f728d8ef6af8c5e77cef1e837030a6aa5c12bc81423b0ecb07a2db95a32a28":"4b25aaf436eb600a103d3fae8e301d2755132b3de3c8b4c442129a88ebb3ab20c4d3a54078ecc4197994ff04bf0e460919978d47e45c7d10d76a1e63ae34624e2f64125ae1bef304efb1af688f20d8e212f6df4e11243a49177e4b6456010d784d0e4a94e75371a75c4050b27e48359549f8268dd2a2290ebde22282d96b2f38e3f06103dafae5f54f0019bfb013df39a76482ec7f878d26ef0e34c9c21e67fbcc3412aa0739e875da0e9ea1340592144eb232385fc7e605ecd10fee45524718"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"dbd5f508e8226acb957bbc4914ab13810b9b5b2b51a1b55cd4ac60f6b6d4c370963448fd323968c27d97e005b1a079c9e3ba151887006c56593eca7809b23cb768f5b3701b456bdc85fb5672a81db2d9":"0cda5d501072cf482d3c56c49a3c929b423f6e15a3e835888b3a9873647ffddc":"d3f38ca5c0bbcef46976c6a5965a8493f714aa2c8a2c817576cbc0bd6652beb0":"20014421f9af259892f017dd5392cc973f103d4736f3866e66329e5e7704e0f8":"686aba6c9c6c221b2b4a7de766963e4d9880676e7e6ac8e644dd273fcee519bc":"b720c7c56e10c9e436036fa8e1f1d1c0c0b7246c28bd36e5f3e88f988684b95a01127bc64cbcf12b9689f718baa52042b0837fea791391ee2ae42e54acc571239e5b654486a025ac25f46f10280ecdc65ed098e65e07dc3870b17af8bfd58edba026dc12b4ff04830ef132d07dcd7c62f67172caf2620a204869a81e39809db7befa25c5ed8a74b6d306c21cfd3778180d444bd99314a430ff4ef6b7061832df9b82603d6a0f646b398e7dcd8bb33a7926bdfa085a450d3de68c1e8cb2ee4524"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7093224d6bcf0915eb75360ab4bb789c15834a371baa24deeceb33f86e8bfb46f4e34325ddcbee671f9e45f7887c1481238993ec4a309e10d3f8e3952c840d564644062534f985a6b4e38688d2c800a3":"e7cf1f32ba369cf5545ee672cd6746ea9a336de7039ecbb25419259eabdfa44c":"bb186a460387baae27c11aa8c65d6ee003577eac47b259254a933f82ac683250":"d823535ed974b7ff9f19dc38b9494aa99f88143e3383b5a183ec00c925bdfedf":"56548af797f4a07ec42273f895822d877a311bf1f8dd5c96fd8449732a13a921":"159c6923fb71f9670db4eef12dadd143ee701bec9b0f76b56e9b1b8c473eecc3e38cf06c8f3b0c3d49580e49caeac0fd48da5f53d0d3e9c829c253fac4e4f09730177a63e0e759f043169e91459c9cf959d2230c7b94be168cf4fa02588d78aefbc855d55e444d671a69d274c66ad1851c56c0d880416bcbad08523cefa2fb384dd0f9f188e8a601ce0a92d42faaed0a299d6a9c86958854712427b35e73a0817193b50f3557e66d64ad80fa9ff87427b7de5b7e6312d1d9988ba77be90d4cca"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"ea96f8787458e505f5858e31bb85b6e335206f6d6d04bd9d333029193bd2a04e5f85ad152675ecc090119aff7720739bdbe34551ebbef10e822cd29e9ade1488c21fd9e798369d585d6f58168d509d94":"ba45df1a14e23361201a467d2cfb7a3dce3128069a8a59a9a388b8e31c48efb4":"d551272e5a60aa1232fcb4765e853de2ccec08941acc75188eca37120fa49aac":"c1b34347691ae9f1bf6be396e8b49aaedb38307526627399fc10c48748c3a7bc":"722c0efa445262f5800abf75e43d9daa44e3dcee7a7528f7313ee52fca9f1803":"e2f873758c4e71704d8545dd1eab51206ac11dfdb00dfd1ec9e53bdc7f6b57f5209727049d4d781059b0bc4b6091c9bdee947127b8c8f03f1ee5f3665720a4f6c6777682ef1937719052254aeb97e3a17b6b552bcbc9154551a7ed41d837a27b6c37b426508409b75236cc156dad89d896f25c54467fd45f9698a11c7ce01bfb1fe171e4d33faf73a30c8992c51a838e9c0537354371bf79146a79a6d42d4e987b9773377fbf384979690b2c04c332f22567fb0921c3e33088d3b011921fca6a"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"92ac19b133398b7d8ddfba3c6046421b3618923241097b8f68b6c7430b6d232ae9ad8f864f358afa7cac72bbc4fd90f16ebc9c15913c11094bf7aaa510e6241face016a99ca08de6525a570bd1741dc7":"0517ea7410bde64edcc70df48f3c87f578b38b8c7087def16031e52760037df0":"439c97f62d6b7aadac64057c0003a41a44ee549f60afa92797ee7c9aebfc8164":"669d42f9901e029bce7584bbd22a13a74e6f6ba50441a2633773bf5ac745122a":"8bf3c1a08b2d8459df96d6abfa90725f1a735809da78bf99f7fded0230771804":"3b832a7f1df591bba571bf7662914b0e5a3b34d38228e377e4e7dcb4b9cb396ac268d71fbfd2e1a5cff4429feba36f55c7e45cdac49a5fc8a787292011c61f4f102bb9a5d9c8fe1cf047956f21c74987d80968d2e4cfa29bd92a35cb96dd372d9baaed8d31ba3462b42084dc1841a4042311abfe4b3358f56c9e0c69e233638d3be56d0d269cf110d5200759eceb63fdf3b0ad25937857d129b68f038fc73a842046cc7c45292d6ec3766aafbc22f1491774624751f2c50fee830e24a34a27b5"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7a346bd6d853803d07844ca348f3c4837fce3e3a727f712223da248cd82db6ed4a9710cd8b9f2e7b593cca42da7b1a1285a78d0c764b24c3e4b21d25919c5400b4adaf0684c787326c19010728bc6f94":"3e8de39ab206ed166b203c97103059e6a9317d47f7a76bf4511829cc2e27a4cc":"327976aef239b20833d36b7f352e8e6570f8f325b568975a661b54b8ada49128":"9419cdf1c59abc03013d7d443c734aff57a6d97c870a03762c50b459d38f5e09":"f2c9c49c76bd683d42dd9de9d45a97b78710f39f2ee482e877e3b0844647f9e1":"24a83991f9455a0410213cc138696cf4eece7b2caca0a627c6ce023b7f912c115768ab8aad0fb10e35591d370e0372fe020823365b5bbe713417bc2f050cbf86fd626caf91323271eeebd5f2aae36fd0aced63779565604ef2653a0770fe4e42649eceb6089bb7662ca3d744fe178f5ac5bc20ce7a90325497f55ffd9b25c59a6b82f07553c080f0c45fed23ce47d972605a2f603b72d09d608548a04031dd2bbae9ff898201e4460479548d70b176e917ff3e3683e49f3330cfa77a25cc48fe"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2d8fb8796d8a1764f8c824c55b880c53d2205559afbdf1cecda3dc2d05bf001e6252076dac013c7094ae72ca80cafce2cab30a160ce49dbd646710bc429c163231d73fe0e121f8cef8c02f70598fa853":"feea8ae0b299d5f79315383d938bcf9b536d11e036b28056bcbbc7fcede21cfc":"1a0fc47fa95cdafd2036eb5314e0f56266e58abb0f03b5e679638945b1fbcd58":"30707f376333df203eafba7fc52b40d8f1d97521a71d579c8b8457ac1328cacc":"f179c19e45c4a4f3cad8b545d116ca29e45f322580b7fc9715313be53f047658":"eaf7523b910b653a305f9122363d96e17fd22ccb9b6158cc42aceea40c34eac73e496827dd5fe4312f102ba6aa7aee934d1f41609bf3e14c29aa3aca210e3cabe70744a09f4c180f3d1ddf8be0b530403c5238761226f2c2c7ae29b24439afd65d6d5a0aa8daa11abce36df02ce61d352ab08965122e16708731d72a9fb5de071c20c6cb039273498ff1588c901d997151edbbd41870031ee337b38233edfd78aab389fae2bd280e4bc85d1bd6655269c3359753b17fdac502c3a2e871149fbf"
HMAC_DRBG NIST CAVS 14.3 PR False (SHA-512, 0, 0) #0
diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data
index 72bddfb..6792cd6 100644
--- a/tests/suites/test_suite_hmac_drbg.pr.data
+++ b/tests/suites/test_suite_hmac_drbg.pr.data
@@ -239,243 +239,243 @@
hmac_drbg_pr:MBEDTLS_MD_SHA1:"567d3f4c0de396ed67569c070d87f2b535ec874e881418983ec42ceb295b7d312e715e46b96f9da5998f9cde45b1dc22db6d2d7bfd4f3930":"43c16ab49ca5174f907d7899ebd242e9":"6c0b479d9e847dfbeae230bd4601d0db":"0d5a2183c9f9ca6941f6a617892f5e47":"934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"f3a709bb47a36838cb998fb6986ff074c57932a669670570ff6cd1b202ee1da014a011f43fc02c51ffcb4048cc060763f2c58de2edd494275da14118c9cb7fd50475c66cc7e792406213a7d00cf7623d931a5947":"":"":"":"bbe3daefa61fe302bdaa6d4d379680acfd0d456b5d35f137c145b72626f2fcf39fdf7f3708d9e88c1710408a3d7ece3b0261ff538846fd5452149960215c0c22beafe6cd24a7c392d5845774b87528912c322119a2adf4d35a0ba61dd36ffc8a7e7475afec58ad4a8cf343afb677f087"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"0f508c6330b9673e94861ae2057e200ae8f2b330b74634d79fe8a4c698211080db07e58b762a2387379f0c0e2d01b2ca40ef82fec35eb81a5493ccef709dbaa0b0e4494e460530062c8db7446bc6af2d852fd875":"":"":"":"583367bde003eb2061cdb6f51db9c6827cbcefbff0497ba823e112edbf7f2066fcffa3e92d1e8c531007783554e6aa8a633bc925690ca6d579fbedbf9cc4d6cb08133d0cf8d4c25fcd3b6fed95f00b1bb17477cf67b97a557e7da933bdc121481755f628fdf0f0b1189a097c7147169e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"9082871e73b098bbc58f324f12f6a83c321360c9f5b400d00a9bb865ef5265083d9309657c40ac94b579995902df0e2084eb4a6410cac605e482ea4abe5c8eb73bc63f68baaeaa56d47f7d74974d940555fd3861":"":"":"":"67c2fd4397af79297782af9baad2a26b993efa48c689a74531417ae102d4ea1d6a82cb0321aee3dc2572ad27299e81a7a77f1cf837119e746988f2ec60bb01eb2ac3d110a948c1c33e86833757e2670cc3947658f3b2d32ac59242f152e889d03d03056f0a265ee759d3a4488b55c63a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"4701f34326930cf93deaeb3a9c196e307a890c8ccf44a55f84593b3388a196238fdd97d201998ec734821998e7d6bef7b31fa2a81343918056c01d65f519c8576e4120a3d6b9ce28ccf57eeabd012d2c14e47045":"":"":"":"b499b86b0a25a0fc84a9a1b902972e2bb5aaf9b84f13804d6180491285b9316218cde0e73eacf722b5c664f4e618625ed35c5facbfca153cc184309754ecaad9c3678ce51ade96dfe3290e125d661e2afbdadfa73240c24939bc31d171712c7c987bfb434f1db6ed44b321bcd237f149"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"a912b6755cd2d677d63268a5203739b0785d7d956738a596e269128a583921aacbba1adb7c6d1714c164143c8f44e76711965514651680235068476ab137d5962e5e5872f3b899d0e9ca5ae8fe71bdcfaef1d241":"":"":"":"0f410304b6d88e52c8d6039ca674a06c49a5fa1094cf341c4034e39990236d9e5bb8ebb6e59849e7df82e2d02981d8df21e4ba3381e606b99c16de62860a470109c0123c69ebaf970603f451f9e6acf83e1c5951c3cb87170ef319d9a791110aea0c0dae5623c287d4c454ec93227654"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"54fb376707de02a1c385a3da78523485111a0a099066206f210ad848f29d3c270d2fd2f668cdd3a57cabed71f9d784c209259d1e4a3eee2046846a55a46965e495eb29725a86bd630dc43cd60ddb4fc93c59980d":"":"":"":"a2e3ab5390b5b79786ec7b434de48e45f590b85513106008479d8a3b7b236c884b0f871d8dee539c712509bd70de351f3881cd87c9cf77c1a9d8879986ff0f6678549c5c6acd15aeb6bbe653a9bc76829df2f194c5f6e8c7dd3058971ce15273a2d559c1ac60a0014e5e32352d6be2a1"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"3a0c24b5a6106d28c02957538e76e96b3ececfa80ba4c7d01fe642a88fc822884cc36ac2703e8952ee635948715f78c542e6e3270f2757f1652474df4706490b18e649ffd95dc518a8b4259da193600af5d5bde1":"":"":"":"55dc24206aa59d34ea990ac6b31250f15ac056c8ecd52e159f3464c38e1f28840eec4c6423b0fd9971d11c5ab99225eda5d173c08f9439bb56eb1cc487fdaea934fa816f9c9e0d628f111cbe60a647e03892084f80775248d41cb587617671d99b508644476b66c1c96979e5061e025a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae7ff70bb69c964f05c99c0e7868210d567bcb5eb02db7708de162e6bbfd91fa17f30656420dad1ca69d356cbab80456cef922a9206f07d32c3f198c1a68e673c5583674bb1df1f2a69c554fdd3411c81a90c83f":"":"":"":"f1f3f79b1d7f988d4caf7308416f3d02371cc029a28eb4f0247c8625c4680a2dcbe9f3d56d92de6ee4d4031a254bda8a657bc147fb90c2f7783a8e3749b60633e5a921d015b846b3cb38830bc7554308af08ee8219e5acd1b699f1ac538930d257da4ef567ca570a7951bfb236d4d36b"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"86704ad0286f88dbc60baebc2ed0571de7b5ab64bc8554ba8645557fa10159ec03cc9f6f299c1c3011c73b2563e571fc24f5b5b50b4bee514d7c808873ca804b147201ba7ed43430d89b066c04b00b0a17694523":"":"":"":"6b1a26d7d21308d217bc8988067ef3e21f5bc10d34e89937f2a89f8da256acef50b6ea7d9ea877bc1d15002b1766e9bc7fea3d681b147e42359ce29d6d4f8c73e7c29b9ec14277fce2f6a0c518d24aeada44990f7f92b0d1184ff96b20c76d506f6f9d963391abec5bc247a2ac6b24c7"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"d0b30341b4fd48281f76a83d7de5769d05d5cb9e565b213c8e2bc8d4adcbae90107fc12fc1ed2a19f20beb563de8f05bc5c437637148154a12b1606bff071dbb366458b74a07a1c14114fab487772d436d4ce159":"":"":"":"fe2a7ced1965f013d475724eaa7d31b62740be411d899afa79f9fa6e73f18ebe0907f2f21388b6498cd365798f27f882a2c5c2744a9b25e8d351e77b9fa4471ceb1dd6c72fdef75977e4e4a246e24f56a615189e1b2a8d6782e8c5062b744a65ebe1f7c5fbcab333fdc155bfee300503"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"4a1a697e41537f28b381e05f11ebc905bd66c2c1d905d8c0b78c10c26cdf547a1b6f85ff58f48298a11bba41e3ec015d41a24d9e335e6e13b06b84b9f56b3e803bac569dae2d74c444bb58b3a6344bfbb9eee765":"":"":"":"15060b2bc827dbeefa2170ade633b0f0075a4b9b03fc24f73522174be4e4b08b93b421fa98c7c5a445c3aafed47a2eeeed63f19ef4f67e7726d8ff84bd94daa3338e397d52abea4c7d1191e30f3e8a11864f10ff56b2dbefd860655d34cf63ea22bbb54dfd0c5f64284c303a2ba2f49e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"e80b8c8896557d596e192c3226347c336dae455b50bf32a78c61b9a98c949096be51538e293d338a464eae0eb18f1ab21f9903d07a8b98ea2ad7f41fe7ffdc4b4bd0fd06138a84dc5217cc8fe39b92f9558aa619":"":"":"":"55574491d07db3aff94dcb71f519cffe2f96ef57219262860c3c03f9a5b8a1eb88869e69587f8bc0693c9919bb277dc84fa55187c0dbb20101f0c4e301dcd2fe21664e5a2f0dda3eb4f11df3878c5becddbfc3ca032a17f740d424b99be0a9bedfd99907229ecccbf459f5495533560e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"5c25f02bef1f1319cb6868d836c9cbc182fd8d86ecd87bc5cba41c163710074e80d1a30ddfd0f5d88c6682292cd50c68966d15e6ff95e117d342d974ff074ee872719d15745da624f8503a6141b0ac4b887ead5f":"":"":"":"9c5204d5471c25203f1d9786d38f71081a872f1c56604dc7570caa5439f17cddb7feff01cadaac8e0f35e7a5433cbbcd2dd4f11cc7dd14f6af629fd72a3145db6924d2bdefc262662367b7258cff36172263460f4dd52dd08faed3460bbffe18eb10ff5b3c6a97faddf65b3e21ecc98c"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"68b4e1ddfd16a1c1ecb0f4221306e77ad02b07993457eace086f66566afc5f12489633c605d11d53916eee96ed778d6d6518c5681f0fa9b0160da1c71740a94ab33310bc20a18710015af25d3d667c40dc619f34":"":"":"":"5c4c9b3276d546d3b6277a3a2089d4969146d833e0ace3e1ddbd9f79fa2158531f8bb26a28b08dc64bb1e610f13eb14c9fb23559dc2f38326e145ab509b9f69259a0d1a32f471d5abf154a2585288063845f99306f9bb875ccb0d32e9d49b42900257ebaa532e8ec223aea60abc9714d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"d5ee5e2e629ea17487e593914012575daa8baf2d0e9671e1b8aad16524dbdf7d04c11130cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a085c820ea46bb9091054d75a892a83c3850da0a31c15e0d021":"":"":"":"e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"6e531842b9b7fe2c0ee66899a1255135f784a2d5259c93ab3d63a5cb708e2e6cba955897d9b66c7fab274aa388a5db69713c86faa4a19709e9aab04638c670ffaa83806abf79a43e613e62cccafc637e1a1c0c14":"":"e628db057250fbc6fc5aba01b6c8b47062ec5632a8566730":"bd12e61e3d5218efb0c103dc49402800cfb863ec8925e76a":"037650ddf66ed42ea38cf44aaa94884effc5f831c593fb35886b5d601a58f74f868d89f2dba450b9c160e28f69fd24e30fb7a44189810e29afd0d11762d3ef07b4527f4134d6c53bdc9b024cebb6b40fbacd68b6acd4bb4d011d6705ce22f90d910ac4017d2426db7a48db3242161aa8"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"3fadabd2d8879bd2298f53c54b573db2584655e08a83289cb58a4ff5170fdc30d71bb24efbb5a50def315dc69146111462e204289a64ce72767499f299c74c934f0007ddb34bf5183bc1e5afd8c15eebdebba882":"":"742f7022892c2123e62379e9367787302fd18dc3835de0bd":"b60325136fde7c858054983a977262b6390a48419725febe":"3bfa419f9bad259b871703681284c5396fa94a323d646ddbf5339398c4d8314a999c230894ac60bf231762acada672f58154a86f80a8c4e3bbc67132e22ef50c0377193cb0d13c7e2c97cb24ce5bb69c73be2e5cd3a07ca2b000b2d7eea940053156bf55d846181e3748a91c342e191f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"0784a499424dd1c2c13f765e9ed88d752fefa83cec61154f82b3fd645f642ff103db9c8d1c10b5979c56a22d58324669d4ace3994927222fa87fd049558a48adcbd6ad5a2380d2d927be57fffaae037bf8a34384":"":"9f853db57c3da0421914d2f71f9317817580c1de4ca43d50":"27071ad475b8541c1a80234bb2d110637fcf4b4e20e06a7a":"2c879a03bd719595211b526101fe85702161711c67a81184cc42c1f9da5761e853ff4b8d19deb95a2f3323d1cd58a2e066c66e7a30059732eba43a4bf3b22fffa5bea5161fd775160dc53d7cbb4c892bc122e4e0139f8f550219cf6fbccf55d16d8a4d8d7776aa143c00d9e7bd1c847a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"addb36bc9ad134c7b8fa54881db1b18e040de4f253be28efbd36b12bfcf4721b08c5833eb0a97c668c7adbc7f04a9e0299549126172e25b9e624282c8e63eccf358c0ef1a71f8fd0a8fc49451db7757eae344e48":"":"e32540418ef68c3dcca1e7a0546e5dc7d4c5e92019b8cb0f":"327e31a0619305c93e9b5eef87102d447d21e21e2d8c1cc2":"178bee4059af0282854c833e11e7bba923a1e2f1126fe8cd7e1694602c180802d67b845a88ff786147f22a74e6ffb0f8b86d352cec2714ff8f308b1f9705603faf5b04bea3c75c87c91d5e6cf7583b5c45eb5f5a74d2bac490c8415d2fe07726bc334c88e3fb7284058b006f82e89ae7"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"412431badcf06f87551ec63c3860baf4b59667cb4753363d0f82fe7c968ea6f8bc5d015418adeae206005725dd9693af6f7060a2d5ba53f66dd49dc148de581737b67acd4bb70ff2f4cf20abc001ae1eb50cb75f":"":"d67f94a953e7e4e4bc0cbd517f963e599d68851cc333644a":"385281961ecf2d8175c0a718347d2132f059964c55f39f57":"357876e78a69cd4bc4e06b2c52ad28434520d54a4a310ee0eb026b87993514ba1442e25eb1ae22a3ce98529625d8db9b0e5b680d7e027523b0ba0184d3f2e4b9cdee027960ac1612295bcdbf570912ed05108541b97e3bb30ae0a122d74cb536e5db34b7d5ee5a042897d5d29fa3c126"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae914c3d74acb6e2d9b8487927db7992b838ede73dc918b60bcc94f0f456f454a6d100c90e119342154bc3ddb059f48db3a8d7b7288eb42d0ceb07532a2a357d20506ead28d9bd4a127d437a657a61f5d30b04cf":"":"2afb537c13fee9c4103cc6abb11225046d94df2e9838f73f":"6a9f670cb49cd9ad98a17cc19d00d4766344108f0c86804b":"2ed0c4140420c6e3798a13f917cd998b2ce6f98bac27f0fdb09e2538f573caff16904edb371f98f50964b7de552e997007fcd267b36abed12cd95d9a08852a4ca862872edd32c707e7a60e11fe0a7db4c0d34f4c70ff16e5c75e6f5d7ffaec3be383b8790ef0ff3a0d9f79850c9749c0"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"38a93c3ede148c91eb7f0cd327cbe8b27ff0e569bc5262aaf30b86d31be35f83b4ff50b84b5dfd649908d0c55cd5be7ad36d4f5f7f22cce066d3b589adef804bfaf52253a0e4c6bb03e000d649541e523ae52f1d":"":"e12c05f2bf463d24da9abe89301d2acefb7957dc1bab9ef8":"d70065fa713e2d691bf554a00d063222755e7204a3e53968":"3e5ad7e96c8cee899889640d8268cbea296aee96fca7bb60308bcdc08eed36bdc8a5b3126ed8be900577e60ec0f8b3d3014deec41ac650480e08dd3a425843b37fa5d1d621b5053ba4b2fc1804d407849a84e9eb5bfcf94f27c2a535e2756b8202ede1f18e81f65e3f7f51a064b401a4"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"384d6f43e7d77a381bc6bfbfbfe1a17aa35525bef01be8aaf6c488c46517d9b94380c73d3fb45a4f1b4d70375021c7df78eadb61df5d9efc6e08fe2d81ffa65df33667c23e3cc5c89893988f04be1d3634ced443":"":"a0271fd2552e037568cc857a60a550db050680fc03904fce":"ec095cc9e3bc301071a901d0289b54aefc796bffad6fda8e":"aca2571a9cf6bcd10429e146e6e94d1ae43a00db28bee2b60eb6a1bc1cde3d452dd6e04617aae7a3f813feaddc0f8fd25890004607f45ec995df970e1a3abb17b416bdbf62b6ba5625a80cb100e2b87260a73ffe15d9e6f24abfe9e6f9ba66bdfbfe71380d832418e2a4b460dd7415f4"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"98c8df867d234553e504fcdf807fb8bba51d23ac65dd8b160943bd45181764cf6df0049cad23e6aca490db57d12dc6c631604c943f153927d6d04af042e1da1b225eb8bdf4ee99dd405e3586acf8e44bb0184d68":"":"3338baea79c06f0d48ec2d47004e61c1c1e5056bf8bbecd3":"79007bfce109a682b746df074e87c845eebd665532867fa2":"ba7040193e38c4495971827fb1ddb747ea80cd0bb1fd6aaabf85ec1959c29eba8f818ef55aadadc8c34b6a7c00f210a899092b9704f2e03abf3e5e8fe6d127cac0436441d0a6f1b02a00e5fe948539c66a8c78e70f35cfeb600e1cc68c06553f47ca053b64a0534a028a73d0890034fe"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"6150b7280b3105b86b66c2a39a1f0461cfbce17e746791afb241b298741454e174650ab1e7f08500bd7eb096e40d8114e5a60668636b6ff66d2622154b7d239eaefc9ab2aa3351eda2af4fe51de36e22e70235fb":"":"6ece8aa447d2cf51d8497e303c1a202e39e06bd723c847b7":"21d890666d2c8ce4440bb453f4284c3928650f8cf38576d7":"7554b8cc8e79330ae55575f9157cd10d8eeb58af30eeebe9daa021f4b55ce365fbdf3629be7547a89c78bb9df79d35179e5d2924aa032e60d5a00281f19ee2255c17a69345ed86bf36ecfd694be0405c8b6c077b43a8c8bbea603ddc632a1aea6771a6bc117dbdc365e2714bdaa8b377"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"cb25eef7230ac2da249fe30ea94d3a3332147022bb2207aab4a50822b1564c24a047ebb46d57f45f6680f909629b43129876c75381e3b7c6d06887f68083fc423f06ecba159a90edd394cc0ca9473e9cd0f23c89":"":"2f30b005ea5d5965439bf15220b1c010e6c79306e700e6fe":"9937bf3edb3603cbbe190f3616b021fad652011854e6f6d0":"040a30b82981f71e4607c20c1f2d6e6854824c90b127517f65b6c7da99fd33dee32dc52bd0dbe902509c50492a88e5963b2b6e27d046334b356e5909f85763af2de70e93a89d6a00e2ef81ddd74f4a33d3f8406d05b383fda569a5a574fb5e3c0c86a5096e94174b79b2a4eadebccc2c"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"1d7dbe4e83913bad3fa918262ab0f45cdb9e4e61667694f361ddecace06bf352b18dfab4c32bff9a013d3b92a2da8ed698168155ddc492f8ad5d65cda8eed212793cd9aec8acde7e00f952bb5d00c53c5c181e89":"":"f9c51ff8f264cae722734502f6799e4fc5bee773d31e3e31":"6a171a0a8801017a1d924f80fc5d9d6592b8b28a342f30de":"425024bd1d1a66d4527a3e8a8307b3206923bc1d693f5b7f9017f0d5527cd6591016758794ac89e2f682cb2d66f8d28f9a2f5ae2974a75f4d0de17dcd02e93bf29c69175fceba262378bafbe3eb7e3dabe974889306d0a2ebd0ad9d934c37b1ad89ac1fc28493e6b1f6f24620e40eaf7"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"a6887fe41ed5a615eb030b31b86315d32d13dd5ad506566ea23ea3b162b8dd621129736c8dde31708a7fa4a4c606dc212b3440617111e94a5c6722c3a729d84d2e5858c23ba8bb249456a11d63dba9d4260a7213":"":"a52036daa8172111e89c8991ca818bdd711095a1602f2f15":"cba427a2b7bb64002e1da3159d643e002516bed279e0d442":"cf0f5881032606c21a8ea20adba6a72e176e968f10b08ab6d08f997b24fc2a24f2c5d44d1b99deb7db4f388dc8ac268f966a34c857cc5f43efc601674bc548ffeaee1c13415df6d0240835832cb75840b60711cb636f509dd9b87b698615959688e9afeffa50671ada05faa564c87ad5"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"a563459889ca29b711086adfbf18f284fdd18601ff69916af1ce47510d33f205d4dcd0080f9dfedb2bc1e2e60fa0b9cae094102bc7a705cc223279e0fc3b0020b4facafc2b31b9bca92382f3810d5a4e3ef626a9":"":"5fc83f1f6dc0ad454bbacf2df366c803cc1d2fd46bf78d32":"1a9654667cfd6ad0aad9383be04ec1480a494262b3fee823":"cb45ce96a973728bdade51f91004ac09e155173769063b3fb4712493d8877f088127a3492588e99fef648a101cf1c238fdefd798dd4928b5bb3a851eed693f37d67360a28a2b27c4406e9ddefdffba662529b91a980bbe4eb381cf9734b336e2b64e7482e0328c2e2bf81e39edc30d97"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"886d098731abf3140d512e0d348a384d25372667fe7e4f0ce713b1d2eca7b2ad939b25af03f78edad75bf0ab95b4110710d0e12e714e03f7df35db59fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a":"":"a4f42d83a492db3fc053d1275c6f264706fa932955c3da62":"4505c0664e59bb4388020470838bb098c4ae1338c268adf2":"4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"a26af93571ba84b58e14e921a6bada73083ec17f21580a152703e1741392fc9ce6046f77d6eda5000f3225ef28425e30cec138a16b0ebd885fef074c6da2a7b126fcd1f056e3a5fd5627368c63681cc10fbf750b":"0627d10b1e5b4f0fff96d0c7e684deb9fb6a4e48959dbc29":"":"":"98d6bc7ec7cd72da4c750d9173518a9a17120fe9af10cd1a7d872fac505d9276c551b821a868cb8b4d8b10eb3b05845827717d2975814b5080a2f4aa50c5b112bd01b8652f2d1b56a88c6c891db5f3f40d1d1f0648d84e6ce2138c2c879884eb4847856198579eac759a065a5d384c46"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"5fd08930ba404d13a7275227660869e7eff10e103548e6ea15f0816ea93b649f6aba408ac710c49eaddea0b4d1e219577e6f6ba4f193386228f6fdf9cdcc50d5bdcf6d1f249e9cae0a097bb341e2ba3581a3f2ca":"7a463958302109d5fb9fef1a232b5aea13ba58a60b70911c":"":"":"a1a5c9d90f9340c807efa2068c6a0b872a4ad51a7cf90e14b4797dd894361712fc9507bd61d8ba984ecf1345fa3cbcf3031e2bc4302354cdf3f615c3a1bf43f60a464698e250726c37a7a9a23e1ff7e8d96df03957e3a0b5e6c4c4fdbdcff487e467b12dbc21e07eb8a7c4cd7f779912"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"625d6a509ec43c55bbec45b4244fa0bce24c74cc270851f2d32e4bb4f1961476af40088b5ea81f7a86efba78abdfb50be09e1a68851899e0e9acd95f77f16e8b0aea5a9bf29bc1a18d32158cf69c794f3f47fe61":"bcfa259c919f6e56c77914a272959cda6d2cafeaff87d91b":"":"":"b5bc1f03099547ce1a359bede1f9f3b76b38e8b9cc781fb3909899144f4d0a4ba93272552bfb0ddcda51165d0ca3eae47d10961a62692bd9edf2a9339c8ad14469f1834eee3c3fc1074cb1493054f84273e4adc73e5eec6cba284c5b7fd8005f10cb67b0fe16ae0b4ff30d50ca245c5d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"bc0c83de31217ff6b22c719de8c6653fcbd8aff7925f04624c76f586ed3bab324b64fa8a1ec14efa8d8d0b41eb6735d517f6c647ef8bedf3036a6ca90fa1d2c528722de33f76f7375711b6b4127b86fe096e72cd":"d7ef6b5dd09c08437313871078ac730c2f85a5abae6d6e24":"":"":"6d415afc0151c3cb426eb3b90c209feb726c01e28785678bb0b8d9143d4b7f31ae07e384816072e2df31350b133a8f4e3ee18f04b154d194513d9b072a695e52bf03eeb4c9a1df85dd6ef98d2453dc39390bc3a17f3ce499d9b182c89d0591dc3dbdb7aecb626b07f0ad2737bf8200b2"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"caca2b8631502fbd8bec33e89066e77b97a57b09d21a92dcc7b65897e50d7a312f287932c529f6a6fd8be6fad5c467f6c15f9bc0f39653a6e4963c0d4c4baa9d6ad39f4ad2a1d6587377ec3898e63e02cc0c454f":"33691da7461d3355659c4ca927b4d3e3bbfd8e775b535538":"":"":"89abe8e656667299705c4c8b208f0fc400897397d15aa3574cf86c0a6415dd30ac5d7d8bc629d8ba52e6e5af63818475874266e98a43ab5d3085d2856950e8d487ea22e01f9ab7fe1862be1fdb9a97cc24eb9ad05beebb202716607e8b164cf63cacb92504e80e68e641af71ad6ee47d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"5d97de97d6f81a858ad6ae0262e58169b27c25adfc2bff506854e6bfd37f3a4d8c4b46cd78d0a76b0dc67e0d3f90fb04c2131bc31239defc8eabe9be0fc589a554a4b77fa79c64c03bbf87a32031530d99bbe397":"a0d8be30a0972002f21ce2d7cf3c8e84907c638e0093354d":"":"":"67536d7352a49a1a49110a1dc1b77dd1924be34123e027aea0ba6064ae0aa051d4470ccbf923e0c96c86f2d440f17f45b67c4c7785a6f5006bf0cadc13269540b2c59bb75f642e9668feb601fc60c18b94d65ebea0dfe5fb284e003a58837f9e9e120481ec2ba972c755c6a9134af683"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"9ca7149b0c5ccb7a0f7ec5399c644dba98c418373460c59978d91db57ff714897ee71caf459c1dc164655140810992fa6cbbb708ba2e61053d5866ba6a1bbdbc639fd21be4383beb4a4d370e86d0e9739ef849ae":"2ade2ffc19de7fc94767193223aa1fb3461cb29d970c8f05":"":"":"b39d6db529fbb3c6a90d6b7057759c26a9fa26024d2b65e3bf459881ff0f88a5b93b87e0779635022cea81db313329b61613742cc82b52fff1a2e6e24ae0eebc0917d5e4573466e4aee3f0ee0053445566eaa080c3e701bc35d40ce5105b4b6572baa7b4c84a16e4aab501e6ef670164"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"cc751171d828dba023f430b3f5a7134f733f4cc1ec76495e98a6dc2a627d97924716d7e6b043cf15c62ce8da1dda2a930c88d6d4d12ca992a501f773dff5d38e42f150f1c55ee358aba1e73cbebf465baf9fd0a6":"4ba50a75424970526022c7351831c58ee75f1e3aa0c47749":"":"":"8b387e55b9c10d0cc336f5445755c0b6dbe971bf69a04682b21c9303a66e093b7dccf33fc685765c6d2bcfa3020892ed09ce6ea3e3355b3bc16741f34d40b5c96bb085c1574801d14b4f71c97cf64e75dcc330fafa1d1e626822609a9af62c894dbdd56307ccf1ebbb7ec09d500096aa"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"1f2ccd29bc38e8364a4beb0e89984b88d61dcd31d48e310ae691c0e146f495b9d8cf443ed12f3ad2da7c59c2a2f6b8df4e0202414791e106c1f879879b7a46ac207f45b5fed69c38309adf15dfd0dd75742c0df0":"e0c49aee71c4c060aac1bab1f438f9e2b0c96d710ebfef77":"":"":"593677f65ca4339c0dd8b1ae9278cc49adaef1cf889760b4631a379d82bc25123dfd2e1436d0b6b890d4155e3236fc1e2cef67d8bc0454099051e220d6925b37c47408fdacdfd54cab7be70f8b3b3dfc5a86f181dd559ff7182f225f7de87dd8bd69143be270ce76d2562c6e01ba4c4e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"f1bee9caecfd0397a6cd76f356ecacf1053981c64d315db4a51a244fe3b22ef997392f65dc13cf30f5b8f5edb7f8f55863a30156722536d02440e5f06e503795d2401775a560685f2ad3c98aaaa22726cd6ec45a":"9d42670ea4113ae02302cdcc660b497f3ffb19b9aca8babf":"":"":"78f31a24cda43acfbc4db7f17c57805a4b53353d668596247358b47e8f8deeaca312a7f9ce78832bc1da2d6b3727fcb847ca4feb1695a2edfd2ab24c486da125be1c1af4f78b749afdb57f97b4a8b892fd87228f116ba10fa739059581256de4fb865d1115c58284cb9850a24e5b7615"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"17b3146ea3ac1afdca446275f3b7539a517766b90e2da2c4c85db4802943efcd8009a9ffdd054440da16edb641a050fce3f3cab3d5f03d550111daeaa8841a9c814def76eec9c4e910788c710562428a39cd0987":"f3831c1bc859fad452a76ce513575a23e8b790c90de4575c":"":"":"c6c85936cd52b5271a6e70410e0b9d960d76f3236b548cfd4fea26504ca8a78e58ee914c6cf248f30d7ee3547eedd3a4d9869b15e326c911aaecb7f0c221f8eb9208a9b355e4b1cc7926380d25bb776f3e89904943b3fdf306012fc95d06b3b7c44ef55c9eee675150b332e2181f2a32"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"fabe526177dcd476be9950233ec56f9122a9b083e589c9264add302d4768c06020cf53e7708bc728582360cbf06a18de38e3da2642dd6751aa686dbf11734bd75a422571c9f2420915d7d79d9efea870e72d262d":"ba5858340e6a82b2ecfe1190215bd8da995ee8ef572eed8b":"":"":"10260dfc2f2322f530192e96a2396694dead62f9b206137108666cd199939184503da75598f54a89dff885a9856140b56687347c2c066a1593bfe02b8bd2cd93e939c424b33683a13678ba5f34df3f2f5f50b2a708d1d5a04683db00a607e2f80e5feb20086e3d64294e9732b0776c51"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"b7c9a1d221fe10552bb0b799e18d12cffd1f76d6a1e6dc79a36584ac7e13c355b9323d0ef2f97fc2d8a26e6c37209a485963788aeab084e923a3794c63713c2ee288ba3a99f2d407adfc1b87ba64fcc5a7f98e4e":"e563f8c8318862c7117af8946823e8570ebc64b3de1b293e":"":"":"100c460c12e5ab12a72bd4351f7b608f5578060b262f21d735fe79d13c942035a76f001adfd39fe93caa22b6274bec282e640469d3f454d108991a1b73d8acb3d392732fc24cafb15fbe248441462bb2c1278883610ba28486ef82ec2ff3d20eb9601866c7dc4eaf44cdd73e5b5ac14f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"78e5d4818964d748282fa8dd386ea9c920c4fc5ddb9d2204a3f6285082b8065dd3944ce193722e973f8300783e37991e6c4a6286a1a0fe3703dd78ae951c88a0ce47b1a23d91e0926358221713670a78732d5470":"fa058586d35f0d74d2c473e005e7f8ddc33a1f6d5bc79d75":"":"":"6b603b098ca74b7fcf3c8f9b42dde5b3b51e84cab4f67f4d87bc6575ad4fa3f1e0ee27085f88e2a5ecf4f57f9ba92638e52941535806d2cd1b5aeb5b7c81b3d44d41cf5b8073b646a9cc1b0a9f7e183b082e9f2270acd928623e8a46b46257e1b827e8b88b55c88a3a3a067cfcb9b2b0"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"50241739e3f08c910baea7f9ba481511b6ee5d69bb1a2dd34f3987a231cc25f39a1a966390e391a33dc21281372589e2a667cdbbe4267710d5244fd342c959b7272b39e5cdf67701d47665b61782541e94aa224f":"6a7d2f2dcfcae8a284802c97d77917e87c6cf8417c2b16bd":"":"":"4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #0
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"c3005cdc5c5b7b25ed78c9684f3faf6278f9a9c5a9fb202014a29882e50b21e56ec8b7947fe871daec2626f32372123f44a8721ff4339e0a20f978ea27609eb495c2342e9ba719bbd2b44ff503db2322ada1c982":"c4506109937e0f9352fc881b0396b0a103626a15addfe525":"6ee49c76d138eaa3fc10cf411e0b8ad5488d77f74faacf13":"8825122b506dd6f3a58811fe6c9a7e9271a6e68dcdd590e2":"e818887ca1c84717e277baf00913d65ed58a8f90b8728080a03043bb2ab53f55fa605ba0cfab29b4cb694f6aae6594dedcbe6f74e1f7573c2944f3703b89a52789b0170077ea8e66d8299ba5cc139943ab96254065a27abca2098a85162fb01d294d8671b00206b7f784319384e01b3d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"9bf2ab19aa7e9ffc3461522f3cf85b3292b54bd3e1099a42dd6f5349d169d59a152b2dce675874b665fcff802260ea84b358f6fcf8011b511834e8447a73c1f675b7598d836dc9fbf40f1dd0f481f47f95f3ef4d":"38d7a2109c6fad9205abc22b9ff705b7f671c4bde5b662d4":"b46e928cb59eac0cbed65645767e96fd824fa95cb96a1cd7":"532c8d3748205cfaa826fba7f240e9926cd3811da8fd1a5a":"bc367839d1510316ac3ba17fb7bf633a6eb4b61dc0b03cf1cca564db8248ced0b47ccb36e730c0237b0812af30361b5dce662636b23f87d6ace82cd3e34d45a1133b35ff9b8bde8fb29fe82298820c0c87f0e30887ddb15c9644bfb12578f0878a710771ad22fe16935c66681378f5f8"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"a3bfbed559c396b807ffa80409fc4e2c23ba952f64a41c07d3af5e5b78d8ef88171bd5022d3e02efefa644f4fddbe207e59397605a0408b0201f6a882def64d973c0714555d2c7e0a6fddf49558fd1328074ca79":"4c63bef79f71fa82168928619cd09b003aeb2ba2b04150d2":"c85bb368a82d57c70cd5ad6327187c8550f7c10380b2f030":"5d467e9c06ee058ca066dadd6f6ec6b0da59ecbaa4ddd12e":"1ce311c919c67e151b51ce3060384ca95c071a295f01e54349abaa2da8ef497ea1364454133d20f57da28985bfc6d1d2f58f84d144c85dbe3c9fd5e8958ce06f2f5ad5af7e16bf90ddb4a1e2947f78008467fcc38b5a082eb1612d68e36e3c0abfbfb3a321eef3754ac16c41f96bd635"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"1b2c2419e85386716135b3c142d749f1f5bc23edbf8c0a1c53b72f474484c545761b21aeff05cdd35621d104ee393e791737c48c5a6e6b25b58c5c5be28ecf17c410c9c9c3c3aa2b6385f66759f31b61f9fe0286":"b69011f446e50880a15bb0dd00229f765bf77b2a40040109":"67eb63a168aad8712a0e7e0f162af7ac7893e902f1aa72cd":"23bb752e6232144630e3d3a6daaa1e58a5ca315f21fe1d8b":"cd8e6c6b8a1f7f98f5d796023fdd4f1da2d72eedb96a8e85cac661da24dd0a7810fa04be0491c69db7617712582b43ec4bf112d9e2932288f25b64fb7a2a09ac8747b8f71ce75e3c80b854336a0457b8013ec6dc1268b4c7e8f7d3422a4a5d432f8d9705d6a273a09b9f9273f4928c4f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"62d059e3ecb695167e93b3cfd77f96e681985ab5d68f15473a89f9cbc4012e1c090a5a9e65f738be938f44fd6cb157fd9b737d9389e4e56b6903d4d015f9d80d96336730fdf57787296d447ea91de7e686c7a81e":"d8f121b2bbdb8530c6315c63e0a52e383c163c033d3b0854":"830e2cab11331b761aed55db61681fffad3a61a1a06adfec":"c7783d7357ff30e88cfdbc90569daf03d3fec8caf89619ff":"e44c9b35d3b847a928748094ba6754d1c5de3cbe3d90d4e2bd0c0f19dc5aed7228c541044b2b14d7e67dcc148ab04abff7c22a8f1fdbec4d68ad24a7c4b0f0e507bd7f2b4845593363da484b481906fb7207844597238b9d40c14237004e275572aac6a6d84d151fa58abc0987e54e18"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"fcf3887b4505f7a1273ad5b32e064ff51682bca23ed974ca981871a5b7f63e5ceee58131f9a01fa7c37ab14150c9323a03f694e463496c4159eb8e5d3ebc62f41264beb93098a42a3dd406b983e1fb040d108f93":"9b3e97eed077155cf181829233868d27eb773c398575dfb2":"75a75a15c622e69eba698a064b0b41c8bc80ef803df0f29e":"7b6a20a222a81dfa6fd164def816c2b6708bd4c761b2bb8f":"0b3d501f728d2f1d8b0d7dffda0160157b30d0d97932315f77022d1a6fb30d9a0ee4383f2f63377ac6e57b16b0c7480a6f5dd12ed3ec0bc6f104a26c86592daa3f68a499570703306e2c2448e784b67cd6efdb4ae64a2e8ffa5929e74c95b663c9b7fe891633f07d7b50f5f16e9fe567"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"7a6a0774f2cb5ddce6b5242782fd3d7b5c7c7e31cb5fe95367c06f29a5488fa37feb34d689c646cdb162e258ad636a030ff74f6a7ff876417fb08f5c5decdcc98692538bebf9958c627ad8287633f98c587cdaec":"fb16aea72967c43b8803bcdd3e794911f6d53f2cb7946cee":"67d89947396322ca243e2c591a3adc8fd9f1ef448414fca8":"a0d568f4fce862e5e1b22acca29e60d7bc6cdcf6cc277794":"758b4685b0db1093eebde07ba11085a9dcab64c8d5adacda070fd2b292bec49240f25e158fc96cb1d0ecc9ebcccc360b981d140e3cdba54fc697313014450a9af29d9d55dcbc5bb9a38e4f10c6a3e41874d5c6688f22d0c5714301083cbbd0014880af0f7d088dabeb4e84a64f26d2b9"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"19bbbbfcb755cd9dc000abfc03343ef64193141c3d3f43120f55674616e3d96b6086adf47c906981923c98ef7dd0fbb2f7af0ecbbd2de848f2b25cba8651b7e3aeaa0c59b605e6d4710a01406565ea30d0c4f68d":"e77cce9d26d283bb5d6e8300ad0f69df723324d23928c6f7":"0586c76051462d0483071213804385d01a07bcb27db05e06":"1c9363d0b3e9f42b6c722b8d62f9c633066587577fe766e3":"6d458079264d5f3940d098aae092690b7d04cd46d6d5dde753063b7194118ab67d3848459156b8f0216d85b5c583a1bfc000e68111be459743175fd114253cc24db72ecc978ff8620301ecbf18f42fc4697d91150649a8254a9850d5c28f9c4e187e409e496e2a659b2e79c06074c5c9"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #8
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"c2b577bfd802b8f599ca14bdd5fe5003ee28ae69ca5c246df4f62d9e21a7793281c48f73ffea15f3c3d444ba48367fde04cdf6d62498b8afb24966a8662461015135cb55034a63571a032d3cd2c1e6cf4a6855ef":"f0de29d4530b4af75b8defe9b3b24dcb7ce0add4aed6f72d":"90ac05703a8e0c6057dd2d8b1a6f16f0059e7c70679919df":"16935f700de9fe529a2bbe811dccad430e27dbc60549c3e5":"56988f9328a91314e4b3ae027bc6f43a01fe471615f3a319afd9bb63f55b13e681ac0ae830d4d3057882fe247ca4decbb26af811282f59ee89ea38642e4ffad9bdfae44bcdbc3a289bf431e0bfc68148c12ced1853e698e74f74e24aa434937390fd41cb4e78f823a262900f2f44c1fa"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #9
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"b5c4acc63ae5c68ca404bded2d36a391e8b2e9ef3b32eb598aa94fd6b5ede6c3d9c33ec77a195abb6f8cbcafb6c492a1d78f04439bdc442168d1eccc783d53a92e16b90ccbdb0284b383cb96af04e81728d1cda0":"b3e6df5e9ae10c63da4269de170550b92dde7c6e33af228e":"c9787b641b5c881dae53a69e2b3514ce2ea81e5879765bd1":"e4abedcfc4cc69da45467bf2bfb03d823abc19a746e3c582":"e14f46dcab0ba39965f170f01a07308090b051127685ada6601112aa236093f7a760530f856617d9e027c8279ef33d9fbc4b624ae26a277b9e6077ac71e2d2f101b84ebed007ddeddb4286aa4729cb3b28798387b757d8e99a7b6d2631601fe7ab4caad7983dede59b94f4c920ef1b29"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #10
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"7302ea40e214308136b8427e601ad61132d195f870f2a861c7b8ce1f686bf325a155d0aae1211401bb844893dba2909060c76cf9cda757d9e2cb24f5602fedf6a7412f49497c82866a8c9b56e2bbaf912f760255":"58efaa77c9bf446ce8d3f3ce73b7d1f014bdeffea2a2fdde":"68f9eab1893186d7e5cf3a8c37bf1c229344abdceecd9de5":"a0d3bf1de632fb19ca5326d936f79aafe59a0e809b13f10c":"f2c6a717ab10a9cc89f6d3a07bf6077fa33c2e5d67475ebcdd1b895fd0067941ed3fd8f251352403c2680df2319a882f39a91f8ccb7df2c06a13037f057962e23b8ea0654ef9bfc19b6ec982e539ea6afcd1145cee582d27b708691354b4c397a51d004c61687c1c9c948576009002ee"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #11
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"48ce334fcdeae603c54fc228461e7173681a8e8387e0c048c2acfdd6a78c955deb7dc25bea4e9924c4a2ae22d9fb6b227452addd0b6eda7769f9ceaaf2ca34568b3c198ebdcf5f6ed11f863097bd56f42d648862":"6bf4c173d264dce03e475fb3bde9fca2474877627bfb0c5d":"2a728f461ce1067dd38896002724b4967c1a9cfececd3437":"2b862cd7a94c1776b26022c27c0e4f2d199ccb782caae6dd":"07f80326ea781bd95efe729867d6c39465213bb698b5e486e6c5f27d3fac4fda3cfb7c831fe6291062d4db2aff59781efb4f4cf428236aad6a55111b969885a6b851d5462278d0863909a07796e5e0e8448fc0d674a4408cd9e91e98e3adcec2064ad37dcc566faa80149519f5ea261c"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #12
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"b23c748a9c9d206ed4ce6b8bacb6f7e17cacf5649ea8d1e1144a96e977a4cb22c0f37139c3eedbcc8b9024c6f21412f1600fcde1488f95744446df7b6e21a858224b9294a75829a014697cc4b363c3ad0e152ca6":"325bdbd8c14b766d4a7ff0e14128585b21af76de7ca30ff1":"2e002a406bb8090eae6c950944a4d6768c89d43cc0d8bd17":"4828622ff56d0867bbad03bac51b8c939a5dfa33a362b129":"58cebdf4676a21ded5eba4dd19452f5dec909c589751879ea4249a4c9fef834d85dcfc95ada82f7fba1476451774036246d7a496d4d427f37647ebc10fc2e1125b0b71da1fa5f1479c5681e9d7acc9b88b527390734d943bff6a76c4b22bb4f6ac331f7710b95f6806fa35a29a2fa35f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #13
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"606f388e8ae35faf979434656144370991e89b7457ca5b55d5bf2b48fe8cb64f549f48a812edbbb4cff895efb21c90eb26c1db239ed72da43504a1e09c56fe144f2d09242f2670dbe2561456d938352125b19131":"5e039f38d6f9a9c4ecc67158f40d3c8de61808fd7476fbf7":"21c7d976da71bcde51a3b4bc1b9a79cc6c4ca51ec992e479":"bac1c5904816c3040eb532622f127ac3e28cd78ba68404a9":"5f951dd774bc1a0818b249ffc51348bf1f36aa4b9d6a3348d36df84b5d3e824adcdf8b87ffecfec13fe36ca354625ae8db8a69722254c3f6e7027b866c529f9bed25360e0cee7ce41f996d50d224a08e965e0e5dd67a77142e2a3de0d559b9dae8919ad0387ba5fdef699e42016d7291"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #14
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
hmac_drbg_pr:MBEDTLS_MD_SHA224:"be16ca52551a6a0656c40539e3155eebbc416cbfe212101f8edc2f7118472907ae9b2b9574abe81257533115472610ab401d1ce1f8998884af43fa5776a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7":"ed000ad2e479513861014e8ff45a481a494af312d2dd5563":"feb295c74975f1e1c738988fc70b9d2603c7da93832154a1":"764705681b7781573af811fa7751dbc27d667af7a1e59dce":"ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-256, 0, 0) #0
@@ -719,243 +719,243 @@
hmac_drbg_pr:MBEDTLS_MD_SHA256:"ef9292f4a7a67ac4d4eba48936391bb45f8810c2ab02ba424cc8e4add53d1c514611e3233cd8cc8f6d69494dc336cbe1cbc67c17520af442933a235c6aa6b8f98128c66fcdd77843ae32e06b7a31689c9a6a3c540a19081bcbe850278d50adfac3638ec8cf85148a0547d28d0a7025db":"f4a8721a2a873f8fe94e4b3e137e866c79212f9c14f89be156c47a5fbb9aaecb":"b38a6628647a02c0de5b7acb939d0d1896c9c730106c8667d810bd4866ebaee4":"366370899b2a0d6f049e7d820061599a675cba5d3bc82ad747fa731bead8efb3":"1947d468ae4fa4da7f45cfaf32d62a4369796e532f1b03b1495587e6bb95d8330f5b7c962a9b0a2b715d9def79194741870e5c47d15a7308843e10616b891fc9e5cab7db901e0f1efbe1217dd627c71b54c98cec0fe1b25a84caa56f0bde247a9d9183587742a38825234b6b6cc808afde36ef5e17bcdb2c72c7645949289369"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"51ec4987ddacbcf6348e4a891fa571c6e3aec02879eb0181a121a4846344a687cdff9798761875320256e5a59bc94663faab8864cc0bb1e64343c0b978fcc0d6e84d0d17c1c1f4093fac3b4c01837c6b37d189d7608f0c335eb38fe1f43573e0c525093f60ef618bab297b8a4d9d8c16":"":"":"":"ade04730059471b1829bec8dfbb0ec708be7b4e77d688ce7cfba9ddde059a52f969407291440aa79492f827fe1a2f6568989fd36b4fd84e6699152536bff15388af319fb306f07de4309eb92ba3da5f7007948335993698d398bac42029912bec6ba39226c2bf238733b5081aa0a2ca392a719385184be619d9ca56771d8e3716a46cfb339f93ff48abe406ef788db2ada45ab5fcb7f689bd801a5ccad855b52cd4bf1d6e338f2c3eac94ce9fdd0dd06632d01ded3753e87957e8569a67eccad"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"f8dfa70524d46f3545db3c687fe85a8ea35e32eda470b4e14b8b12f4e9c6bbf6c08efa9ae1df90ae6f14b895c342ae07b5e8d563199a141c34e709c6e743260b573f88186f40f800c4c0ec9f9fbeba49f103bfa2d62d7ed8fc9ff88cb1ddc5d4ca4d074e0053c069393d70a5b3f1df3e":"":"":"":"05f4e609b085d28958f5702eb7b99f2e0c7a80f095907abd5b7329628aa6dce2e2f8bdb7a2992261ea414e6434dc98162d02c51936542218a31c6072ed55c9ed83c79698de7ffd3835d5e4d0f3a0c2a70bef2b6c602d1e0cc814c71b2fb1a001fb83a0e2befdec7e4749629693629ea2397b299cdf491415dda446817dd7d28da431f95162de83d917f9e9325774e2f7ef02fe8067cf4bac47e2f61ba235b532af3aa95a6517e9f1286e065ccf9b3eefa6cab4c940c83ee9a11da55ee21c8d06"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"7ab7da47ff7a95ebf2367de0a25c7885d80931447d2f5cc73ae7f66844910e481e05f53ca993b0266b7cde89960d681a3d3c568d9a6e35347cf52d2e0ff7ad1142983fd7d2c848674315ed3e009adb7154fde1f2d90019cac210dbfc06279d48fc7c2e900652b5cb638c1260acd896ea":"":"":"":"f00714df243103f54b4c0c516a7a631431dbefdecc30c09e8e834f09882100c1d0276273568cc6352c3028c156371389078236afe57d00edaa226262f1a7f6e0011ba48d4b8f089cd257b6b7cfe80ca2bbeee99635c277254546d4adbf046935791be21c48a7882ef6cb81f7bccdfcf9bc430d21cef1d788d4f4df6bd6ef5bcbf48e35f116d482d880f597bcbcfbbf68bc77f591bd7346d7a1085fbc1c2707c17bb288ce6bfb0a78a54731421762f18142975b8b3b79dec0d852dca80f1638b3"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"40e83cb1fbbefb44426350916b0995fb6a1c5394f2fd625774459548cfab27f2f92e2e889d3deeb33dfd6c40f610b71b70387af8d70768c52b36bb2a59f3ad9a16be98c726c2d65af457b2f7d81c75fae82523c977cbdf6138b1cbe5a9b3ad402ba197a3009dba459d3f534ea143e5dc":"":"":"":"52cfd4a4741b6575578a1b7aab91a366341cfd483799ca08b851bb0dc2f2bf640e90c1406fd09fbf9166bd55d46aaaef38e0449b7187d019e68a3b98a7dd9cdac63ae9c966db4d901d37cc147835d017915902621216bc1835d70dc2101ae50e0541f796bd6bca2e53260ba3353e6aa4eee56f80aa329173e347d83d050ddeb465d8e1aa5450e6e7eb515a92fbcdfd8530f04fae3d1a41b13151a4827f0634d6e80424c1e934ce0e2077f5f31fd177e9a42acfcaa67d4043fd31a8ec72a39e6b"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"39927d4fd0c3eba2044002e65b60d3994c3aad0c705bce2e9e41aca30a7c2f03e7b4968d8e729e868f5fd57b49a4b862b0bd169a4e2d77bd59745e778ca6fd762901ae3c0fcc48a0d6ee22bc8520ec450630055b3b66bdd2dde9f5215d241fa266d24342b50d42e2db5436a478c7ebaf":"":"":"":"96194dd1b6ac5efb3d4787bd1fb4c9cc32c29b67ee34369a7aad9a56f64f53526e9207c1d4c541c6e0df4960c54e10168284891841fe554adaa5012f325b3aea79fa4db8c36e67a0f914d9ab361d8ba0b3d6ca4904103f14a30a90dd6fd7c3f679c272dee7f01110f7229f4f5b6ed152a0149dc5a7185bf637d10899bca417cba8f919a2800d8a72d5575f0c174f98f77a1afad850334204e66156eff4572a6703aab50b850a8df498d1d96b1e2bc1ac34aa4399f3b13e97b4989539ca78e97a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"ad10dbbedf980a0c33576f7606e14785b2a903788b9b7cb4c29cf74a8bbec877999ca28c36c835b60680bab9005d8e4f341b97213fdb6a52e783d19850906cb643bcf48c291cd186ebcbf0a287e459d1795e29ffb0c7c84b0f6dfbe219b4f85d9fb893c0cf9134263a9e6a36c76d02a9":"":"":"":"5db269714c4ab774c2eb14eb95e9b60c6ccaa6e90f9f879e295cc007069dd231894cd8fe0c09bf748e26940160cd0cad75dd2e305ed1f2527ba857c42c3d0662d25cbbcfe342910498ced309cda1894a1186ab935fb614646d299ca56f86defdd0a0f52baee1b9b9be05df85a05c225475a7ce1cc58ebc488a4f57fd1f983881754dcfe3bd78cac529e9945c89383e331f0177e721644b3a8d82deef548d161e085cff59645a345cf7af3f3582bed5b81c7de7a6a216403bb88804f7d16ceec9"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"e9506dd05bac4750f5d5b43e0663ecba6444455ab6f662802897a493ca11ff05f76045b621004f4a88fc6b1ba859ae795e4846f17c3b1c127a8ef16d32381e27eeca77ec062a8a8f811f5dd7f90737147f5fca2b7cc89009b0350292b88d1de5de94e1e82bd5f7bf2e06882a925977ce":"":"":"":"abc3d68bb9b0d29655ee2057a60e59fb84afbaf9c75ac5d146a9856384022e4873a6abb963d8795ded5ce33f8df9275f8ae4c3da0037973487348645415ed51458529bd7c4996128c943ddfa21484521fc645723802318ffd5191e957ec453a8e922d48b1e83681c1463a03c34175a5d610f8f3709b3044f45084f901704547e301f9807a7d92036e08a3eef791f67659816fcb28922b9b52e2a4a2e81cb848f9ae579cba346b0507e91f26b70d199acb6da5d3544b8caea762f6f30178636d8"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"f1f00ebb7cb4bbb3b0a083a290d4d3cc4db53aa9eb3f2feb1d428cf6d8104bdc56b2a30e75782693d7565c5d1ad6edd6cc22967eeb5f159989c2ed7fdb62103c055456f5e1a3163bfa034c502ccbd9aa75385d4777d03a82606a890c89a207494d082becc22efad8fe69c367fa9e3350":"":"":"":"6b75aa14c129d011191b9016b089af15b806a494e8e763a7fe902479155704e1a92eab48ce29fd0f1e9d5a2014757c3cda6e021defdb91c796cbad709658edad6c8f7ab6aebe978d507459198e0719eec49b1926a7c4e33e34e8e366966e0e4e7f3ce0aed6e51d7804d803aab57257ff1250ae8b76bfc48a505d4600bccdd992d564b39c3519db0c7dd26f5dbabdf3c098735688aad1af8525e8a6a343835bed094708b78faa300c08600e638e6f24f4b2b78df0d747ffbb9521cc6786b9c89d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"1f3bade86f64dc0770dafd6a4900f61baf003c6dccec496856b7b08cb99db8f371f1c9606602ad397e0c757f56ec6176c04e832302fd6fbac3519af6d2cb9da5a85ee70efc19c7350145e904a7fa9d3199e1f6213999ee3bbdbcd1200b4dd4e7a8f112f3a37865e494bf8549349e9e78":"":"":"":"1a420c51052534d5d77347ed5751e44817824ed75467791c9717875dadcbceff2ffe024952958d4718b2b4028af83ecf363d57349a36476c0203fcdf4952794aa66b3692e7b0810ce060601817ad0794574b1ce12d6a7b6ec1d0b1e0acb2a6c453be81bf2d17e1fca7dc1c9ac5fe4a64069285a8cb9408051ba5ae4dc0c8897b4a216109b22ec56aace995a453f28dd7d2c38c7d44739b9f09ca0e52d62f204e7f4a09c3e231c8cdaf54f941e8d5565b25155be21cb316417a4c005f7e834d0e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"1b288c94a8aa7499850d7bf82177024f20e8ccd502b7b0f529c47185aad4eb82ca1efc0104f93cc35885e9894671b9d74fa8237f5d740fec09e90b88bc75124e564f1f198081d51c950dbef6a6ebb2b5e1aec008d8a5a4c692f6467c740f5026807bafc0710dc8e9197aee4372b429cf":"":"":"":"3daf72d94056e6c7138787004f40a4a0c81a244c8aa14c332675e977330b63315916d8fe6ba8f0aea5a22def342d4136d1d6c787b3a6c6c05a44ee1cf9b2d8911974974cbf7a14ed5b83fceb8dd8d3ed59194d3fb6cce579a97244091731a4c1ca1d6e4c9d2623a41de665ee3c8236e0da8710208cee948f248329781f40f6f4b4010508c219755b6df752b9523ed0c9644b17250bbc88b4338c688e97e952a924da894fc986f7e807fca4477be94dec993cd6910709d8032fd3a5b97612cd65"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"1e1837b46486b6e65713327240bfac6c618e817787c277b995c92dbe03b9b01de8e100b303ce5bf5048dccfce4d240878ffd5ddcb6754292291d1a79ee1e62b6da6b23d7a83d0fe9e84757dcfa51d05709d54142b42dc876506876b136b6df34b485c0c129581972bcbc674b893ad61b":"":"":"":"23c258b93d4e9943783e88b244a52cde6747d8d7ff28b77e2ddfaa2edcbb29eaf41dc75cdc2c5b581b3a59fe20e705223bdd90e786f6c6498330ec9bd7ca7303e53c0b21abef1497210f8222850ca7f01e0af4fefd36d82e711fb17f581b951e949876a5ef0a212fb73af4d32f6bf9fe8c9e60849fd2311f3b5cb8a4abe856b3dd629fbac41e6dfb502d1894088fc52832cefff807555457c03ba7b7daaf02830d9ff8c9e8ed09ddbb68d6530af0cc5ae9383acd34c89ec189f5a97abbf3ed5d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"67b2a6e09bf31ecee8fe9c719491baf3c6efc0e27519155f99c94667d727420265254ee6d34c6b9c03414452d68929812f1d23aca44adfaf6b02f519dfc3f034bc32c1b763a129a97c7258e5e77ba69d6eb459be2cc96fd6150b6040babcc406143bdc2c1862c7bf6607b4be95f3151f":"":"":"":"d0f71e56e975e443bd7364eaffa9dbfb60a82bd0ea6405de0b1301911449ae6ac0dc8792acd2b0ca3e68c2abb982362eb2a7a8f95d2960579f9932070c9cd7abd57a36759b2c6f12e20dbda8a16a17c29b70f5bb8db0efa9451d9a349b9917b7bc39af6c6be8217e0a6fb52e6a4c46dfe41e6a9cfba84335d0254cad07557fd7aa3fea185c8c88a921ea665e410067395791785ebdf1793038ceef6c590e64af00ac4ce69ac3d0b497feb93b4fee7d55cf0fa40dd49ea748b33f038b5097578c"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"379d0a38c8897a6524d6a59df4f09ba975c146be7a398c3cbde8c222fcf998102e98223b81dfca7fb5bc92b164afbaf50f58b8df04889dbd69acd59f7d5ac08f81984910ee20a4d58c51512a3ed893d7b736da894a0b52f75c5208d14f858dfd42290f4181b7aa249097b93fb2bceab8":"":"":"":"166f643609dcb8951161ca15b3660759b69da616b45761b8cfec01a8a7f51a0bb1cf256c9fabe69b29552f8e861cbb3160b905d24845d368a17ebf911a839384c3b3aa6c8dedf1fde12384ec9535ab9d008728978ca58ad88780cdc3d272d1dcf2059b9bdc0d2311812fb1b559e31f8e5a89efcb2b33c705555ee0efb23d2c4d312fe02b998eb78af85e3839963afd98c1c644ed4493c3f1af0cb210e660748cadcfc9ef85fa3b5fafe345756ca34e7b7f88d3aff8783e92da00dbead5d51f89"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"96041c211e97d480d149e75c876886a78fee171e0f395a952a0e873af4dc22b46cdb68a60dd1d5753027e544643c5764cd65e202eb821804300ea618e8ff9785f3bf2fbf1b1048cd4450399e2f642af38bce41df8fde3208055e34d356b1aa1b0180673e8507af2035f75e9fe629f979":"":"":"":"51475ffba32991781b17e38ea58b08bde40f03b64824187b9506153f41c233f34dbdc52b63cfc71b120b4fe6c2866d11e9aaf44f82deddaf998caa56a4dd58a6ea2e8f5e3c4ec7fef73e5620cb6a77313a4bc0b135c57d18085010a4a026059c2abd4b6d2048393c5400341928f5ee6c5a063d679e185eb9be2834a1009d03d298b9abb09f993a8ede54bdc4d9a95c2af5552aed9fb02cf598a18b5cfe6c811d1ca4ed764d0756fdfcb5d03aac1ed80fc86595539c105da6b66a00a91caf44fd"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"423cf6fb44605cf03e3063bceb92c156e38c5badfaac35593139df46d325242c84908baef2f824bf3ea66e74bb4127a0c5650c33f68b5d33502b1f55e06fe2c1169fb34688a09291d1e12e5390a73da125be4cf15692e3e6ad0ab6ffb22cf3f77b00333517ecb2239c9b81e59a72d087":"":"":"":"41f335cf727ffec9ebfe7cb348d11cdb4e5e49a9a047d8342a6656e5d235219a5d80715166698cc1f16e34f743811b820e6ea55c2bdd0db1b97ea2269fbf60c739feed818282f447bfe2bd0b9a7c479144f0016703aff450abbd87a50e5e5af0d2d9469175542737bd116de2a73acbb74d9f0077a227704f271fe0696f071914dcb9c0f0191fee35eb66248eb17991b538649457d5d5f9d4bb9cd81c33a14d2becce003c143c9cfe39ccac51048ef169f6a22143eca721d04f6e147749a44a75"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"0b2307c32f34d3f3c3d6887fb17ff68b01f158ef07438a41cde27d2d6725277f33f60888aa32b9b7406f78f47bd877a1795496f759d693f3f8bbd65cb5b2562c4a8d4a717b6bb8eeabc4d8f56118a97d3787d3065f1e20e6d71a1dee563fdb2d56561128fa83d8602fe0da3e89b019e1":"":"16815bf5482abc969179152f79aa34a04c28d483e6ac81aae14f7e0e051a5662":"938c363df2740ba9ccd39168f9bbcd7d421566955f141e13ed039c4d86195392":"959517e0b27d461d678ba2dd528bfb7e844f7bf14a15fb176efabb3a5200ff2b373c7c0683f095798951dc7ffd62b172ed814954c44087fc7a6695a5a275bc8aecd3a2ca8ed631a9ebf5e1d1c515542c67f31e16fd3ebc7e2333c7dffcf385f0d6ebe16b9ed42994be9f83d0cc1e2b3b5773cd2963639ac74ce64a311ac0726014bcd213818cecf5d562cd1c5e97be4028f64400cff31fcd587a004cf60f03c6f3222e4dabae5c4bdef8819670f77f9227eaf55eba5238f90c4bea4f03588b66"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"062f2aa7b48c983c1c6d00d06aa523a67d4e86e5bd266451bb286dcc5888f0f4940c3b022cc76d68e1706d62fea84d052a019b921335f69ed5dcd902632116759b68e09b531de276c9238faf3a9802806750454a5260bd808b796cb12116354b9a7ab9ce33f8dbd40ae7e74a07cfca02":"":"4a217bf136c3894ff7a3ca07eafafa286fafc8a827328b105b3a8aff28e49d14":"e433460e9414b21fc3d5e2705c08a21a36acde4458e24b78dcc51199b97c7a9a":"5c980247a1fa16ea086d54084281c5fd114777ed21478beee9edb175be7c4066b197065da5f4c15750783039eb4b5e2cd4ccdc2a45c49ce535f03a36657f218fc616b3e8ef0c84b78b0cd1c57477242bbddbbde098be573e20d6ddc76649d706e7f6c7ca3f44c845c2c9c9d316ac8b7389f7264c6f8cd6c56ca5503e5b37f52d19e8d47cc85a04a0196b9387433bca3c18dc30b47030fd297705101826840991eaf5b856a5ab75d2bbb70cb13e0dd1876802fc2bd776a518b9dcb9484c499644"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"0fc79576bdba77a815108bc9cd2d168ee30f9ab76db70600ac95fc40c1f6b724068c12b99cb4928247e64b2ea8e75c728ccb3de18adfebe24ef99e14ad54bc1b3a486891b00b1c55172d16adb00ae58c9d8ae0fa9809245a56c9118048199767d35c026e6664773562af011c2ca7025d":"":"b0c200b6f8548643529fd414c693054d4fe04d8f76c3fb8ccc6992ffc25e6b19":"b91bf188cbaf4b01350d726585c6f3601a26b3654db2e2690a14f1989f83ad85":"7c64e503eea5b3df44dc0eb986188c312a0f5fe1f113239984608a69ccadce8a7c7f3136169e075b0c61812b1e74dfe6ab2e7d6f247f73859da5a1068c92ef8e6aedd94c3904b973ab887ca3c38de70b8b312e32a702710829ddf962f0e08779ed9770975536557e3f912ef0d5c4969202af50252117eca8182c30389c9b84fda95118f8c748f0b1752c1e58b8e0af530376aa34cd874cf49628bebbd7353ab4a5f64bbc8e3537762fd5556c680290b2c523153432a2e0df1658f2a5507a30a6"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"ffde7e2726e89cce816ab3e22572fe31434f3181d0578d51161cc77305e2562b755008c7e4ccc8ec62806bdfbcd8508ae418fcb0b57a4d1007469ee3d959a07e949094b0a3e5af69aea3a90a222630978af9139027a656151225a2183b92e980fff9ba9876824bafcf18d63c916fe7ae":"":"bda1741b0b39d9248dd062870334e33cecde5c5f63a07a3030f98b021c6849fa":"1b5336fcbb0ed183e0f80cd31ede4f324997ffb842a83957f41d291612c55e8a":"61d542e4794e9bd4acefef4b325d954c8ec6a29138476ab1bb037507cf52c17edbd511579be5c232a67269ef42364cfb4e2aaefb31d9e8e260a04e51d95c2ed6c5e0f095efd92fbd36edcae4393659af6bb98b0b71b281e91e1df37c353987a6a9e259f2735fd16b8c1277df651b26ac3d9f292c9252be7fe09ab7851f515325a078cd69a7573a4810ab460c4c9e7604e54242ab956fe471e90f86613ece7372f1aa934a50dbd0457033843b887c279f14ad6b4960f401b7fb777253ca5e295f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"7946fe7ada4b545090d7647c99f71594fa094593115c23888146b27a7ccbfd77ce305c1ae4fddbb75a65dba4f0ea18897bb7e9aff3138ba030005a7d1c5802838ebb20848f8e81e7e8018cd0d0dd921243c094aa710f6b0b2ea004bd684799e3caed8c3c8944d5da995b88fa071d7526":"":"b29a506c7bc8b2282570223230664193216dd47f7d20ccdd35943a88c58c0503":"3a4c00cd2f278f0e82498d33fb6ae9e020f4d3793e832afc9864c0b7b6cda43c":"8c0667d913b13866c7eab98471109d966901fdc66fa4dff8996ce81ec5185ce374b118da34e07bd82833f20fa4e44ef159f9b0c47c046307a484b3f52822a596bcfb49b555ec8d481fb30e13dc9898f093d34cbb4d696d70161315c48def73bb1c8b4947c8ddab101d4918f5cc00b890b7450e4e10c17c46ea7f5e0a1df65a1fe74ad2577e592e7bddeadb246fa62cfa5bb8620220b18fff296a19a5a3ae6b833321ca779b7cb5b55658931610d8b7776087c41ee4d077400753681c7da5c5aa"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"5459500d5a709b88bf067b4c390837eef5ae2e5f109c110a84cf32f561d26ddc567c5f4cf0f418cbc2a56d4325b2727f875cb1ceed3167136f0d93940417f616a3843b686ab4f5dd3d808801054c510fca5ea8fa0465f9d1afd8e0c68affa10f5af61e594e66b2bdb2372caa0712bff1":"":"eaec7b75ee03cdf0508c0ca171b005077954e2cec7230b0aedfe32a15cb1c855":"cdafe409b871625ab1b06a93c4d5a1f8196777370df18643f97050d7756adecd":"486aa4063b3840f0417034c65676d20da22c510d281bbf407855cb58a87ac9b33511d692315d88d27bd5d1ad5c35ec8b99018b5ca64897aff48544a5e578124ddc00f785deb60b0a60dc4873fa9a148da4dfa1557baa3aafa22680a40f650e4992d21e35fab3be5458dae13eb2caeddd8704d662b221bda01ac6329e2c451e865af9701a7ccb69c0ed0baeb226e6fbd2b871b99420949570bf5fc61c673aacb58feabdb304f870939d705426aae55cb3a2f3206c33abd453e077c4565c603a18"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"7e74b0a5413ee2ad8de814ea1f556ca5c54c6f11159f1fbc78faa86a74c4871a11658e917fed348e779aae510d383290bc6c4f13391709f8aa9bd79f38f310e2ffbe7fb1be3e6e3aac9d879f1e5fb3eb1fe81675cbdd098cd287f66fb9b28d50e12a64b9e08f28a40ed446fc3a12585c":"":"d152b0aa1946cf177aafc7d47322f8c756831550ec79adb40f34681fd6b3840f":"152229388caf5dc50454c2514d9ff1a4b70e3d1d9b8b29a228d59ce67e8bc586":"a1e2046729e849482bd693e21779e18370a542e2fc7baedbed054476f35447e069bfda33fa2723ad425717c027e8b30d57dd2fca8cf268849358354478cd8bb42e8f9a737c2e3d5490991e4902a52e86d1bafc1751f5908a36afca2b6b4663ccc9f1aa46e857e2ee61e4dc19d154029da48d59519dde64410b1d7daeb5b7b93213cba1bb059637023f928f16e5944e0ed2ca07be3674fed6e0da72313b3cb80b7a2d6533fc8785587366ca1b6769db803d6d840c5d1b6c4589272a3fe9371b0f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"70b5cab63391c5777e4e60516b7095dea3cf26d72b27c19f5a08de6634306d992de4c3f70bf2849a4c3dbeafb163f5d50dcbbcc8e6f4bd973636da95d71d39d6ffc9e67332088bf906921b9c48a7e3de158740a9c0f29a7b69d5545e390030965e305ac1653958360d01607bcbc39fb9":"":"ab042d23accf9a9473b43e82683e30f436fa492ba4a8911e4ed2622d481e0cd1":"b707e2d5a5020d37656009713bb100c55819a98e220fbdfd921c6c0724ba7238":"f3f82b7aa0639bcabecefc7b07b3eecc9962884250fad11b9351226f138e06e3e953e052792d0127618a28aaaa1bf5374a06393c18a326f8d3471010f9840dd16ec997f53fb981aa2b689bf1cdbf265b4ab698f9e8e9c054255147e04654b8fb1d0fd3a0b64d3880ee6e9fa87e0184f6ba307f4d3fea651556e0baeeb75f308fa32925f8c55ae0f355f8db8495ec6c46003763ad4ef36590ec40239b5e8530aadaac931feefc8e392c550ad4d89f5b314a53a0633c7a93bc05b588273e6d1d56"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"c17914dd6b73d65e5af112536f52b046d4963f9c9098c77d9dfe35ca7ee6366d4c0fed576ba4cd14caa3d0c406fffad2f0748362166975f5bcb9a395d568b8dbde3383c5654bd24f26890b21ee1f1cb10f3c93cf2df64cd764187c840590a54babc9c281de88ad1a1dbc2677fa8687f9":"":"4a61ee9349d53f8b3c1af36fe0a9303ef89705fd87e06e5f34b61e1350111279":"a9ad1cad4ca7a5af4bfb83680d4b914c23a6cd551e8b002c50f30be0d8693edf":"9ab30e3729dd8b2af987dcb793d7a3e1fc4ebcfe0a4ac976d91bd3897777effb210c8076e9fd135991e54abb4bb8c7b183a80ef37077692e519d38df4a04304fd83fe1d67d32147fe0a249a6c8bc603d99878039b873588c3781a193437f098094fd8c12945ef99036442c80cd1f544725040df980c548f0a675afaf62a1b7c225c9cdf0703e613c7a5d72c8b00d8ba199b8ecb48b6e0b0d103a3b0f57ff1a4b9189a20dedeac6eb26b1f66ea0c34ddded10af2b0133f4b5b95ac2239dd94919"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"2aa5423270d0859a6e3aa3069a88f3ac4c30eda7f6e52aa891e4f995244a80d73d73f789561b00ceddf721ea59a7eda3157090ec192c578fc53d232c36453c5e8bc3c9c22f3aedb6a93f7aa63975d9bd3369cd518e570f6af0ab162e4c938d17dcd4f3ae46d7cd502ef73b2d40f50e2a":"":"32cae3ff757b79f2305a8b5f5fff5a77afb581faf5a3796c5ed7054d7c048017":"632eb6f1c827cf299f3403bf80af721fe5ff8245331f1ccfbb8f4e61ef5edadf":"1a85c36131a8c271d6c805233098bb29f9104e6254e0680c6e264a76f79ec17c7ac65c8a97610a0a7e5304b37d1ebdbe02cf9daa9e45b81d75d8c613afb974eb38dc49041eafa7462b4c272fdd3d7fd4b05b1e6142305ffd6fa634ddde90e273b51b02c0b68b823c77ddf3e93a2ab9436d0f4801f08a113eefeefefb9592683981423f83235f8e563ecdb4e44daa9afa5e1728204dde1bd254c7985e6d56897c570b0c6307fd49ae4dce18ea55eae846af2a5acaae17a71f8369b64f47b0e54d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"c69c61689d1f7763d43b22b6bc2262c377c62db60835114442fd5bd65c665705b5563b3b6e9e793d0f4128696eefc5ac603b3edb35b705ae39845cefdf8fde23f5479ae4f033442aa958e979c89bc41dde68d92f05b28c3644133d19788624bc970019a10f6b3c6c5b8dd22b0cee3e26":"":"15cd6984fab6ae7db72a4c099a064cdfbd141dce361fab0021872c91b1bb65ff":"86c295fcc7f9c2ec9fad377e0e4d0119334080f59fa68c21c19d7a1212dce03b":"97b971ec13db049ccd72bc597ebc2e33fe4da647d0f74855f242884d35dcf92d0349fdb3527c87c5431c10fa85569285096d3369bd1917c8c7c8650024acb88e5b17c42b50a75419e29757a9e1ae09053cf0b51dac437883cf3f5b1abb40a71f40d279bc9d596d0f59f4c70f81087b4446c402279f4486198ee3294d0a5f72eba7ba52cd552906371aeeedb47122bffb0d5ed27c3cbb86a6fc2d83ab4db7b6e1ee467dd1ec20dc15bcee168f2e200179714cfc04eac651a495a718e1ed985bfb"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"4dcc7427dff46b7db7e2d3273e0605ce85c460cfd4269fce9ca3b10399b99e178b12f28786b9e3df457ac0015004844d6f6bef29ea562856ee82246d24982393f770d0b65d0ffc660d9d8359f10904fd8cbb76e648df60ec43237ff7dc46bc34920bba637a2c1643a53e8a88bb7bb97b":"":"4c0ab67b952186f2f85a0dbd4b2c1b0dd009dd794260ee7f321b2d2b3d994e09":"f5be66009b79f51f6aa0cd1a5a24a72c6a6c4263263cbcf80e8e0d514a2bbb1e":"211ca57a321cae2c6d1ad755ac924c92dd09bb1c6334ecc543ba78a18608479457bebda63f707fc28190b2d56e4cfd96d8c49fd146ace867236c57761ea28326e3d241d1dc35d7ca971df9d292f2563d33c5f32abe86367cf5f2f06628376752b353f72b501ffa94a50f146b8174cb7946ab8c8be382237334f37594418850a233c536d72763f10b06f728e3e60d3b4f0377d51b0de11d110a28b6fcb7c42b77e5f6b771c8e5d713a0f6c4d82ab2311cadf16b7cb441a417b2f595f32ea822ea"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"b72f34bf8209a28168ae7692e4c7d6f19feab9346971b85fb9f377f6e4a77dfb370a10addae744ac03f2f277c85423945f486830cd410f26e22c23a136d41800850113339242e1a0550bef81a239a289a8d020c14298854f0b17abb0bc461ed6d39ab2d9cfb03b835916c2a8e93710a0":"":"e919d983beae4b687bb393d90ad4104146e86564845800ecf82085d5b269f1dc":"abc8b519db05c1de8794248c5741627cc00ee35a972ecdec045a0cc557a2d967":"9777504473adadade14eefc0279f8347bb178a36dbb5fb028f0315b4309fad4ef554bf34b04146ba4bc260a89cf78195ad1c23c6e473a14385c66ba2a1c005cdfe336999245f00ffeaa41dfa3d9e68294e5d676f01f213c6d2d8a69b43e36f2a568999c0a8c07e96d7daf90f3e2e668eb9fc8e5c812a49a39507d193eb7c95b947aafe658a1065efe9370cf81014e4ffd54efffe5f863e6e4b7d875565617d8b72854ecf09263c55d1c3f1a4f4862214fafe7f03da5572095a7befcfd8e6ee63"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"35d5a6cae5aefdbc62f1efb638c15dda387a8f651810bf068a8d92601fd37e0efffd95196c09c668ddb05eef3de339222a0bd0d3b721a27e2f29be84a846c3964eb9a84cf69b214f612df3b414729df499da4d3ad8bf3613bdad3a70c73cae80556c16f8ab83adf0f2bc9391094bfd98":"":"cd603812a8444925993f2c1a0691bb4459faedd872f43852f9970675f579a1eb":"1441b6d4876b050fa4d969f1845d3f119cf5d8720c35da9c489000e6b7165db4":"259828d05b8e735fad69527cd2322f94e8e7ac2791607ccf2a74d070bf7d5574ffd8d6e447cb4e02bb15a87aa88d8f1667edc0905455b116ef7f08ce727d8f266965242e0042810f946e52acca6348d70e012d998322a18a2f3b4c4c6d6b66cfe65385312344e3eed14c6e7277eac9a4d09ddc5dcf8fcce6f79a23d34c80cb78aaaf1347ecce8c13efd450d59506513e62f527179b95b9b5d9df821c32538f8e1ccb17e911826e944ec44943ad8e726d54fa98ebc4d012d34a23771ba497ca2e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"66abf17d907a134232faaff93bfe361223b5b773980cc261fd19caaca022fd0a081c11efee01fb1f7abd0145b32a51b3237d6ace877ca6392bcae2fd2aa5b865aabfb1d1d1da33f42319a088c8dbed1124a71d39e627d5efaa1e8f3e5f70114bb03b71ce54e4f8d34e838106b2467cca":"":"1e51f2b67538f84440912c6fa20fbf009100fc3008b5b8e1308d95e7ca53b460":"301f91c659f73b618cb46a4343772f1eee9fb4949ec6328109823749bd8b0b11":"34c532082926e6d530b3a58282eb4666ac7374e8befaa4999dfc9f409e40ff966652295d2940db97061800583bc7d47b053553ad29c89ee61803c1089d30592270d2927031353592d4aa71f59a4bf3f2147cb406322367544c38fa5a3c8ccb534bd884355b06145db62161260162091c795874a2e99e01292a2e39e107738818a211750f858edbe0c2ea4734ad14f1c45bcc9f733f027616926558587f7332be55044dfd6fcdb628ff7d7d581820a217bc64aa092e450722686e0cb291eca45b"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"37dc21c72dc7c82d5e13c51ecaf5a8ae06402500d92caf96c0555a95069f4f0144a961ead5d6d9bc317afc8206202bddd57fc02a2a500df1fb5c4d9d8837b52a5220fdf068fe2b8b4bcc63fbc9bfc94c8e21d987e8b6cb0f4cd37b144c668f18b7a36ed4e9758ee7b96029aa0ab2196a":"41e3b89347bd035bde510ab8ff83d5fdcc9d5f2de648bdb468a714f2c1083c52":"":"":"a929ee23c5832e5ab93ccaa40bf775593d7d04a1a8411dfa07b4c8a2da2dc91b1bcb9c27a0ba5a7152ce5ded5f76cf6b83c04c0f8a4f6b43383ae3e7d497280c0f944be91b0bca6a56df2d00641bfc1ec549b538898e559407b076164278c0eb7afb6d6f4495a50d4da178c04b259d21bb745692d3bd186edf5bb3da6f66b4418fc3d9b085b0a6c1a5e54696272c305c4b8887595b391dd6ed8da03dc9fdb2728d8c40a2defd8af05ef1c443a72323f2e0b0d268109fb7e7ee70192fa06bc6c2"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"0dcbeb660cff703e059913eebff4f639a24b611a078bae8f01320ea4af5e8e0ed93b8dc4e84d224036b5da645c147359c6123c54cc2367262a7594bc9a7dc69f76549ab803af66de8f253d338d48ab827b2b1918d636d6ec92bfd9123f1f5fb59b6c37eadca0ca7792e2b7932e1ddc33":"1debeed9ba5790437a6c56dd3c9e2f6df0912aa0ce2e57fa8eec9652e2eccfc1":"":"":"5bd815b3c3bb73a45dba72c68457ccc17212af905607d827e8b5ddbffa34a058ec360abbeb6c8ba16c770ae4826135ac7e4faf208da8b5fe3b26c16fa7c7ef4000c3dfe1b8b707dde64b415c671c4615d56e2648908e047ac978a389e346cebe9228daa7bcdf5e341f72c3c7ff74672edd60c7c6341726450ffbf9e3e7a16580e7e602f9ddd3f3556129052de05991907d81a87467ff5842c6e5dcff4543e24ee48149f16e9107a9aa40cbce367d4b76042d77ef1790b0a7701b2f04873d245f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"d9bd99128fe2771918afc6db6b2514eea0b617d9bd4599a238d9d99a7ce18995e8d85542f3f9dd89920b0f79b94d7f551fef4a330e9de24eb197bc75677bc13d8361104997af99ea2c6da03f4e71c89e03191bc5e320f057afee98e98facb99d15142c61ddd71666cdc38146fbc3ea4d":"eb701a9d119cc6dc0d735254067dfe161b1052ba3f93ab0d6bcc19cc0387027a":"":"":"67b86213a84778a9a38eb9913b9db8508b53ac0a81ff85dc78c966d638255f8f7c63ce06d4a66f5d9213ec2b32f7e63ce5dcf01b59d3b30433f0cf4c06c171d839953de913093ec845670b38ecacd81162dd73501b2e4c2d9dc69b97d49bd6d9f6250070ef6b360305fcc5ff392d1adad98d6bfda67d10b725c7cc8ef6b4fc206fde1871712b96dcbc2df4f08d79f1adf7fbb01bfd8f20e76956ed4b9dd1d7e5fb4f922ad2a529bd871490e741843d839e876c4b475e2fa140f28ac8d347a07b"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"0de3fed3b363d20ec5018d4aeafb25c8e0e6aa42ee8b56843043f8d9c40b9bdc8ed427d29c469d8976a5b785d050f3d2e5eb287a064c54311bab32dcd5f240682babef59c6ffa602669f3ce4590b054e2550444f249b56666b7b2fbec29b33d1b29ee653e388f9fb54b00635ff526dd9":"82b6a44b0f35f946fa0fd4628738e61a0bdd421a8de73f3d2efa25216c789080":"":"":"1f7b951d147ddbf21fef9d4849044c44b757309da8f0244f71e4d8301e1fd50c5e46407f5bcbed83eaefdf8983c330dd0a67568e866b20b48c2bc97dc63a7c0d3eb60f2488b1eefdfaa7b8dd43132511b4a2ca80bc9e82851584ec4ae463444aadd3c8e6db2d4469ad9750e18a31337613975b3fa0629b9a22bccb235d20157a4427acd619324e881e68f5615c65e59a566a73e4ce9d484fc5b0b29137c4f339be84781cad67d17de03099b1d03ac45106c1f2eb5b380ec84392b7ba5c91df4c"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"abdc2ac24ba7d92ed9f518d9576510969f8d22074bed9b7639299d2137532c50faa49b5e843f417693a2eebd0ffd3f27c0ad2d8bbfdb912ed4d1ec85165d4ae577a92b1affab63070e25dca8bb1b035c8bbc5d3a07b4fe094690e4a45b99f9e5bb6b0bfe823f3c2a148732fd43db5e5d":"8c7b18ce389664fb72e777e70b533ced4c04b0c290fdd45b86b6b95708d74187":"":"":"c3d1420055f71a43264ab8da92829fa1b8937346375349d2e256705d933a21352ddb4eeceb36cdeab38cae58da81bcbe6deafeca5d7f018a0514bbc285f436b574ffac2547d26a3f9aef21b66c1e70b45d372e4dc2281182ae94667e442f39e1b9b2fc2aee06ab306095a904614613b513cf1af5a9df12b996cbe88cc3b25401790034ad0622df43af4cdbf9cb681538c79189a8260cf9c35378955f2ea859faa78773854883cd94bde4c0f50d4c998c278e47787e3f74f3dbb98f710366d315"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"d20353e175f4ebd0ef5fe77f7f6fbf5340ba07934828dd296c041a63de841002db0d21ecbfd5eda2bce80bed6f73c23d3f18900bcc02791ba9cae668fc33fc60ba84c6eb40afbbfff18be5c4960ce57ad67dfc8c1eabe61a299881c0f326f7093c1a232c80467772e707dbe75b5558d4":"f38f23461c471181a4179323aed247299df11ce145fbab9834b85b3cb42a10f5":"":"":"76a4994edba3d0d9ffee9ccb7e12a75e79c5ec1213f45ca4c50ad629ac533e5e6dbf58f8fac193755e74f9e7a75eedf89472e91d394e32eaed86efa4fb2f9e7fe4bec1d9c7a30fe9bd17c2cda73d136e752a9b818cee6f1262028031bc09cb81b89156138b571f03afa69dd388a807a8cbe9c4de66cad764114f9a4a6419ea70ccbbbff9dd774aea8a2d6b1d20d0a577c59953661f0a87b4d795c2626a025d733f43bb5cd1df37f5cf542c7c8b6bda061cf4693e0384060e63090415d7470cb0"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"a58ca5154659ba58fc1b468c909c667e1b5087884c01ab15f86fb5a431e982c1c041be0aa014fb310019fff65f40ff13d4469b123223ae44f4f4ac0fb6877a7890f969d39047e39ab23882cd7838e16e64bc361fe18136471dea2e71a86ef2d9f8f7e1d24643d7df292409ff8cba0f13":"dc05980e40f07a02fdb150af580a7d195ba26f4fa72a1fe513ccc2cf6e4f699f":"":"":"6ad4543c218cb6aafe65e6a50c4f9ee9d5c7a3b9a0112bce262f49f5b0d20dab7225fd0acffa25165729d8fbba038eb65f7e72f136e5bb82e8d94698dd9b763c38f3041ccece3b04189aaabed79e4d4213e24218c5fccf5f9a0c3902875564431f4d670e6e60e1dbabcc4642c3ef895c115e28702927cb98d509f9341ac7ae2c6ef6c2dc4537e909c81a9804057b6e24fa63ec5edce835e624969a969e2c47c6dcb7e9bcb2bb8f344d2b9855a43e26c0606466887b28b67ffd7f99d374812d11"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"9d6e99a11d63cab5aabb1462abef66bef31a2886cd172651bbf30f65b16fb8f3b93b5042a908510d8518330538a06253959da557d2b390c6fe0b7ac6b18591e5791d275c7e3d558690719d5967d026a80604a389946e2a55486b5c49c2984990a2e14824aa2922e6a59892c5e6d969fb":"af631e7990394889b84d851920ce8877934e706b780908a07211d45b247584a6":"":"":"9f33ba9083c7f4088c9505622cd5b4937b7189b0cbcdcf352c54ef72057594b8568cd4b13a4bfeb61261d27f5febbf2cbbf902a8d55f6bdf669238ae84b8abc58826841f7f62a0c5bd9f74125cecbf8e3b4c1ec88663114e7c248c41cce92e73b05eb3f826100c1b2683cbba985d2ab694b5de1ed8624628917ec9bb97733f337298c0459f198c7a138f1670dfac0d58f287b8244f0605f97406ef528099aa2ef290db202baa7fb221a8523344ad836c9a2bb25e1ff3fb4dc20f69ebc9f0fdd9"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"df7c57519ae3914c75174b3107b7ddab95df936c5cd7c296b1cb1ea06249915cda22bac19ccf2d522137989d5a42549809277ba155d04b3353520f4b5c2f18120bb4b8442130db58e9d46a1a41f5627c40a6b65a4f9075460b7053202a6e5b12b9e07ae6ee9b4945d4235d0b736e88f2":"10a198b05830cff2fb4f5b0317c258129396edb943769292753095b58bc8fece":"":"":"17b9fc6419c17534ee16aacf32550cbf58ea1f073b8e72fb9ae6e94094e797f216703da428394a1da8236f725b191cbec11531a1f87946c70fb1440a55be7d7d18c9b5085d626dd0cd9b3bd63a9014e5d14eef636beb694dfa7f781e83f3c1b4fe5519ab1a505d1be5b812514f3a39814601db104afe5726086f6bacb61c00ab8210239b2891938e97fc53de069f18a6469999727a904403bc53c6c73c7b3a5f9f37f380563f1281cdaa1b4bb4a636f849717c307848748172ae0191997abda8"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"2e403c307a03d766b61001842f85caf91a5eec97a49934547b2ce63411916495f3e102d333269e04381bbf140a28a2d61fa6a5f2286079619f4f4fafeb5c520c602d0ac3190fd500a3402e7c0647ac76c901e7c58e012cd6b9e83d2a969f0d0ae4e08ed5cb601fc72596a72b4854f246":"ff1d9eed8cf59f5708e41924cf13fd5d30ccb7dedce3062dfbb2c4bb4d36b65b":"":"":"e5e20f2cb063c1587583a381536aecbf0b0cb4400c99a74bbb6aa15f338b3e67187316865cf90e691d99466e34bd6612985575122c6c79848d4e2f26801d98e49c002f4063019394f4b3eee908f2d6b56749c260e56ece4e0431650a8bd9735879ee6c9bfaa5d44c07e7ff6978883c36597c31126386dafbbe035579819068bb060348629f74420bd411f2dc858d46dff0bb4f79946af96046da2c2cb32e0aaded4eb1ebc8748f277317f9ffb9aadac1bf5e6654ae7131d5ee0c765ff3d49d9e"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"4b1240cedb84ee3f395317e177efcf03b0fb57be1e01e3c206170877a06ec2cc077e9751b4eec964a4422d010ef1487456fc16b3e6e7ccb8a06230144535274215f00afe175d394cb04518b630ba7255ada0c6676885801a8f503c55c38850de6f7904b40cf03fa195cd16ea2999347c":"9043ef3c775f32dce1902b9efdc481f61f29220eca53bb904155f2aacc3b3706":"":"":"4facd2fff1828b9f4a63f639503cf6533a4d242f316ef7168fba44b52b876056bb0fd040d5e331d2746169cdc88ccef74dcf6c642c1d1a0db4130f8be9ff88555de4c2a7a5824f005cccdfa6074df3385672eca57a45679d69dfec232cc8b1bca87f6f9c6cac2f630498d52449a5d1b328a6d2ac1a9054a0658be589bc277b7750ab5d647a73a15a059d72608f9d299d11f9fb417a37ddc1b52c8b8859c2949e5ebae650b9cf8b4fd771288e582dee38178b154e681eaf74d4d3f35daf00a309"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"c2027d8c084e2c6fc5d535726312bc6362372872cd37bf07cc1c3870f3b59a970c62b84a10d1498b2e02027d854fd84dd615e29e7c204579968569386b6f08393322c4fb36da4398ec4881ca9c17905b7b2fa28722c98d404e93fbaadb165411d41256a0dfc806a19df0f526571c80f0":"8c5c93583dbba016531aecc1da7b010b9559785b2e8cf660ce17022f8d86be78":"":"":"54074cf184040f57716e9eef80ed0e006cd029b99ca568fd7639c4c1b0f7431933516830f5f87b157fdbbb2af7ab57f6faa26323f096c8e86136e49d833665a6cb3a22f7d5d38290c2e9a23c62dea6c51b958460b263566c5c0e4be9adcb1c123b55879f405f11b3c34c24852d33c64d6563ee46cad14ce08d5919ddbffdfaad0bef8d8ed9974f1d95917e2b108d9519b13c4f6929429d2dc44ecace7799839ffcae035904b576e71e92b0a89f39e3b3444b75ee0705419c3b3533c793605eb6"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"02ef640b9f087fa48457918d7bd6e910d7379bdd89e1549118ec67880dc3c4be3ad95397b8fc88bfced5aa76941716bf4c26696e9540d759c8c6b8603d5c40df267056c79bd8a3497b77052e498953493eb853b56c41f3286c09f1ec88637f95a1cb7e6e0efd3acb8a8fa4de63d10727":"38e664b930fb072112e6d47bfc5538b0d48672a12769f3eb860243bbc1c5db75":"":"":"c399e8c39ab174fa8cabb7e73845d8d434dcebc21062edc69d02928b0de4471517496365bbd59062a43408215f5b0f35971f4c48077623860206e0e6af8de751e6fe45eb6648a66e8ac5e603043c5365be3015af858fa2709c6c7b1cd22701dbbf4ef27fa45e6d7f9df4e8a558517a38e26bdd82960db9a92a0deee98657ab514913f134cb9362756a78ae4afed3a6c89e86341a8fb20b5cdfcd56933363f83e8c55c69adbf8e8d7199bc4f93b72ae1c4d0939b564d98e7f052c66e1e0988ca5"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"2f280ffe3306764839899faa89213139a40462039f4d9c55feaef6728c24cc636819357f6ea65badc8e493b99d5af1d995d14d81e39802711977d0a1c5783bfe3c290bc469bb9af520b0faa06f230fe6c4ba3804e39e3226f0731f09579e105d726b089d1c37c72e3faeb33768d3f20e":"e3d99860e8b1e9297c60b17904be8525be831d71dbd3f454f085d1758ebe7160":"":"":"45400ec700a4cf8309fbea94aa4fcbdd22c859e0f7defa746085a2f4ddb9db16efbb0c2fff798c99ff4e9e11986f4c330f3658e34a146f8d9071467228e3b0ea486cfbc81da3e739a301fe51b620d7d27fe9da0e4b875efe3c2bd0fde31f608015ad71cac9c95bce33e516c62fc45a9fc85a78c142416d7fbff3a83602dcce3add6301ca6b9be565e3cf06ad6f22855d57d9c184ed7214adc1bb014a1b6dafb86989283fa3a4be10c410442d761c98d2d3f94bb0d97ba1d5c8966eb47b0fe6ec"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"8f3ddc4230f8320bd18cf078c04c62e248fcc326980301174617a9e54351c667ba4c31a4c0e7dbd7336c27c0b8a034f6fd947b0a21e580e6c2dbfbd44d01f5fb4a51dcd2199df9f1803f24c5e774f048815302e016aad33254d308c5457f368965c15b6204e191c2a252e4fe88dfb978":"9bfe9bc055b3215560cd285553372c47cca422fca574c0d22d7ce5f2dd40b084":"":"":"34f550231d31c1b3a3db331d341ada3b987120d94e431831eea67e8d208f9cf1800549d445fc7befbdcc2488cc7f4340560d574fcd2396e9ecc9a232f1015cfb26db451623fe47ec8bacee1756573e74e519adc62b23ce86fc191ea5e13da9c7a14496426c6c53dfa7c7ccdb67d6164dbe88cbbe7f48d4971993003ab24f3eff18bd52c2661992e8f8da93bfdd28f01fc32edb439ad130352463084041e9871c431ba26c676ecd7812991833113cbbe687651e93aeb22a6a44cffc7a3fb214b2"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"8b285ce6b4da70c83fd72aab1b4be62101bf9b29e168726ea2f670aab0deaefc5da3404c494c6019ea33679e37cec308dab13e0cb060f66c1c83fc6fba46477d1a3c802edd7594db0b297dedb9ccbc800c817f05658fb9b4c99938ae2140160c4a16d548634a353bc285cb38d0e93243":"723c0f287db4af285c195cebb1104a106f22e8b243fdcd0566228ab5f227a9e3":"881a1874c800db068b5913d195058d0726458de3782ff530af1a761f9628547f":"0c27cf271bd7931d187ec6f56038519674468fa2e7e6f994904c9f1afa346939":"51e042dd56a193908c9018c25f1c1a8b5e2734b055c3b7fde6a8ba9ec2b959349df29295abb0a24b4715f98d31de0a369e6262c2b2cd49c5462b7ae284e921f5ad2ec013edc1611343c228683f4170f34a75854b1b656d226e294172d488c10a415f09dee70984b9c49e8d36863192301d1762145e0d9e94e99bd30ce8490438ed050f418cf4ba0b07fe90a82d1ccf38578d99edf0518c4a758a199db4d3533c4dbc55b1da19840b8f365a574aa01647819032dc0ad641388c2093ebd4ab5d99"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"5b5c670d3e0e97a21cfd5bc3d038f0c3d2578cf3147f5545e5118a04c4eac727b50734939e2fd0aba704932ccaac42af316525e3fc5f1dd224131d65f8d44ff8420891c0af7c78f9cf766097fbf0f8bfdd131db1801275c28081e6063c0c4d6242f96e40fc513608289f378bc4f18518":"4cb0e590a1d575b6a2df9cb0243895263c894a990b6798424bea9ef199761d08":"feabcecf0648665b08a7c690add6ff75744de3916d5573145c35517808605beb":"fe81cf8978798311ee6d1c5d6145b3832d9ad1a1266fdac0f4fa230c631e9ba0":"62aa5e9b8a07bed2a5d3eef0c73bbc841bb8cbf544d32a2889806ba501c6768aca98c19b83fd4fb2cabf120c05716b9eac9b77d561ffdd69682308f80fcf1c78409f3b21749bf71abdb209660716a39c2562e8ae1b3478828bf35ec9d3f9712d95f49a36b9eaddaf1b249f023c36d09ff1b6f3df6d10e4e336763edef9501827d5171c507eec405bae52d56fd62f90f5c58a2f1a7310530df15ca6b7841a2871a37cae583e6b388978c118b9600840f5540af529bce0a24da8f906f601fc270f"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"64cf47e52f758df802c2b37a4841c73a3228738d14b439a7d02b13fa3024715c744721e49f25a0e73e821f69786fe2d91ec1cce1d1cbf2dcbe5bdd2371c0a5df050841b6f07b1a2c0d064bc5e06ecf2ff9904928febe0bfaf3626df5bfb79fee1474cc8dfc3ae268570df2811bc3ba3b":"c3f0b0471d5273f40e74ccd71712071fa411b72b0f5a98c9eea9a5f7f176967e":"4df90039bbb54d8753b19ccb6250ffceb7279c05f6d69b5c47801c6fdeb1ddf8":"181d12bb126ea840bbf9e6ff5e68f8ef53f69071d223bff593a63e4e0c65ee1b":"8cec490ebe0b4837f040663de29e2c6dc801d7953cb2416d245ef66173e5d7baafbb77fd2c5ce69b4b8995bfe51f5f33cfffd9e9b1284fb8657bb7a3c26f5aac500cc7d3737fc81418c94d3db1a63f4922ca49803c04fdbc9488e21d9c4bc381c48bd9f7e5cd1ed6c6fa9e889e463dfc3a313812245a66be220266707a5358e25807ccb11f24780e5ef82c84a8803f72dbd21f55d96362d7cd8abbfd9d21f4e3dfac33326a4e538476508afd87e030d92328a91c91ffb16b054740dc3d0a2130"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"690a8be904c75e41342c8e2548abde2e465612a632710179ccb9c1dab76c4615bdaeda1587772638a61747738b96cfc94879325d2cf1cc0269d877eab8aa233ba8d7f1ff44e9118a128bcd8cc687eef58940343d27ba1d800aed9e2e911a8c83b8460f9d72c7b92852cc178d3d0baf6a":"5dd031fb2df56c510b3cc3c02fdcf6cf3ffa4a881e7475a8631073b3ed5e3c62":"a0a861238b2b9ea03582eb4703bc33921b5376c27004710d416ff921d6e6fc60":"3cef66f75aa682ad5430bdf0f01dd1f2c3492fcacc6f80ab351cfacc1c6b6ce0":"92b337a3364059acfcaef789ac1ae09c9ed05fdf69f5d5da7a1c9b6962d3a3c71a4041dc234f7be58fdbb728f8f5fb10404558f21d9b4c818fcadf5d6bac8bcb044e5b2fbd26ee08398dc8904c271e8d3d184bbf61f77c62fd3c8f1cc1ee2f8c4620c513f3abf5e312b431e8608b29cdf528d892ff03bc0a9cbd202b9da1d052ae2bc2dd8723198a1b3017ade2803c3dc8733ac33ddbdcef7a9948d64f72da0716b32dc6eea224bd49a7349a1c32e8e325ac11e5fad8353cf85d9eb4b72b1954"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"0eba7b06309f0dc4e2bfabea57e1d01a5a3e711398320925647008abf19cae194efbff93968c0a7d1c7623ee1e3987cd95c3dbd1b2ba94d0b2d416fe2f2f6faeab46646a378e931bb5daac049333129ce7e20e53117a0f68baf4c86a3ee5e787b02b53b1e0140430e77ca86f242d7f90":"69adc69e03cd113c34ae6b89c7c2fcfbe987e426da865f7c8e052da4bade343a":"729489cc7ba4f3f96f77ff365fd5380cd83cc7b17b150d327c5b7632f1cb0460":"59892fcf99ce719819774539ed4f10edb7cd35cd66969137a88ebe6336da90f9":"565e3e392a9f364df0b575d9444aac262f58ce12312d5ac9832ae6351b6aae0398e0bedd3074f57bd4e9f0e89a50d627ecfe11fe9aea09fce563eb34efd27610a3255f81f953bb3f222b15c019b9d812150f7a1f19126994c505d9ce5c948882a1f6c5cdbc7050461ccdbbb7aae597dab53a12ea6bfaa4d4710188d690fb0a0a34df7fb6bba949fd6a8565fded8e4832ff7f6b08a653a72b8b88782b8d77c1f217e8487163fdbddcc88a83d8bdad479ca75fdbcaf02250db39528456942119f1"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"9dea5f271193aef61bd72c76a581d65eadc8002b258a4d548c7ad1cb587a5f681e9709eab5e146833b01a79a34c352aa642a7a376595347c0203a8a0456af4e9859aea62c887166b3483e0c7acdd5b99a1b1a466dc0709cc6ba133abe29ecf3f3150d664d04baef8854fd86a5d8cab19":"895e5039eeb3ea1d197614a683c84d7780ac8724192bd6c35fe81137bc23e4bd":"9e8669a67bf80c695889a7e875a9ad1954b91e4bddd0848313b4efb4b00b14fc":"2e93a8b96ae1966e2a052db0d5c2d5b76cd7cd23494bb1170a33a9ddf39b21ce":"71a0ea8b9884e979f4ed546cee3688ebc399b41be38578f15b99d9621de0da3e671182f6da612334edb8d3a6d5e34c2872e277942854350526c3e000834bbe18cd5f2f336bcfabb42c4aaeb19b8cefa3f7066a89593960fabba244812d15c5fa7a7281067c789745127ee2b63b14237136c54864bf86ab7c377414a7933b829fc3052e8c26c698459a83b1990c093305372aa608c967bfda719e98c4c177764b72d184586f7b63a8e75f78c9e5e1dc045c3eb5b30c7147c69100c2cf910d4f3a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"2b4c85aac528f5cf44e9018795a1e8f810220ce318aa174bed9db372602c00f68ac33625739f299241d1a8381372537bac392411a1d6849aa6610a177743afdf45cc524838fadf1b5feaaa9983ca79a4508b5e4a275514ef4c04c233c3dbbca32a00d0a1628323b91dacbe499c1ba928":"799a4b3c9f62c2f6aa9e91604e742dd06ff9f77b15d3799684e1dfcf029d807b":"1d15f59cb3e102d5ff47ad4c0aae13631ec4d300de4247137aec5b43e5aa4f79":"f43801851946f97208909f1ad0f79d6577eeda70067886b270f55d626d966fbe":"f05e50192528ba1185cb964324141c1d195f6e26c42164052a7b7244797c3084d48bc5e6e1a27e64562cf2fa36b4de30132a082de2f927059731d084e2042eb7720932ae8e1741f05f4c75079586924cc43a6cf3f5525e037b089674121c2741f836372f219a33bfcd910884abb166eeeed1840672663e0455b18bc7c9fcf20967b25dd77eb37e00d8fc40b0788c08280b0bd8878c504d982db4d3d2476f5fe6785b1959d1bfa2762c00efe436cd217b6d01adbf7da08d23254f1be1991d200a"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"a716af9e058eedbe937ef79ee21cbaf4ac1ed0e2f4863eef4ca1e3e972f33326eb6ecfa7bc9bacd3d90215a3db843b24343edf7ada9e440a206df7f38f8cbd1d38159b8511f2a93d1f0b5ace8a89c0d823fe001656c3dde659874df88dd60056ced293cc49d64a71ee6b23199c9b20e6":"648aa30cb2687d857d309f702f6dae1f30edc824493d6e83a9e26d94f28948a2":"39c5a6514f3d399ac41b2640fd619312332fe053abf1b2a19472a58c28345347":"c912a1bb84f7aeeef79d73347097e09f6b8fb7ec593176cebbbb56af866bc309":"5387674cec52da2a9743b2556fa9874c0866e579079954cb357f17fc069c2e345c1ca80081040d620fba150c22eb1b8b2c7df082f637855c396ad6417fd383f8e93b7bd91693408e951b7572269c0ae65be8bcc9844f9fd8401e68f6fafdce195162154b34fdd5db8559dc11cfd3cbd3d391a45065761372f60c5182fe4cc162304061f86e666326c3332010fd388626cfa9ce1252982cae7b6eb1b8208c79b7b689aae9084fd180d00962fa4eea79f612ab7ec5fb51394f6f498528ad5860e7"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"af405b42f8a67c349bc10d4d0b97f56cce433e1d34cebcc75c2850010d20cf74f61b23e1d2f964ad6c9a8d65c9f87749da279902d5c30fb67207d72be55451337f34aaa8e598b9ef55fd36224ebee4b5524a93f1513fc21fa984f0a76c2bcc98ddf39823d0a87d501b3515e3ee9fd4d6":"1cbd963d49b2553a9711687bc50743d820588049cf097c100739f857b3928fc0":"e0d336ea552a6dbc132f194ac9ab80a34a54f4d331a55a070dde6601d6d9084e":"91e882daaa304874fb0c063718984ac53e1f0716ca8c9210bdcdddc142c84082":"0acb19f2a65bf0e1d9f9561d8731fe0f0c178443f00faf427973ad45f2df4f4d21a4fdecdf96c34be28e389d8caed96b515ecb215ca915b38c715015e1b07949263fb65517ea4bcae361d76c418cd2c58d29010ea79b9420d1cedf937d3aaae7e29c2170ba88c8328664d884ace90e88c66200033d19ffd52f668b00b0df088b7942377c1aec37b3c304521c394ec749efbb252669e0c0415b8b04b995fc224903b0843fbaf0be1ce804c9f14a5e97afa70d0fca9cb708ad20388730aa9de020"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #9
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"e9ecd00efafeba4fa9cbab22b1b5288c98a36ff1d6856592a288325968c31d7d88fd2be5c82d79413b33c1dbe972859822ca2c8a92e7812479c14fa292a627a8909c3a953a2758d42f22a18682ffa219aa9908e06f521be8fb59ad58e5651aa9d6b95983e23e54cd57dfc82b2077bf96":"adf1f50a295d88f68e8c07a180897d8e7b49f7cc6cb78a3b25ee10b0583a0f0b":"82de6a73568ade5e5b0d8ae37c40ff25e858a7055346020c5e47feddfef75680":"cd0e15d764d2355ac9f1cbd5ea519ed1756a3bfaa55e3783b738c03bdb42e371":"1e592e5003fc0f3f81a7aef2272527980cc5a9ac7286a621513b9c7ce2ea94fbfa255ef2654d673bb8cd13f3a033a7701304acbbe8d19b82a61d2e77e7251f98b0e28e1a694f9cba2c86c7c8cb20d9c2986e52052f701596e3c837af95b166cd227f2fc00edd3ea62b57f60262712b2f71479569c119cbce9d771f8a2cfdf832aa8d70e0a912978fb2bb33b27a185fb3a4caa3a18913aeab095ac088d14381802117af0cc1d97c06fe9730bebbff0adf2ffac5995d299e4defb0722bd93f0799"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #10
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"898a6c47a5cff500ea0f5b18b5f0b4bcf7e75d6d7c92025f9920c666dbc1c5ffc48972e1d519428f8d61dfb5e300b48f2660ff53e1ffaa3950cffc50e17a874182236fbb555d35ced33302ef87b84c0ad31e87441ae365350452a39470567bc009871a3c9785bda4569af33d03d46f08":"9e16568a225b80e9011571f3b55102cf6362e26b8a60fd33680d4e6625738e5f":"b1c65d6e51ba043f63b4251ed58e9a8eebfc289f6285705f8ef44c202c9b4a22":"245ee741a2041eda22ce7053f8576c0a43eae868fd95ad7d58bb921c155b1b53":"b076210688b06ab6b57edf68126dcdfce82b6f9285ddec102ed60730aa7530863076186a3f7affbdd4ef081b7f5a32fb461bc5755ab4f860012631b74ae357fbc3cbd64f0eef8789c6c9dca894a41a005d272b4a57e761f91d221636d0ec7a49f10bb1b4264938604ff4dc7bc97eb799cea9e3e1d7a9b4bd66d88d244e22120bb311f502e66e60c5c9e42731ad320b23d6b06ae92a132b093ad924a1a7e08b5dccdc50e257bfdb63bf5705350588f61e93e4fc5042a2cad1bd6d9fbc82e875cf"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #11
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"8e92836dc5e4bbf9598803efb0d3871e5418cf18f379479bbcbd9262558af6cb6d97e73decb8781c30f69b61c1f5c91a5ea1f10fb1eef74b480e583710d9a6a2e57f8cfc9d0215fa73d1ce9c1562f3cc34be187940cd317b69139ab9aa58d064b6bca59ee6460c3db4e8b57fab0186f1":"6d9afc769985218745235e5af280eb45cec81a2e920c284ed5c77105489e8f4b":"711672f2ca12e7d8f32445a87163bc00f5d0f52c2f6799ba513b68c07c350de5":"426aeab2cfa56cd3146c0eb9facfbc048a504eec3273256b5e4db3d66c89560f":"56325373099fc1dd194555c3a1e69358fc7f80fe6610412cb31c14cdc70c73a74d040746c6cf388fb9718e7446888c6162de73ac097c32f8b4b00dd7f115fed1821d3786baaa1f64885cb93c75531e99171f98d3c3576337c1c41c5bfe83f94cef2adebc88c0790398d4c071488699edd599797c1f8f394b3e00e66bc4b68a7cacd209695961713c3bf2c9a5c8589d935e171f775f366217e2634ddf0db5f01ab31760ebd9ed9724292bec89db06d0145fb824a76292a35f39b01a06c43510a6"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #12
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"a4f1fd83e53a406163862260fb9e2ec64d4af74f5fa41ff56c07c791b6bb6abbdb203670b1849afbf0931206ad6393798ff06fba8dca3318c29d9161c0ec18ec5d7d66847b1a618bb0e4f69fa1331fd1db5d5fffdeec5a2e045c588dc95a5d5eac6d35502ebe2e6a57318f15af53e001":"39dd79397f91a97432e5124e7b9b85928f62c598ecd19626070a81a5a8ed564a":"985724541d44c8b865672759c8d36ded75c2189c2281731888a741b305eb4161":"e2dae75950e417c18f1c3e5fbd66b1cc9fa617aa695c9d03d8768b9e197fea80":"703ab1f6a5332f01fa788cf73922a9f6cf856319772eeab07b4795702562cde350a8cf9395976fd227b08134feb469ca34f675c9b6f176ad684a5b0d02b4c135a7174bf0604a1546e7d8d978ecfd8cb6ae5efce3b228dc95cb413b010732c3e7f9ef8e547a93540e5e4aaaa3b0e5a8f45b83bb11209a03883c54f41e494fcbc66c2d57c01002137567ea2f99f7a1ed6c4c6080bdaa299d18f57bb3b386278a78b2ef23a03043e850bd9fd742527c45308e5b910fc586f9f21de7022d02b1493b"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #13
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"f331ebcdbc0d2dfbf54758680dd49dd0bd666d0505ef6ba1c4bbfb7dee62edc34ea9063632c8e6719bbe140c3c840aabd66e7702c384700921dc1838c6c5a832c650a474e74270c378abff021d60d1a1884939bbdc51c547c72c929c0c73ca7f78668d33fba197642be8ac2d41cefde4":"ec299e456cd1985a3f1022d5c05f0ef9040cc8b8297ba5e404d92a6d36c3578f":"954f464877f7258f99acbfb9adfe4eedc89da71ca82e3581fb5bad127b2069e7":"515f9e746c7407196610bbae963b9bc15b1658972a30e62be6f78caee1287e88":"5aa30a796d46e789c498352ade179f0cd3336418fbeafae0d10fbf7798917672288b3b2a12267fc0435d88b4e99809c1e3067f0d65c910b12a330334b6a23d6d30910d301438c2c999353e1f78019ba7b20eaf68b499ff1e88db0431312a66f35305c4f3c3a2750c95bbc07ccbdf1e4d123eec378b9be8894b597bcc029c664e59e2b3c23fd72841af0ddc9374ecef21885a0b54d13186dc0a66ed3c3caca9e41753813ae61015a952142bd4d7ebbaa3193598be1267be937745fb0de09aa70d"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #14
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
hmac_drbg_pr:MBEDTLS_MD_SHA384:"d99ddbd82ce9937cda083e30b3da47a6e6ca08b8f59f2fc934bb3f78e748bb28cfabddb375efc5f2025a53fd073a89b0fbec391290863ad862aa56fe6d945044e879ca05c3c019313f810dd559fa0e682d6b77ff7e612c7c40cd5231eece4018c5b3c0d8181ab44703f7a04c0a1c7c5e":"ebc2193d4a97b97d298f1305b2f7a54dab466f7c4e444831651cac29a6c5bd88":"6826aad41f8ac29e272884cb6d21300c7b0b3ca37205e1720afaf9f716f337ec":"5a7434648de82a3552e12aff800093776ca3e86565b29c0b3ad6c0bc3180623f":"cfc79a89a0a55dc9c6c6eccdfab5a9935335e806b73bab7f5eff5f9fea6aa3f47bf31f06d987a94e2bc2a4a6144ebe94d6f5aa8fcaabbf86a37c8d412207864322d3057b89fef358740c5962cf9e7c37072847fcaa6db693a5238ef270e8414e2b29448bbcc37dceaa75479c2ac5fee2d6fe9ed68516f6dbd90135ddcae8a12d1c1595e0edc34ea2bf00bee7ae773c240c2bc1ed828b7ff91a676891173eec1dabeecb2184df9186c3bd833e349351481655bda91bc0f4e419fb78e426de6b39"
HMAC_DRBG NIST CAVS 14.3 PR True (SHA-512, 0, 0) #0
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
index 293287a..c81501c 100644
--- a/tests/suites/test_suite_lmots.function
+++ b/tests/suites/test_suite_lmots.function
@@ -37,6 +37,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -48,6 +49,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -60,6 +62,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -71,6 +74,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -137,6 +142,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lmots_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -149,6 +155,8 @@
size_t exported_pub_key_size;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
+
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -192,6 +200,7 @@
exit:
mbedtls_lmots_public_free(&ctx);
mbedtls_free(exported_pub_key);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -202,6 +211,7 @@
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -217,6 +227,7 @@
exit:
mbedtls_lmots_private_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -233,6 +244,7 @@
memset(sig, 0x7E, sizeof(sig));
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -242,5 +254,6 @@
exit:
mbedtls_lmots_private_free(&ctx);
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
index 7116f61..377efcd 100644
--- a/tests/suites/test_suite_lms.function
+++ b/tests/suites/test_suite_lms.function
@@ -17,6 +17,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -38,6 +39,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -50,6 +52,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -71,6 +74,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -139,6 +144,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -151,6 +157,7 @@
unsigned char *exported_pub_key = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -194,5 +201,6 @@
exit:
mbedtls_free(exported_pub_key);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data
index fb9b5ef..3f2e69f 100644
--- a/tests/suites/test_suite_md.data
+++ b/tests/suites/test_suite_md.data
@@ -13,7 +13,7 @@
md_info:MBEDTLS_MD_MD5:"MD5":16
Information on RIPEMD160
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_info:MBEDTLS_MD_RIPEMD160:"RIPEMD160":20
Information on SHA1
@@ -21,7 +21,7 @@
md_info:MBEDTLS_MD_SHA1:"SHA1":20
Information on SHA224
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_info:MBEDTLS_MD_SHA224:"SHA224":28
Information on SHA256
@@ -29,7 +29,7 @@
md_info:MBEDTLS_MD_SHA256:"SHA256":32
Information on SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_info:MBEDTLS_MD_SHA384:"SHA384":48
Information on SHA512
@@ -49,7 +49,7 @@
md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48
Information on SHA3-512
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64
generic mbedtls_md5 Test vector RFC1321 #1
@@ -81,35 +81,35 @@
md_text:MBEDTLS_MD_MD5:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a"
generic mbedtls_ripemd160 Test vector from paper #1
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31"
generic mbedtls_ripemd160 Test vector from paper #2
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe"
generic mbedtls_ripemd160 Test vector from paper #3
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc"
generic mbedtls_ripemd160 Test vector from paper #4
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36"
generic mbedtls_ripemd160 Test vector from paper #5
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc"
generic mbedtls_ripemd160 Test vector from paper #6
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b"
generic mbedtls_ripemd160 Test vector from paper #7
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189"
generic mbedtls_ripemd160 Test vector from paper #8
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8
@@ -125,7 +125,7 @@
md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7"
generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1"
generic HMAC-MD5 Hash File OpenSSL test #1
@@ -173,31 +173,31 @@
mbedtls_md_hmac:MBEDTLS_MD_MD5:16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e"
generic HMAC-RIPEMD160 Test vector RFC 2286 #1
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668"
generic HMAC-RIPEMD160 Test vector RFC 2286 #2
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069"
generic HMAC-RIPEMD160 Test vector RFC 2286 #3
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1"
generic HMAC-RIPEMD160 Test vector RFC 2286 #4
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4"
generic HMAC-RIPEMD160 Test vector RFC 2286 #5
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39"
generic HMAC-RIPEMD160 Test vector RFC 2286 #6
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b"
generic HMAC-RIPEMD160 Test vector RFC 2286 #7
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a"
generic multi step mbedtls_md5 Test vector RFC1321 #1
@@ -229,35 +229,35 @@
md_text_multi:MBEDTLS_MD_MD5:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a"
generic multi step mbedtls_ripemd160 Test vector from paper #1
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31"
generic multi step mbedtls_ripemd160 Test vector from paper #2
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe"
generic multi step mbedtls_ripemd160 Test vector from paper #3
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc"
generic multi step mbedtls_ripemd160 Test vector from paper #4
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36"
generic multi step mbedtls_ripemd160 Test vector from paper #5
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc"
generic multi step mbedtls_ripemd160 Test vector from paper #6
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b"
generic multi step mbedtls_ripemd160 Test vector from paper #7
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189"
generic multi step mbedtls_ripemd160 Test vector from paper #8
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb"
generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48
@@ -273,7 +273,7 @@
md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28"
generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef"
generic multi step HMAC-MD5 Hash File OpenSSL test #1
@@ -317,31 +317,31 @@
md_hmac_multi:MBEDTLS_MD_MD5:16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #1
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #2
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #3
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #4
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #5
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #6
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b"
generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #7
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a"
generic MD5 Hash file #1
@@ -361,23 +361,23 @@
mbedtls_md_file:MBEDTLS_MD_MD5:"data_files/hash_file_4":"d41d8cd98f00b204e9800998ecf8427e"
generic RIPEMD160 Hash file #0 (from paper)
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_5":"52783243c1697bdbe16d37f97f68f08325dc1528"
generic RIPEMD160 Hash file #1
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_1":"82f1d072f0ec0c2b353703a7b575a04c113af1a6"
generic RIPEMD160 Hash file #2
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_2":"996fbc8b79206ba7393ebcd246584069b1c08f0f"
generic RIPEMD160 Hash file #3
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_3":"8653b46d65998fa8c8846efa17937e742533ae48"
generic RIPEMD160 Hash file #4
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_4":"9c1185a5c5e9fc54612808977ee8f548b2258d31"
generic HMAC-SHA-1 Test Vector FIPS-198a #1
@@ -425,31 +425,31 @@
mbedtls_md_hmac:MBEDTLS_MD_SHA1:10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6"
generic HMAC-SHA-224 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee"
generic HMAC-SHA-224 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53"
generic HMAC-SHA-224 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0"
generic HMAC-SHA-224 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24"
generic HMAC-SHA-224 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab"
generic HMAC-SHA-224 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba"
generic HMAC-SHA-224 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_hmac:MBEDTLS_MD_SHA224:28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08"
generic HMAC-SHA-256 Test Vector NIST CAVS #1
@@ -477,27 +477,27 @@
mbedtls_md_hmac:MBEDTLS_MD_SHA256:24:"63cec6246aeb1b61":"c178db908a405fa88aa255b8cad22b4057016585f139ee930388b083d86062fa0b3ea1f23f8a43bd11bee8464bcbd19b5ab9f6a8038d5245516f8274d20c8ee3033a07b908da528fa00343bb595deed500cab9745c4cb6391c23300f0d3584b090b3326c4cfa342620b78f9f5b4f27f7307ed770643ec1764aeae3dcf1a3ec69":"64f3dd861b7c7d29fce9ae0ce9ed954b5d7141806ee9eec7"
generic HMAC-SHA-384 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"91a7401817386948ca952f9a20ee55dc":"2fea5b91035d6d501f3a834fa178bff4e64b99a8450432dafd32e4466b0e1e7781166f8a73f7e036b3b0870920f559f47bd1400a1a906e85e0dcf00a6c26862e9148b23806680f285f1fe4f93cdaf924c181a965465739c14f2268c8be8b471847c74b222577a1310bcdc1a85ef1468aa1a3fd4031213c97324b7509c9050a3d":"6d7be9490058cf413cc09fd043c224c2ec4fa7859b13783000a9a593c9f75838"
generic HMAC-SHA-384 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"d6cac19657061aa90a6da11cd2e9ea47":"9f482e4655173135dfaa22a11bbbe6af263db48716406c5aec162ba3c4b41cad4f5a91558377521191c7343118beee65982929802913d67b6de5c4bdc3d27299bd722219d5ad2efa5bdb9ff7b229fc4bbc3f60719320cf2e7a51cad1133d21bad2d80919b1836ef825308b7c51c6b7677ac782e2bc30007afba065681cbdd215":"f3d5f3c008175321aa7b2ea379eaa4f8b9dcc60f895ec8940b8162f80a7dfe9f"
generic HMAC-SHA-384 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"e06366ad149b8442cd4c1abdddd0afde":"2d140a194c02a5598f69174834679b8371234a0d505491f1bd03e128dd91a8bca2fb812e9d5da71613b5b00952ea78bf450d5b7547dea79135925085c7d3e6f52009c51ca3d88c6c09e9d074b0ee110736e0ec9b478b93efb34d7bf1c41b54decec43eab077a3aa4998ede53f67b4ea36c266745f9643d5360bdc8337c70dabf":"c19c67eda6fe29f3667bee1c897c333ce7683094ae77e84b4c16378d290895a1"
generic HMAC-SHA-384 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"01ac59f42f8bb91d1bd10fe6990d7a87":"3caf18c476edd5615f343ac7b7d3a9da9efade755672d5ba4b8ae8a7505539ea2c124ff755ec0457fbe49e43480b3c71e7f4742ec3693aad115d039f90222b030fdc9440313691716d5302005808c07627483b916fdf61983063c2eb1268f2deeef42fc790334456bc6bad256e31fc9066de7cc7e43d1321b1866db45e905622":"1985fa2163a5943fc5d92f1fe8831215e7e91f0bff5332bc713a072bdb3a8f9e5c5157463a3bfeb36231416e65973e64"
generic HMAC-SHA-384 Test Vector NIST CAVS #5 [#1]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"fd74b9d9e102a3a80df1baf0cb35bace":"1a068917584813d1689ccbd0370c2114d537cdc8cc52bf6db16d5535f8f7d1ad0c850a9fa0cf62373ffbf7642b1f1e8164010d350721d798d9f99e9724830399c2fce26377e83d38845675457865c03d4a07d741a505ef028343eb29fd46d0f761f3792886998c1e5c32ac3bc7e6f08faed194b34f06eff4d5d4a5b42c481e0e":"a981eaf5de3d78b20ebd4414a4edd0657e3667cd808a0dbc430cf7252f73a5b24efa136039207bd59806897457d74e0c"
generic HMAC-SHA-384 Test Vector NIST CAVS #5 [#2]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"9fe794f0e26b669fa5f6883149377c6c":"6010c9745e8f1d44cfdc99e7e0fd79bc4271944c2d1d84dba589073dfc4ca5eb98c59356f60cd87bef28aeb83a832bde339b2087daf942aa1f67876c5d5ed33924bed4143bc12a2be532ccaf64daa7e2bc3c8872b9823b0533b6f5159135effe8c61545536975d7c3a61ba7365ec35f165bc92b4d19eb9156ade17dfa1bb4161":"915ae61f8754698c2b6ef9629e93441f8541bd4258a5e05372d19136cfaefc0473b48d96119291b38eb1a3cb1982a986"
generic HMAC-SHA-512 Test Vector NIST CAVS #1
@@ -573,19 +573,19 @@
mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
HMAC-SHA3-512: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
HMAC-SHA3-512: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
HMAC-SHA3-512: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
HMAC-SHA3-512: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
generic multi step HMAC-SHA-1 Test Vector FIPS-198a #1
@@ -633,31 +633,31 @@
md_hmac_multi:MBEDTLS_MD_SHA1:10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba"
generic multi step HMAC-SHA-224 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hmac_multi:MBEDTLS_MD_SHA224:28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08"
generic multi step HMAC-SHA-256 Test Vector NIST CAVS #1
@@ -685,27 +685,27 @@
md_hmac_multi:MBEDTLS_MD_SHA256:24:"63cec6246aeb1b61":"c178db908a405fa88aa255b8cad22b4057016585f139ee930388b083d86062fa0b3ea1f23f8a43bd11bee8464bcbd19b5ab9f6a8038d5245516f8274d20c8ee3033a07b908da528fa00343bb595deed500cab9745c4cb6391c23300f0d3584b090b3326c4cfa342620b78f9f5b4f27f7307ed770643ec1764aeae3dcf1a3ec69":"64f3dd861b7c7d29fce9ae0ce9ed954b5d7141806ee9eec7"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:32:"91a7401817386948ca952f9a20ee55dc":"2fea5b91035d6d501f3a834fa178bff4e64b99a8450432dafd32e4466b0e1e7781166f8a73f7e036b3b0870920f559f47bd1400a1a906e85e0dcf00a6c26862e9148b23806680f285f1fe4f93cdaf924c181a965465739c14f2268c8be8b471847c74b222577a1310bcdc1a85ef1468aa1a3fd4031213c97324b7509c9050a3d":"6d7be9490058cf413cc09fd043c224c2ec4fa7859b13783000a9a593c9f75838"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:32:"d6cac19657061aa90a6da11cd2e9ea47":"9f482e4655173135dfaa22a11bbbe6af263db48716406c5aec162ba3c4b41cad4f5a91558377521191c7343118beee65982929802913d67b6de5c4bdc3d27299bd722219d5ad2efa5bdb9ff7b229fc4bbc3f60719320cf2e7a51cad1133d21bad2d80919b1836ef825308b7c51c6b7677ac782e2bc30007afba065681cbdd215":"f3d5f3c008175321aa7b2ea379eaa4f8b9dcc60f895ec8940b8162f80a7dfe9f"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:32:"e06366ad149b8442cd4c1abdddd0afde":"2d140a194c02a5598f69174834679b8371234a0d505491f1bd03e128dd91a8bca2fb812e9d5da71613b5b00952ea78bf450d5b7547dea79135925085c7d3e6f52009c51ca3d88c6c09e9d074b0ee110736e0ec9b478b93efb34d7bf1c41b54decec43eab077a3aa4998ede53f67b4ea36c266745f9643d5360bdc8337c70dabf":"c19c67eda6fe29f3667bee1c897c333ce7683094ae77e84b4c16378d290895a1"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:48:"01ac59f42f8bb91d1bd10fe6990d7a87":"3caf18c476edd5615f343ac7b7d3a9da9efade755672d5ba4b8ae8a7505539ea2c124ff755ec0457fbe49e43480b3c71e7f4742ec3693aad115d039f90222b030fdc9440313691716d5302005808c07627483b916fdf61983063c2eb1268f2deeef42fc790334456bc6bad256e31fc9066de7cc7e43d1321b1866db45e905622":"1985fa2163a5943fc5d92f1fe8831215e7e91f0bff5332bc713a072bdb3a8f9e5c5157463a3bfeb36231416e65973e64"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #5 [#1]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:48:"fd74b9d9e102a3a80df1baf0cb35bace":"1a068917584813d1689ccbd0370c2114d537cdc8cc52bf6db16d5535f8f7d1ad0c850a9fa0cf62373ffbf7642b1f1e8164010d350721d798d9f99e9724830399c2fce26377e83d38845675457865c03d4a07d741a505ef028343eb29fd46d0f761f3792886998c1e5c32ac3bc7e6f08faed194b34f06eff4d5d4a5b42c481e0e":"a981eaf5de3d78b20ebd4414a4edd0657e3667cd808a0dbc430cf7252f73a5b24efa136039207bd59806897457d74e0c"
generic multi step HMAC-SHA-384 Test Vector NIST CAVS #5 [#2]
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hmac_multi:MBEDTLS_MD_SHA384:48:"9fe794f0e26b669fa5f6883149377c6c":"6010c9745e8f1d44cfdc99e7e0fd79bc4271944c2d1d84dba589073dfc4ca5eb98c59356f60cd87bef28aeb83a832bde339b2087daf942aa1f67876c5d5ed33924bed4143bc12a2be532ccaf64daa7e2bc3c8872b9823b0533b6f5159135effe8c61545536975d7c3a61ba7365ec35f165bc92b4d19eb9156ade17dfa1bb4161":"915ae61f8754698c2b6ef9629e93441f8541bd4258a5e05372d19136cfaefc0473b48d96119291b38eb1a3cb1982a986"
generic multi step HMAC-SHA-512 Test Vector NIST CAVS #1
@@ -781,19 +781,19 @@
md_hmac_multi:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a"
HMAC-SHA3-512 multi-step: NIST example #1: keylen<blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e":"4efd629d6c71bf86162658f29943b1c308ce27cdfa6db0d9c3ce81763f9cbce5f7ebe9868031db1a8f8eb7b6b95e5c5e3f657a8996c86a2f6527e307f0213196"
HMAC-SHA3-512 multi-step: NIST example #2: keylen=blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f4041424344454647":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"544e257ea2a3e5ea19a590e6a24b724ce6327757723fe2751b75bf007d80f6b360744bf1b7a88ea585f9765b47911976d3191cf83c039f5ffab0d29cc9d9b6da"
HMAC-SHA3-512 multi-step: NIST example #3: keylen>blocklen
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915"
HMAC-SHA3-512 multi-step: NIST example #4: keylen<blocklen, with truncated tag
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
md_hmac_multi:MBEDTLS_MD_SHA3_512:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"7bb06d859257b25ce73ca700df34c5cbef5c898bac91029e0b27975d4e526a08"
generic SHA-1 Test Vector NIST CAVS #1
@@ -837,31 +837,31 @@
md_hex:MBEDTLS_MD_SHA1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
generic SHA-224 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
generic SHA-224 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5"
generic SHA-224 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e"
generic SHA-224 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede"
generic SHA-224 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d"
generic SHA-224 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713"
generic SHA-224 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex:MBEDTLS_MD_SHA224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe"
generic SHA-256 Test Vector NIST CAVS #1
@@ -893,35 +893,35 @@
md_hex:MBEDTLS_MD_SHA256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
generic SHA-384 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
generic SHA-384 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d"
generic SHA-384 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc"
generic SHA-384 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955"
generic SHA-384 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a"
generic SHA-384 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649"
generic SHA-384 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980"
generic SHA-384 Test Vector NIST CAVS #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex:MBEDTLS_MD_SHA384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e"
generic SHA-512 Test Vector NIST CAVS #1
@@ -977,19 +977,19 @@
mbedtls_md_file:MBEDTLS_MD_SHA3_384:"data_files/hash_file_4":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004"
generic SHA3-512 Hash file #1
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_1":"7d43cbb75218110d7fcc227b6977e6f3b855184c646b679055897cba0cd445ec968430231866801c4f0993f8735cf46bc4858868423d31ca283a6f1ecf25c580"
generic SHA3-512 Hash file #2
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_2":"212bd00cfc7f3a5b73b5b4772dd83562826207eba30ab00be2c886aef3841ef66eb25097091bfacb6d45dd4557489f91836c04c4f0d96e32ae96fb006d4b2ad6"
generic SHA3-512 Hash file #3
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_3":"a78a0266820e36f6fb26a0c8deb0b24108e209cc217852ed073904bc44ec586c5704c0a56de57f9906b8ced380fee6ac2bd432a93de7f39b23ed0aabdd7ae813"
generic SHA3-512 Hash file #4
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_md_file:MBEDTLS_MD_SHA3_512:"data_files/hash_file_4":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"
generic SHA-512 Test Vector NIST CAVS #2
@@ -1061,31 +1061,31 @@
md_hex_multi:MBEDTLS_MD_SHA1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af"
generic multi step SHA-224 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
generic multi step SHA-224 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5"
generic multi step SHA-224 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e"
generic multi step SHA-224 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede"
generic multi step SHA-224 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d"
generic multi step SHA-224 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713"
generic multi step SHA-224 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
md_hex_multi:MBEDTLS_MD_SHA224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe"
generic multi step SHA-256 Test Vector NIST CAVS #1
@@ -1117,35 +1117,35 @@
md_hex_multi:MBEDTLS_MD_SHA256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e"
generic multi step SHA-384 Test Vector NIST CAVS #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
generic multi step SHA-384 Test Vector NIST CAVS #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d"
generic multi step SHA-384 Test Vector NIST CAVS #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc"
generic multi step SHA-384 Test Vector NIST CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955"
generic multi step SHA-384 Test Vector NIST CAVS #5
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a"
generic multi step SHA-384 Test Vector NIST CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649"
generic multi step SHA-384 Test Vector NIST CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980"
generic multi step SHA-384 Test Vector NIST CAVS #8
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
md_hex_multi:MBEDTLS_MD_SHA384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e"
generic multi step SHA-512 Test Vector NIST CAVS #1
@@ -1197,19 +1197,19 @@
mbedtls_md_file:MBEDTLS_MD_SHA1:"data_files/hash_file_4":"da39a3ee5e6b4b0d3255bfef95601890afd80709"
generic SHA-224 Hash file #1
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_1":"8606da018870f0c16834a21bc3385704cb1683b9dbab04c5ddb90a48"
generic SHA-224 Hash file #2
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_2":"733b2ab97b6f63f2e29b9a2089756d81e14c93fe4cc9615c0d5e8a03"
generic SHA-224 Hash file #3
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_3":"e1df95867580e2cc2100e9565bf9c2e42c24fe5250c19efe33d1c4fe"
generic SHA-224 Hash file #4
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_4":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f"
generic SHA-256 Hash file #1
@@ -1229,19 +1229,19 @@
mbedtls_md_file:MBEDTLS_MD_SHA256:"data_files/hash_file_4":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
generic SHA-384 Hash file #1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_1":"e0a3e6259d6378001b54ef82f5dd087009c5fad86d8db226a9fe1d14ecbe33a6fc916e3a4b16f5f286424de15d5a8e0e"
generic SHA-384 Hash file #2
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_2":"eff727afc8495c92e2f370f97a317f93c3350324b0646b0f0e264708b3c97d3d332d3c5390e1e47130f5c92f1ef4b9cf"
generic SHA-384 Hash file #3
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_3":"6fc10ebda96a1ccf61777cac72f6034f92533d42052a4bf9f9d929c672973c71e5aeb1213268043c21527ac0f7f349c4"
generic SHA-384 Hash file #4
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_4":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
generic SHA-512 Hash file #1
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index f8f1d43..d273b30 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -67,7 +67,7 @@
oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1
OID hash id - id-sha224
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224
OID hash id - id-sha256
@@ -75,7 +75,7 @@
oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256
OID hash id - id-sha384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384
OID hash id - id-sha512
@@ -95,11 +95,11 @@
oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384
OID hash id - id-sha3-512
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512
OID hash id - id-ripemd160
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
OID hash id - invalid oid
@@ -203,7 +203,7 @@
oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
mbedtls_oid_get_md_hmac - RIPEMD160
-depends_on:MBEDTLS_MD_CAN_RIPEMD160
+depends_on:PSA_WANT_ALG_RIPEMD160
mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160
mbedtls_oid_get_md_hmac - SHA1
@@ -211,7 +211,7 @@
mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1
mbedtls_oid_get_md_hmac - SHA224
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224
mbedtls_oid_get_md_hmac - SHA256
@@ -219,7 +219,7 @@
mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256
mbedtls_oid_get_md_hmac - SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384
mbedtls_oid_get_md_hmac - SHA512
@@ -239,5 +239,5 @@
mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384
mbedtls_oid_get_md_hmac - SHA3_512
-depends_on:MBEDTLS_MD_CAN_SHA3_512
+depends_on:PSA_WANT_ALG_SHA3_512
mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index a929c82..8fc42c6 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -8,23 +8,23 @@
depends_on:MBEDTLS_RSA_C
valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12"
-PK utils: RSA Minimum key
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA"
+PK utils: RSA 1024-bit
+depends_on:MBEDTLS_RSA_C
+pk_utils:MBEDTLS_PK_RSA:1024:1024:(1024 + 7) / 8:"RSA"
-# mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1,
-# min+3, etc.
-PK utils: RSA Minimum key + 2 bits
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA"
+# In the following 3 test cases we test a few different sizes that are not a
+# multiple of 8 and for which we have test data.
+PK utils: RSA 1026-bits
+depends_on:MBEDTLS_RSA_C
+pk_utils:MBEDTLS_PK_RSA:1026:1026:(1026 + 7) / 8:"RSA"
-PK utils: RSA Minimum key + 4 bits
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA"
+PK utils: RSA 1028-bits
+depends_on:MBEDTLS_RSA_C
+pk_utils:MBEDTLS_PK_RSA:1028:1028:(1028 + 7) / 8:"RSA"
-PK utils: RSA Minimum key + 6 bits
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA"
+PK utils: RSA 1030-bits
+depends_on:MBEDTLS_RSA_C
+pk_utils:MBEDTLS_PK_RSA:1030:1030:(1030 + 7) / 8:"RSA"
PK utils: ECKEY SECP192R1
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
@@ -63,7 +63,7 @@
pk_psa_utils:0
PK PSA utilities: RSA setup/free, info functions, unsupported operations
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_psa_utils:1
PK can do ext: ECDSA(ANY)/NONE, invalid check STREAM_CIPHER
@@ -95,11 +95,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
@@ -147,159 +147,159 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_COPY:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check STREAM_CIPHER
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDSA(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check non-present usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0
PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN(SHA1)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(ANY)/NONE, invalid check STREAM_CIPHER
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(ANY)/NONE, invalid check ECDSA(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(ANY)/NONE, check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PSS(SHA256)/NONE, check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PSS(SHA1)/NONE, invalid check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, check RSA_PKCS1V15_SIGN_RAW
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check STREAM_CIPHER
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDSA(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0
PK can do ext: RSA_PKCS1V15_CRYPT/NONE, check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256)
@@ -311,19 +311,19 @@
pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1
PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: MBEDTLS_PK_RSA, check PSA_ALG_RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: MBEDTLS_PK_RSA, check invalid PSA_KEY_USAGE_ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0
PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good
@@ -435,20 +435,20 @@
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
RSA sign-verify, PKCS1v1.5, SHA1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
-pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0
RSA sign-verify, PKCS1v2.1, SHA1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
-pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
+pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0
RSA sign-verify, PKCS1v1.5, SHA256
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
-pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256
+pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0
RSA sign-verify, PKCS1v2.1, SHA256
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
-pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0
RSA encrypt-decrypt test PKCS1 v1.5
depends_on:MBEDTLS_PKCS1_V15
@@ -507,7 +507,7 @@
pk_ec_nocrypt:MBEDTLS_PK_ECDSA
RSA_ALT consistency
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_rsa_alt:
Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK)
@@ -688,35 +688,35 @@
pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:0
PSA wrapped sign: RSA PKCS1 v1.5
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:MBEDTLS_RSA_PKCS_V15
PSA wrapped sign: RSA PKCS1 v2.1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:MBEDTLS_RSA_PKCS_V21
PK sign ext: RSA2048, PK_RSA, MD_SHA256
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256
PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
PK sign ext: RSA2048, PK_RSA, MD_SHA384
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
PK sign ext: RSA2048, PK_RSA, MD_SHA512
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048
+depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
PK sign ext: SECP256R1, PK_ECDSA, MD_SHA256
@@ -724,7 +724,7 @@
pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256
PK sign ext: SECP384R1, PK_ECDSA, MD_SHA384
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_384
pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384
PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512
@@ -740,11 +740,11 @@
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256
PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA384
-depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384
PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384
-depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C
pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384
PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA512
@@ -762,136 +762,136 @@
# Bad usage due to not specifying sign/crypt/derive.
PSA attributes for pk: RSA usage=0 (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
# Bad usage due to not specifying sign/crypt/derive.
PSA attributes for pk: RSA usage=EXPORT (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
# Bad usage due to specifying more than one of sign/crypt/derive.
PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
# This usage could make sense, but is not currently supported.
PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair DECRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 pair->public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
PSA attributes for pk: RSA v15 public DECRYPT (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair SIGN_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 pair->public VERIFY_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public VERIFY_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public VERIFY_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 public SIGN_HASH (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 pair DERIVE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: RSA v15 public DERIVE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: ECKEY pair DECRYPT (bad)
@@ -1063,164 +1063,164 @@
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
# For a PK_OPAQUE key with a key pair type output,
# mbedtls_pk_import_into_psa() requires the key to be copyable or exportable.
# Try all combinations of COPY/not, EXPORT/not.
PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, SIGN|EXPORT|... & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, SIGN|COPY|... & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, SIGN|COPY|EXPORT... & SIGN_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
# For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input
# key's algorithm policy. Just this time, test with a few different algorithms.
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0]
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw]
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15]
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS]
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT
PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT
+depends_on:MBEDTLS_RSA_C
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
PSA attributes for pk: opaque ECC pair, ... & DERIVE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE
PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS
pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0
PSA import into PSA: RSA pair to ECC (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: RSA public to RSA pair (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+depends_on:MBEDTLS_RSA_C
pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation
# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably
# be more appropriate. (Applies to all the RSA "different bits" test cases.)
PSA import into PSA: RSA pair to different bits (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG
+depends_on:MBEDTLS_RSA_C
+pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: RSA public to different bits (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG
+depends_on:MBEDTLS_RSA_C
+pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: RSA private to public, different bits (bad)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
-pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG
+depends_on:MBEDTLS_RSA_C
+pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: ECKEY pair to RSA (bad)
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
@@ -1395,149 +1395,149 @@
pk_import_into_psa_lifetime:1:1:0:1:1
PSA import into PSA: opaque RSA, COPY (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA import into PSA: opaque RSA, EXPORT (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA import into PSA: opaque RSA, no COPY/EXPORT (bad)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH
# Detail that isn't precisely documented: since this copies the key,
# the new key has the intersection of the usage flags.
PSA import into PSA: opaque RSA, COPY|EXPORT, different usage (restricted)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
# Detail that isn't precisely documented: since this copies the key,
# the new key has the intersection of the usage flags.
PSA import into PSA: opaque RSA, COPY, different usage (restricted)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
# Detail that isn't precisely documented: since this exports the key,
# the new key has all the requested usage flags.
PSA import into PSA: opaque RSA, EXPORT, different usage (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA import into PSA: opaque RSA, COPY|EXPORT, different algorithm (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
PSA import into PSA: opaque RSA, COPY, different algorithm (bad)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque RSA, EXPORT, different algorithm (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0
PSA import into PSA: opaque RSA, implicit bits (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA import into PSA: opaque RSA, different bits (bad)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque RSA, different type (bad)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque RSA to public (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
PSA import into PSA: opaque RSA to public, implicit bits (ok)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0
# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation
# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably
# be more appropriate.
PSA import into PSA: opaque RSA to public, different bits (bad)
-depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
-pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: opaque ECC, COPY (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
PSA import into PSA: opaque ECC, EXPORT (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
PSA import into PSA: opaque ECC, no COPY/EXPORT (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH
# Detail that isn't precisely documented: since this copies the key,
# the new key has the intersection of the usage flags.
PSA import into PSA: opaque ECC, COPY|EXPORT, different usage (restricted)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
# Detail that isn't precisely documented: since this copies the key,
# the new key has the intersection of the usage flags.
PSA import into PSA: opaque ECC, COPY, different usage (restricted)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
# Detail that isn't precisely documented: since this exports the key,
# the new key has all the requested usage flags.
PSA import into PSA: opaque ECC, EXPORT, different usage (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
PSA import into PSA: opaque ECC, COPY|EXPORT, different algorithm (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0
PSA import into PSA: opaque ECC, COPY, different algorithm (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque ECC, EXPORT, different algorithm (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0
PSA import into PSA: opaque ECC, implicit bits (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
PSA import into PSA: opaque ECC, different bits (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque ECC, different type (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque ECC, different family (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
PSA import into PSA: opaque ECC to public (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
PSA import into PSA: opaque ECC to public, implicit bits (ok)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0
# MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation
# of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably
# be more appropriate.
PSA import into PSA: opaque ECC to public, different bits (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG
PSA import into PSA: opaque ECC to public, different family (bad)
-depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA
+depends_on:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA
pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
Copy from PSA: use wrong parameters
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index ddcbd83..10cd207 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -21,17 +21,13 @@
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "pkwrite.h"
+
#include <test/psa_exercise_key.h>
/* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */
#include "pkwrite.h"
-/* Used for properly sizing the key buffer in pk_genkey_ec() */
-#include "psa_util_internal.h"
-
-#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS
-#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8)
-
#if defined(MBEDTLS_RSA_C) || \
defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
defined(MBEDTLS_ECDSA_C) || \
@@ -44,13 +40,12 @@
* - The build has built-in ECC and ECDSA signature.
*/
#if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
- ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \
- defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \
+ (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \
(defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN))
#define MBEDTLS_TEST_PK_PSA_SIGN
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
/* Pick an elliptic curve that's supported by PSA. Note that the curve is
* not guaranteed to be supported by the ECP module.
*
@@ -69,14 +64,22 @@
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1
-#elif defined(PSA_WANT_ECC_SECP_R1_224)
-#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
-#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
-#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1
#elif defined(PSA_WANT_ECC_SECP_R1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1
+#elif defined(PSA_WANT_ECC_SECP_K1_192)
+#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
+#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
+#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1
+#elif defined(PSA_WANT_ECC_SECP_K1_256)
+#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
+#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
+#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1
+#elif defined(PSA_WANT_ECC_SECP_R1_224)
+#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
+#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
+#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1
#elif defined(PSA_WANT_ECC_SECP_R1_384)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384
@@ -85,18 +88,10 @@
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1
-#elif defined(PSA_WANT_ECC_SECP_K1_192)
-#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
-#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
-#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1
#elif defined(PSA_WANT_ECC_SECP_K1_224)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224
#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1
-#elif defined(PSA_WANT_ECC_SECP_K1_256)
-#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1
-#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
-#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1
#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
@@ -133,7 +128,8 @@
#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
-#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256)
+#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && \
+ !defined(PSA_WANT_ECC_SECP_R1_192)
#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1
#define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1
#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256
@@ -157,7 +153,7 @@
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
#endif
-#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
/* Always define the macros so that we can use them in test data. */
#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY)
@@ -175,133 +171,200 @@
/* Get an available MD alg to be used in sign/verify tests. */
#if defined(MBEDTLS_MD_CAN_SHA1)
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA1
-#elif defined(MBEDTLS_MD_CAN_SHA224)
+#elif defined(PSA_WANT_ALG_SHA_224)
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224
#elif defined(MBEDTLS_MD_CAN_SHA256)
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256
-#elif defined(MBEDTLS_MD_CAN_SHA384)
+#elif defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA384
#elif defined(MBEDTLS_MD_CAN_SHA512)
#define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512
#endif
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
+#include <../src/test_keys.h>
+
+/* Define an RSA key size we know it's present in predefined_key[] array. */
+#define RSA_KEY_SIZE 1024
+#define RSA_KEY_LEN (RSA_KEY_SIZE/8)
+
+static int get_predefined_key_data(int is_ec, int group_id_or_keybits,
+ const unsigned char **key, size_t *key_len,
+ const unsigned char **pub_key, size_t *pub_key_len)
{
- psa_status_t status;
- psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
- size_t curve_bits;
- psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits);
- int ret;
+ size_t i;
+ struct predefined_key_element *predefined_key = NULL;
- if (curve == 0) {
- return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
- }
-
- psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
- psa_set_key_bits(&key_attr, curve_bits);
- psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
- psa_algorithm_t sign_alg = 0;
- psa_algorithm_t derive_alg = 0;
- if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) {
- usage |= PSA_KEY_USAGE_DERIVE;
- derive_alg = PSA_ALG_ECDH;
- }
- if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH &&
- curve != PSA_ECC_FAMILY_MONTGOMERY) {
- usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE;
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
- sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH);
-#else
- sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
-#endif
- }
- if (derive_alg != 0) {
- psa_set_key_algorithm(&key_attr, derive_alg);
- if (sign_alg != 0) {
- psa_set_key_enrollment_algorithm(&key_attr, sign_alg);
+ for (i = 0; i < ARRAY_LENGTH(predefined_keys); i++) {
+ if (is_ec) {
+ if (group_id_or_keybits == predefined_keys[i].group_id) {
+ predefined_key = &predefined_keys[i];
+ }
+ } else if (group_id_or_keybits == predefined_keys[i].keybits) {
+ predefined_key = &predefined_keys[i];
}
- } else {
- psa_set_key_algorithm(&key_attr, sign_alg);
- }
- psa_set_key_usage_flags(&key_attr, usage);
-
- status = psa_generate_key(&key_attr, &pk->priv_id);
- if (status != PSA_SUCCESS) {
- return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
- status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw),
- &pk->pub_raw_len);
- if (status != PSA_SUCCESS) {
- ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
- goto exit;
+ if (predefined_key != NULL) {
+ *key = predefined_key->priv_key;
+ *key_len = predefined_key->priv_key_len;
+ if (pub_key != NULL) {
+ *pub_key = predefined_key->pub_key;
+ *pub_key_len = predefined_key->pub_key_len;
+ }
+ return 0;
}
- pk->ec_family = curve;
- pk->ec_bits = curve_bits;
-
- return 0;
-
+ TEST_FAIL("Unsupported key");
+ /* "exit" label is to make the compiler happy. */
exit:
- status = psa_destroy_key(pk->priv_id);
- return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-/** Generate a key of the desired type.
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
+ psa_key_type_t type, psa_key_usage_t usage,
+ psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status;
+
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+
+ /* Note: psa_import_key() automatically determines the key's bit length
+ * from the provided key data. That's why psa_set_key_bits() is not used below. */
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, type);
+ status = psa_import_key(&attributes, key_data, key_len, key);
+
+ return status;
+}
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
+/** Setup the provided PK context.
*
- * \param pk The PK object to fill. It must have been initialized
- * with mbedtls_pk_setup().
+ * Predefined keys used for the setup are taken from "test/src/test_keys.h"
+ * which is automatically generated using "framework/scripts/generate_test_keys.py".
+ *
+ * \param pk The PK object to fill. It must have been initialized
+ * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()).
+ * \param pk_type mbedtls_pk_type_t to use in the PK context.
* \param curve_or_keybits - For RSA keys, the key size in bits.
* - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx).
*
- * \return The status from the underlying type-specific key
- * generation function.
- * \return -1 if the key type is not recognized.
+ * \return 0 on success or a negative value otherwise.
*/
-static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
+static int pk_setup(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits)
{
- (void) pk;
- (void) curve_or_keybits;
+ const unsigned char *key_data = NULL;
+ const unsigned char *pub_key_data = NULL;
+ size_t key_data_len = 0;
+ size_t pub_key_data_len = 0;
+ int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
- return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk),
- mbedtls_test_rnd_std_rand, NULL,
- curve_or_keybits, 3);
- }
-#endif
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
- if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY ||
- mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH ||
- mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
- int ret;
+ TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0);
+ if (pk_type == MBEDTLS_PK_RSA) {
+#if defined(MBEDTLS_RSA_C)
+ TEST_EQUAL(get_predefined_key_data(0, curve_or_keybits, &key_data, &key_data_len,
+ NULL, 0), 0);
+ TEST_EQUAL(mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key_data, key_data_len), 0);
+#else /* MBEDTLS_RSA_C */
+ TEST_FAIL("RSA keys not supported.");
+#endif /* MBEDTLS_RSA_C */
+ } else {
+ TEST_EQUAL(get_predefined_key_data(1, curve_or_keybits, &key_data, &key_data_len,
+ &pub_key_data, &pub_key_data_len), 0);
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- ret = pk_genkey_ec(pk, curve_or_keybits);
- if (ret != 0) {
- return ret;
- }
-
- return 0;
-#else
- ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits);
- if (ret != 0) {
- return ret;
- }
- return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp,
- &mbedtls_pk_ec_rw(*pk)->d,
- &mbedtls_pk_ec_rw(*pk)->Q,
- mbedtls_test_rnd_std_rand, NULL);
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
+ pk->ec_family = mbedtls_ecc_group_to_psa(curve_or_keybits, &pk->ec_bits);
+ TEST_EQUAL(pk_psa_import_key(key_data, key_data_len,
+ PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family),
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE |
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_COPY |
+ PSA_KEY_USAGE_EXPORT,
+ MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH),
+ &pk->priv_id), 0);
+ memcpy(pk->pub_raw, pub_key_data, pub_key_data_len);
+ pk->pub_raw_len = pub_key_data_len;
+#elif defined(MBEDTLS_ECP_C)
+ TEST_EQUAL(mbedtls_ecp_read_key(curve_or_keybits, mbedtls_pk_ec_rw(*pk),
+ key_data, key_data_len), 0);
+ TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_rw(*pk)->grp),
+ &(mbedtls_pk_ec_rw(*pk)->Q),
+ pub_key_data, pub_key_data_len), 0);
+#else /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
+ TEST_FAIL("EC keys not supported.");
+#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
}
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
- return -1;
+ /* Override pk_info. */
+ pk->pk_info = mbedtls_pk_info_from_type(pk_type);
+ ret = 0;
+
+exit:
+ return ret;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+/** Create a PSA key of the desired type and properties.
+ *
+ * - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
+ * - Other key types (ex: DH) are generated at runtime.
+ *
+ * \param type PSA key type.
+ * \param bits PSA key bit size.
+ * \param usage PSA key usage flags.
+ * \param alg PSA key primary algorithm.
+ * \param enrollment_alg PSA key enrollment algorithm.
+ * \param persistent_key_id PSA key ID for persistent keys. Set to PSA_KEY_ID_NULL
+ * for volatile keys.
+ * \param[out] key Identifier of the "generated" (actually imported) PSA key.
+ */
+psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits,
+ psa_key_usage_t usage, psa_algorithm_t alg,
+ psa_algorithm_t enrollment_alg,
+ mbedtls_svc_key_id_t persistent_key_id,
+ mbedtls_svc_key_id_t *key)
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_status_t status = PSA_ERROR_GENERIC_ERROR;
+ const unsigned char *key_data = NULL;
+ size_t key_data_size = 0;
+
+ *key = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_enrollment_algorithm(&attributes, enrollment_alg);
+ psa_set_key_type(&attributes, type);
+ psa_set_key_bits(&attributes, bits);
+ if (!mbedtls_svc_key_id_is_null(persistent_key_id)) {
+ psa_set_key_id(&attributes, persistent_key_id);
+ }
+
+ /* For EC and RSA keys we use predefined keys in order to:
+ * - speed up testing and
+ * - ease requirements/dependencies on test cases.
+ * For other keys (ex: DH) psa_generate_key() is used instead. */
+ if (PSA_KEY_TYPE_IS_RSA(type)) {
+ TEST_EQUAL(get_predefined_key_data(0, bits, &key_data, &key_data_size, NULL, 0), 0);
+ } else if (PSA_KEY_TYPE_IS_ECC(type)) {
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+ mbedtls_ecp_group_id grp_id;
+ grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits);
+ TEST_EQUAL(get_predefined_key_data(1, grp_id, &key_data, &key_data_size, NULL, 0), 0);
+#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+ TEST_FAIL("EC keys are not supported");
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+ } else {
+ return psa_generate_key(&attributes, key);
+ }
+
+ status = psa_import_key(&attributes, key_data, key_data_size, key);
+
+exit:
+ return status;
+}
+
static psa_key_usage_t pk_get_psa_attributes_implied_usage(
psa_key_usage_t expected_usage)
{
@@ -402,7 +465,7 @@
exit:
return ok;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -436,39 +499,25 @@
FROM_PAIR = 1
} from_pair_t;
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
{
if (pk_type == MBEDTLS_PK_NONE) {
return 0;
}
- TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0);
switch (pk_type) {
#if defined(MBEDTLS_RSA_C)
case MBEDTLS_PK_RSA:
{
*psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
- mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
- if (want_pair) {
-#if defined(MBEDTLS_GENPRIME)
- TEST_EQUAL(mbedtls_rsa_gen_key(
- rsa,
- mbedtls_test_rnd_std_rand, NULL,
- MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0);
-#else
- TEST_FAIL("I don't know how to create an RSA key pair in this configuration.");
-#endif
- } else {
- unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff };
- N[sizeof(N) - 1] = 0x03;
- const unsigned char E[1] = { 0x03 };
- TEST_EQUAL(mbedtls_rsa_import_raw(rsa,
- N, sizeof(N),
- NULL, 0, NULL, 0, NULL, 0,
- E, sizeof(E)), 0);
- TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
+ TEST_EQUAL(pk_setup(pk, pk_type, RSA_KEY_SIZE), 0);
+ if (!want_pair) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
+ mbedtls_mpi_free(&rsa->D);
+ mbedtls_mpi_free(&rsa->P);
+ mbedtls_mpi_free(&rsa->Q);
}
break;
}
@@ -482,7 +531,7 @@
mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE;
size_t bits;
*psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits));
- TEST_EQUAL(pk_genkey(pk, grp_id), 0);
+ TEST_EQUAL(pk_setup(pk, pk_type, grp_id), 0);
if (!want_pair) {
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -518,9 +567,9 @@
exit:
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
-#endif
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Create a new PSA key which will contain only the public part of the private
* key which is provided in input. For this new key:
* - Type is the public counterpart of the private key.
@@ -587,74 +636,7 @@
psa_reset_key_attributes(&new_attr);
return new_key_id;
}
-
-psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len,
- psa_key_type_t type, psa_key_usage_t usage,
- psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
-
- *key = MBEDTLS_SVC_KEY_ID_INIT;
-
- /* Note: psa_import_key() automatically determines the key's bit length
- * from the provided key data. That's why psa_set_key_bits() is not used below. */
- psa_set_key_usage_flags(&attributes, usage);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, type);
- status = psa_import_key(&attributes, key_data, key_len, key);
-
- return status;
-}
-
-psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits,
- psa_key_usage_t usage, psa_algorithm_t alg,
- mbedtls_svc_key_id_t *key)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status;
-
- *key = MBEDTLS_SVC_KEY_ID_INIT;
-
- psa_set_key_usage_flags(&attributes, usage);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, type);
- psa_set_key_bits(&attributes, bits);
- status = psa_generate_key(&attributes, key);
-
- return status;
-}
-
-/*
- * Generate an ECC key using PSA and return the key identifier of that key,
- * or 0 if the key generation failed.
- * The key uses NIST P-256 and is usable for signing with SHA-256.
- */
-mbedtls_svc_key_id_t pk_psa_genkey_ecc(void)
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-
- pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
- PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
- &key);
-
- return key;
-}
-
-/*
- * Generate an RSA key using PSA and return the key identifier of that key,
- * or 0 if the key generation failed.
- */
-mbedtls_svc_key_id_t pk_psa_genkey_rsa(void)
-{
- mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
-
- pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH,
- PSA_ALG_RSA_PKCS1V15_SIGN_RAW, &key);
-
- return key;
-}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -688,11 +670,15 @@
mbedtls_pk_init(&pk);
if (key_is_rsa) {
- bitlen = 1024; /* hardcoded in genkey() */
- key = pk_psa_genkey_rsa();
+ bitlen = 1024;
+ PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH,
+ PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE,
+ MBEDTLS_SVC_KEY_ID_INIT, &key));
} else {
- bitlen = 256; /* hardcoded in genkey() */
- key = pk_psa_genkey_ecc();
+ bitlen = 256;
+ PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
+ PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256),
+ PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key));
}
if (mbedtls_svc_key_id_is_null(key)) {
goto exit;
@@ -777,16 +763,8 @@
USE_PSA_INIT();
if (opaque_key == 1) {
- psa_set_key_usage_flags(&attributes, key_usage);
- psa_set_key_algorithm(&attributes, key_alg);
- if (key_alg2 != 0) {
- psa_set_key_enrollment_algorithm(&attributes, key_alg2);
- }
- psa_set_key_type(&attributes, key_type);
- psa_set_key_bits(&attributes, curve_or_keybits);
-
- PSA_ASSERT(psa_generate_key(&attributes, &key));
-
+ PSA_ASSERT(pk_psa_setup(key_type, curve_or_keybits, key_usage,
+ key_alg, key_alg2, MBEDTLS_SVC_KEY_ID_INIT, &key));
if (mbedtls_svc_key_id_is_null(key)) {
goto exit;
}
@@ -795,9 +773,7 @@
TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE);
} else {
- TEST_EQUAL(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(key_type)), 0);
- TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0);
+ TEST_EQUAL(pk_setup(&pk, key_type, curve_or_keybits), 0);
TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type);
}
@@ -999,8 +975,7 @@
mbedtls_pk_init(&pk);
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
+ TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0);
TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type);
TEST_ASSERT(mbedtls_pk_can_do(&pk, type));
@@ -1021,6 +996,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT;
+ int is_ec_key = 0;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_init(&pub);
@@ -1057,16 +1033,22 @@
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
- /* Turn the prv PK context into an opaque one.*/
- TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
- &opaque_key_attr), 0);
- TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
- mbedtls_pk_free(&prv);
- mbedtls_pk_init(&prv);
- TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
+ is_ec_key = (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY);
+ /* Turn the prv PK context into an opaque one.*/
+ TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
+ &opaque_key_attr), 0);
+ TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
+ mbedtls_pk_free(&prv);
+ mbedtls_pk_init(&prv);
+ TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
+ /* Test check_pair() between the opaque key we just created and the public PK counterpart.
+ * Note: opaque EC keys support check_pair(), whereas RSA ones do not. */
+ if (is_ec_key) {
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
NULL), ret);
+ } else {
+ TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
+ NULL), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
}
#endif
@@ -1361,8 +1343,7 @@
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
- TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
- TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
+ TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0);
#if defined(MBEDTLS_RSA_C)
if (type == MBEDTLS_PK_RSA) {
@@ -1755,9 +1736,7 @@
memset(test, 0, sizeof(test));
/* Initialize PK RSA context with random key */
- TEST_ASSERT(mbedtls_pk_setup(&rsa,
- mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
- TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0);
+ TEST_ASSERT(pk_setup(&rsa, MBEDTLS_PK_RSA, RSA_KEY_SIZE) == 0);
/* Extract key to the raw rsa context */
TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0);
@@ -1774,7 +1753,7 @@
TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
PSA_KEY_USAGE_ENCRYPT,
@@ -1783,7 +1762,7 @@
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id),
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Test signature */
#if SIZE_MAX > UINT_MAX
@@ -1825,7 +1804,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */
+/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */
void pk_psa_sign(int psa_type, int bits, int rsa_padding)
{
mbedtls_pk_context pk;
@@ -1840,7 +1819,7 @@
int ret;
#endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
- mbedtls_ecp_group_id ecp_grp_id;
+ mbedtls_ecp_group_id ecp_grp_id = MBEDTLS_ECP_DP_NONE;
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
/*
@@ -1856,21 +1835,18 @@
USE_PSA_INIT();
/* Create the legacy EC/RSA PK context. */
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+#if defined(MBEDTLS_RSA_C)
if (PSA_KEY_TYPE_IS_RSA(psa_type)) {
- TEST_ASSERT(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
- TEST_EQUAL(pk_genkey(&pk, bits), 0);
+ TEST_EQUAL(pk_setup(&pk, MBEDTLS_PK_RSA, bits), 0);
TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0);
}
-#else /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+#else /* MBEDTLS_RSA_C */
(void) rsa_padding;
-#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
+#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) {
ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits);
- TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
- TEST_ASSERT(pk_genkey(&pk, ecp_grp_id) == 0);
+ TEST_ASSERT(pk_setup(&pk, MBEDTLS_PK_ECKEY, ecp_grp_id) == 0);
}
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
@@ -1992,7 +1968,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
+/* BEGIN_CASE */
void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg)
{
mbedtls_pk_context pk;
@@ -2008,9 +1984,7 @@
mbedtls_pk_init(&pk);
MD_OR_USE_PSA_INIT();
- TEST_EQUAL(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(pk_type)), 0);
- TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0);
+ TEST_EQUAL(pk_setup(&pk, pk_type, curve_or_keybits), 0);
TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len,
sig, sizeof(sig), &sig_len,
@@ -2030,7 +2004,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */
void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg)
{
mbedtls_pk_context pk;
@@ -2052,11 +2026,7 @@
/* Create legacy RSA public/private key in PK context. */
mbedtls_pk_init(&pk);
- TEST_EQUAL(mbedtls_pk_setup(&pk,
- mbedtls_pk_info_from_type(pk_type)), 0);
- TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
- mbedtls_test_rnd_std_rand, NULL,
- key_bits, 3), 0);
+ TEST_EQUAL(pk_setup(&pk, pk_type, key_bits), 0);
if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) {
mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE);
@@ -2082,6 +2052,19 @@
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
+#if defined(MBEDTLS_PKCS1_V21)
+ /* Check that trying to use the wrong pk_type in sign_ext() results in a failure.
+ * The PSA key was setup to use PKCS1 v1.5 signature algorithm, but here we try
+ * to use it for PSS (PKCS1 v2.1) and it should fail. */
+ if (key_pk_type == MBEDTLS_PK_RSA) {
+ TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, md_alg, hash, hash_len,
+ sig, sizeof(sig), &sig_len,
+ mbedtls_test_rnd_std_rand, NULL),
+ MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
+ }
+#endif /* MBEDTLS_PKCS1_V21 */
+
+ /* Perform sign_ext() with the correct pk_type. */
TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len,
sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand, NULL), 0);
@@ -2124,7 +2107,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes(int pk_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2172,7 +2155,11 @@
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+#else /* MBEDTLS_PSA_CRYPTO_C */
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0);
if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) {
@@ -2187,7 +2174,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2235,7 +2222,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes_fail(int pk_type, int from_pair,
int usage_arg,
int expected_ret)
@@ -2261,7 +2248,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void pk_import_into_psa_lifetime(int from_opaque,
int from_persistent, /* when from opaque */
int from_exportable, /* when from opaque */
@@ -2282,17 +2269,18 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t from_psa_type =
PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY);
- psa_set_key_type(&attributes, from_psa_type);
- psa_set_key_bits(&attributes, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS);
- psa_set_key_usage_flags(
- &attributes,
+ psa_key_usage_t psa_key_usage =
(from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) |
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH);
- psa_set_key_algorithm(&attributes, PSA_ALG_ECDH);
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
+ mbedtls_svc_key_id_t persistent_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+
if (from_persistent) {
- psa_set_key_id(&attributes, mbedtls_svc_key_id_make(0, 1));
+ persistent_key_id = mbedtls_svc_key_id_make(0, 1);
}
- PSA_ASSERT(psa_generate_key(&attributes, &old_key_id));
+
+ PSA_ASSERT(pk_psa_setup(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS,
+ psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE,
+ persistent_key_id, &old_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0);
psa_reset_key_attributes(&attributes);
#else
@@ -2368,12 +2356,8 @@
PSA_INIT();
- psa_set_key_type(&attributes, from_type);
- psa_set_key_bits(&attributes, bits);
- psa_set_key_usage_flags(&attributes, from_usage);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_enrollment_algorithm(&attributes, 42);
- PSA_ASSERT(psa_generate_key(&attributes, &old_key_id));
+ PSA_ASSERT(pk_psa_setup(from_type, bits, from_usage, alg, 42,
+ MBEDTLS_SVC_KEY_ID_INIT, &old_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0);
psa_key_type_t expected_psa_type =
@@ -2415,7 +2399,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_import_into_psa_fail(int pk_type, int from_pair,
int type_arg, int bits_arg,
int expected_ret)
@@ -2465,11 +2449,8 @@
PSA_INIT();
- psa_set_key_type(&from_attributes, from_type);
- psa_set_key_bits(&from_attributes, from_bits);
- psa_set_key_usage_flags(&from_attributes, from_usage);
- psa_set_key_algorithm(&from_attributes, from_alg);
- PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id));
+ PSA_ASSERT(pk_psa_setup(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE,
+ MBEDTLS_SVC_KEY_ID_INIT, &from_key_id));
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0);
psa_set_key_type(&to_attributes, to_type);
@@ -2513,7 +2494,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_from_psa_fail(void)
{
mbedtls_pk_context pk_ctx;
@@ -2535,23 +2516,21 @@
MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
- /* Generate a key type that is not handled by the PK module. */
- PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048,
- PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, &key_id));
+ pk_psa_setup(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048,
+ PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE,
+ MBEDTLS_SVC_KEY_ID_INIT, &key_id);
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
psa_destroy_key(key_id);
#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \
- defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256)
/* Generate an EC key which cannot be exported. */
- PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
- 0, PSA_ALG_NONE, &key_id));
+ PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256,
+ 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH);
psa_destroy_key(key_id);
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 &&
- PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */
exit:
mbedtls_pk_free(&pk_ctx);
@@ -2560,7 +2539,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
void pk_copy_from_psa_builtin_fail()
{
mbedtls_pk_context pk_ctx;
@@ -2569,11 +2548,12 @@
mbedtls_pk_init(&pk_ctx);
PSA_INIT();
- PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR,
- PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS,
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT,
- PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
- &key_id));
+ PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR,
+ PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS,
+ PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT,
+ PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256),
+ PSA_ALG_NONE,
+ MBEDTLS_SVC_KEY_ID_INIT, &key_id));
TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA);
exit:
mbedtls_pk_free(&pk_ctx);
@@ -2582,7 +2562,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
int key_alg_arg)
{
@@ -2669,7 +2649,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg)
{
psa_key_type_t key_type = key_type_arg;
diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data
index 42450d9..dee54ab 100644
--- a/tests/suites/test_suite_pkcs1_v21.data
+++ b/tests/suites/test_suite_pkcs1_v21.data
@@ -1135,7 +1135,7 @@
pkcs1_rsassa_pss_verify:1048:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0
RSASSA-PSS Signature RSA-1024, SHA-224, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"1698b7da13806451366b9658e44e2c7dc15dc96c588c720c4d5f454c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"53d859c9f10abf1c00284a4b55bf2bd84d8e313b4f3c35b8dec7bc3afe39b9b8a155418ead1931895769ce2340be2091f2385bbcf10d9e92bcf5d0e2960d10e792e7d865c64e50d19ffa13e52817d7d8d8db34392c2374a2e9b69184f92a4ad9b1b8bae99ca614d204b65a438e38dbbfc8c7cc44ed5677af70ce6c4f951f0244":20:0
RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length 20
@@ -1143,7 +1143,7 @@
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7b1d37278e549898d4084e2210c4a9961edfe7b5963550cca1904248c8681513539017820f0e9bd074b9f8a067b9fefff7f1fa20bf2d0c75015ff020b2210cc7f79034fedf68e8d44a007abf4dd82c26e8b00393723aea15abfbc22941c8cf79481718c008da713fb8f54cb3fca890bde1137314334b9b0a18515bfa48e5ccd0":20:0
RSASSA-PSS Signature RSA-1024, SHA-384, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"8e75cb3239b2b4ebf15bf74e8017340305c99d2fc1a97384257bf91cae15d57c80d7f78a487c3e16a5d1cf894da90fcb":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8f16c807bef3ed6f74ee7ff5c360a5428c6c2f105178b58ff7d073e566dad6e7718d3129c768cd5a9666de2b6c947177b45709dc7cd0f43b0ba6fc75578e1196acc15ca3afe4a78c144cb6885c1cc815f7f98925bc04ad2ff20fc1068b045d9450e2a1dcf5a161ceabba2b0b66c7354fdb80fa1d729e5f976387f24a697a7e56":20:0
RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length 20
@@ -1151,7 +1151,7 @@
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"a833ba31634f8773e4fe6ea0c69e1a23766a939d34b32fc78b774b22e46a646c25e6e1062d234ed48b1aba0f830529ff6afc296cc8dc207bbc15391623beac5f6c3db557ca49d0e42c962de95b5ff548cff970f5c73f439cfe82d3907be60240f56b6a4259cc96dfd8fe02a0bfa26e0223f68214428fff0ae40162198cc5cbd1":20:0
RSASSA-PSS Signature RSA-1536, SHA-224, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"5c69f2cc59e63b6f9ee0c954d2b7db7e4d63b7e2347f8791f1353d31":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"1d85cec0da1a74825ab796480c6e1235808387106ac1411d68f313246c65040111d74a9a45ebae10ac7686fddf4a340c4f9d24685d708bbf7b0ab4563794f5f90e0405b5d7d56c998e996b8bde2b022ae45fecf29a21836fcf362042e77e13cbf67b8a4da3f1e378dfcab2143aa8b9a145c2ee7d593e31626baa47fe623a3c3f859bb63e9336e11c5ff398a6597623318e098230b09e553ba0a4257692a0bc0a1ce1c17b2d541b52d134627229c141d351c16f1bdfe33384a9e163ecaa13e2fa":20:0
RSASSA-PSS Signature RSA-1536, SHA-256, Salt Length 20
@@ -1159,7 +1159,7 @@
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"f19c43966938402a6e5145088e65ea888f3792373983d359a7e864864bc25e3c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8eb2ba2367b8f0b36b566c938b4d9948b4a0a87dd1c8300a160ec024ad0fa37174d1bba2ae6ee8c7fdbb4d172ac9615f1428599030a33515e2925a268b87c867242ccddcce6c9c03045eccbfee5eeb6e0ce2d89a9c51f40c1732927a6c7d283627dd87eca27270b117e658a3cc9d2ca7da46a76097213a7f3e2a58d7c9d306e796eee94809042bc6768d6cca4e003a40529bffa267914a232f315ddedd2768c60877bdcb05c8f2026179713084a0daf8b494959c347fb65a4414034d21c7a750":20:0
RSASSA-PSS Signature RSA-1536, SHA-384, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1412b9f046aeba0a7c63e744a4f30a3656d41300726e66d8825a1043f08285b7e6e250efcc9a0405c6da019d042a7e14":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9fa4e64bab336017e19015ee7ea1e267bf426633fb2ac5f4d65bc754aba17f7a9f0f1ee2bf0a3b9f2dd354ed8eba596f5ca3e26495ef268658bd247474d3524b11a2953f591f8abb14ef4bcd44dadc36a41f9daef1bf88b7e441160278c8a39945524557b84ce5cdcb79eecbad63658e8470d8dc94b44aad1f04b05400ea04e5f959dd18f6f718311f6dfec98a7e1aaa7ba11771f61448b12d7901a2530e830dccc531fd0dbe222215b3f7b9dafa5fc20d5af15ab312b621d71b2106150a801b":20:0
RSASSA-PSS Signature RSA-1536, SHA-512, Salt Length 20
@@ -1167,7 +1167,7 @@
pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"9a89e38ce0fe8b008f58c3c07621fcf18e76ca5d304f17fbb52d82d8368425ec305e20b70b839fcad3511a194e99e907e3f0e2a801c0b9cd4497c4a0bdf1ea49":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"32e688063ea24ccb2ca998fb7091877c103ce6576b11a175bc896af454042a5731b91c1c58b4d8e38f0619f6ddc8ced6b5397545f9571a4c90767593d11c00b75eb58a0ae4932265f0ab1790be2c83dff65357a301b3b3e2ee2e3683afe0b4b35ee8b6e58a96b4009c98d8faba75f86ffb548f0501884f3528d8eabad353e28d0132c4c01fa3af5dec922f02eff22020481615e4cd35b9eccfd711cb3b0d65af95c0637d79aaa2433f2854de3560adb284248bac8cbd4717317011a5159c93ed":20:0
RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"b777a83dd25a4fa36a5ea663aa16403c67368e4711e8c121b01f83ac":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"cd1fe0acb89969ae139c178bfef1cc982993521b3a020ec847c89c0cc6c869d970f43f018d495b9e991457e7501a344c33c376fd2efcf05ad6eb2bd0b3c0e7cc3c88a4124398ca16585490a0817a36149cc82cdc01b20e9026261215dd06f9db4e13613c6a569c2187a0e00bc63c281149433ac7f061bd218e79f8eca9dd9c93ebc3cc013bf27aa0bf286e124593e76d3c7012f97ae1d0c4bf5823cf17fe76d505a54cef174add58ae616f47de825049e9916bf2ab7de4d443745763b0c314cfae3a6e57ad475cc5fae47cddcad7b526c2154a15f9ee8eab02f4c36f7a41d7a19b23c5996b627270ceb2c0dbed1a6b6dd2ff94868e073cb7b1a1fa3429e487ae":20:0
RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length 20
@@ -1175,7 +1175,7 @@
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6375755eff8d48afb3263b3b96988a2afd181ba061793ea009783bb1599d03944d987620a2668ac9714d6f2a21f7e5200d63923f42cb32e63301c8de58c70a203910640da967d03f4f6292f6cb199759822790c0c5bcfb1d4faa59465c3db2ea1fffd5e543335632b74745bf1e18473c0a8b4a89def6b27edf0d7d735ee13f887041c9d8a91e62186a9a1e0b1afb48e577f6887ca61b7c1bb26b4a8e2cc464a9af03444b3da5bed08b73f1262bd3d61f4c78f49fac6a3bfc9e8548b4bbe64cce6a6090fc480efd1f36c18c10bc09be9d957a79f707a10577a1bf6e9e2d4849693fa58d8877c8f1e55181955d6c2b94b1d6d9401b5fb80cc32b358934fec2aedb":20:0
RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"41f2bf25c2544062c78b59886eea442c884e4b9bb87f643abcb4d5c1c661a0fb0dd592107f6173438c34f67ec9f6c97a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"b43d87deefa7df127a717f4065f831c58cd84bf78c916ba52ed32769abd541df52233b8583507c539b1d51e0437ab1a41e17fc1599b92aabdb5b040dc79027c60c9cc3ed3de36aeea28f20360635be5bf654d6c1b7fe6da77d0c45b9ea2802ad22eba182cbed95d33da7f78ac844f4891cebc0396caa2f8daaf55254fdafe98b5fe6c4dd3967d23ea99497060820e108e818cd0aa94e65770bde892c62233b96d87fe545162d6ba077f110274bddacb2a7cbf17d437bfe004b34c3ea24fb46e5ed9cce4de96b0694efd73832ec76e19e5a25c49c5843393ce6b919ea35e4d264e0a0855f518a63c008c183798ca612cd8f75688a09210413e0a23cafcf2d4158":20:0
RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 20
@@ -1183,7 +1183,7 @@
pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"7641739d2f4fc0eba07e212218af4d77e78ae3a225ef253a7ec96215a1197e681a93fd534288cda156f216d21f02b2dc60b49c41874c26c0a2be0aca13babc53":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2cdb0d5ea5f0aad1f7af8108bff56eec5c0dcd0522c5dc6ae4c6e0f66821cdf698ccfeace65fd6e47f95febd879e580e5ee648972cc265f9a117fc720db4f2545a432eae24a367b0aaa70a011ac8fdec94a95c3cd48cfa7102de8dc26c877e974688b3919de6cf06e27028995ac85da88cb3851a5761e17f215e5c593e13e481088c7d747ecb34d3ce61a5b56eb2a65be5363363294eb365f83c4c709644d857e2ccb14a5851724420fc81178144ef3f9e1138b5750eb7196eba3319d799c3494a7e399115a62b1ca4f1d5da079b495d35fd651a1de78d54000b06bdd3122d7404013f2ed8fdf8a7d012f9812b8e4c2e0b24192d5f899d70a3cc5c7e08c81be7":20:0
RSASSA-PSS Signature RSA-3072, SHA-224, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"f145387c7a70e478968e238037e8d561b1665e0e15ac547ed4a72ea1":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7171c74df24272dfe6b34db78f24507a68062bd791f68796d5001be354de6fddab81e9252e151884f4cc1f3cd3e7760e263c0c34e63c557eb32c8336e0cef40855c5e279dbba3170da5a14ac60e4cc8d402633a383b88709f3306fb02708e39f3039e7e614edcb89609c8c71137de5211659a41e9e5682cfe0463f3bc97558d3bf77bd798976f09db69153123923835ac9bbd7648c2773e38b5228640fde6df005e9f44819eca31f41ccddbd45d61ae7e1ed0640f0736f52bf5fc1c62f5430de6a96d5aabccfcfef508ac299c7f3f0f7d222ef1f19b288273690b3275b68f874301afa95d243316284ed117bded69da11f5ce1435dd67717bae82ed468ff1b6ac7f2483397d310ffe91775189f671a82b493039d8c233830d20e290bc9be880a47f0b36bf2e1da2c1f23dafeb9f42d9f084feb808a98e894e8501937ba932594a6d202e20a0afddcef8fa48c1682d3179edebf8ea44ea1216a2f55c305cdf487249010909fa8a21d9ba9e3dbbeec046a823922390b7d902d77ec176bb447b05d":20:0
RSASSA-PSS Signature RSA-3072, SHA-256, Salt Length 20
@@ -1191,7 +1191,7 @@
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"14ea4dca3559976c7d8943a51d69c1322c7860d496f742b9c0c2d03ce629613b":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3a0622ddff5a0c1f5b545d684054e46211786a2e40627e0cb6795ea0d176f3c97e6536fb64c5eca7b28b7ac52e48e3d50b916d2fccb87d70cd8eda7c15c2308734254716e5b400592cc2e5e033ba27866cb14fefbdcbc35d5d85d4eee8ba6bc2da995e8ebcc27d50c48aa988bf45fde27311a9e2ec029d0fa6fa6d3efea460fc1a90e443d807d209a4c06bf3022d529ab2e4a877325fcccb3f86ac16200ab95628bf0c1c8c70f6fe1a9f288bbc0162a392f40ad1109cdbbaf03d9b2d514a60983874350be9aef886c3c481a66325f137aecb4c82a8a73046dbc1dd8598ffbdb828a3d638f9dd8139a768dcd8d30d79740ef345c1644d03e6fb86a46367f6d82a7a819057ae490e1b100b5842ed385845f379101e37ce604531c61de423df66200d45b7229662fd0ec3572593b09a5213ec14c1d7b2338ca9c763c0d18946f04eaaf57ea2ebc79e093f2fd4c64cb1c1a7f0e888dc2d87a15eb769f56dc180cfe1597cc3e4e1811d4e27852fa188c8fec4fc917d4724d33ce5f3211895cf7e8b8c":20:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3f90aeabfa9a5f00e241f3f65dfe61baf67c1356353042c3566edacb11c7649737e5adf94cfb05f2619aecc8895db45190fbdf35dab01144e207b6f0923927a6148d3f16eaad05e73bccb562dc087e2d82db3dce130a83e8303bd7c3447b3ae4d3700d4763ba6981d82618ac82a6e66423f294781a59b20cc978c79e2d5c103bfb9d47119294c3c85b1d3c45a36897d42e183514cc8edbbfa1be9ef17b78280b5b6214dad79d60db057f22506515b6843ce7d4dd6bd861a889b36164c325147baeed714d7a3f55ae51ef6e6d4ae9e862d677caba1a2df369c23d3ffe33dd42fe707e1fd8ba6283aaa0b570353b48a8e39ff72a09f700e024150ce87c044a3ec745b212ae81aa5743b981a8bb95deb6b3e15c2487f7900178d5840f8e794662706dcdb19bc0bdd56cb7fdf0e21d10b03adac41b749f31bd3e7c4d07d5d4ec8e79d424812b6e83f1c7b59779e58029f9b07da3e77795fcff6ae8bb098b1c00d1d2a5bc0cb005ef3d8aab63ddd883d38bacdc64307e911c6e51946744f361fe978d":20:0
RSASSA-PSS Signature RSA-3072, SHA-512, Salt Length 20
@@ -1199,7 +1199,7 @@
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c57911bf353ef106479bd0ac85a4f70b6d3298f8e5882c5d0bfb28cb6f27129ae53b4fab702ccd3d5457d5fd662d29f34b445e60fc5da3c0c943cee17b81e255":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"607b7731ecb232f9b8e9ea03be28cc1e948acc3ec12a1222ba0f63935440c3effeaf460d7066d260d174d0ed18a9193550000c2fa0119712fb1ab1e27b4e6f5f84be9b63a1ede17a01174060e2d9e46121cc5d10515a342a26649539341eb1b44b82e346a0102e7ca45be3149b5f1444bd7fdf43da441c59deb37da9a223bcd7a8244237bb5404ea532eb470e80891c0fe9403d12734100284e99cfd96de2ab4058529d91bf348c6cbdb7fcfeea3f9925e93efd6adb3ef6946008738f4577a49c42ac0203a2d982fd77cb421ae030b81b97dd04490605179626903471cf68835dd5e4ac41acfe54e048878df89db9c2de5f1e822266c325e0be0991c7f18cd3de4b2110e14f56100e45f8ba19edf917150c2074f379293f73cb587ff77ad63e4cbec9eeaed77ca90261b2813ae8e6533b09b223a68abe2beeec888088ff91fea5c63de3b55238aef018c368f98651572bc7b8cf3d14c15b24bb5534ae07a6c4c9d5ecd0b86961b550859036ba6fa8e50d06228d89bcc943581b26e302795d1e3":20:0
RSASSA-PSS Signature RSA-4096, SHA-224, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"bb21ead0163de468ab3580ab57c7959cc1db437d6f2f47a878dc19bc":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3742d8a9627e2e10145c31a3548977f87f8019b1d9093c42f806c8df5ef7fad8330e2a05846c346cb64d9e8af2cd3806eb0df40cd097b3f8841525786ed53746498aa565f8945cf55e24944e8e3d86eb219f65c3385e1e7d45fe3a403773f3057bf22839d5903cd64c95a417c00b429ee068f0fe8ec17305a122979cabee8c3ad31b597da7c71fa1db3da842f7f7048f4396e1768197ccd84c5d9a0450d66f0bc88da7605cc8cdfe52bce60793704dafea504349ff14c481bea73dd761c848387d12f2d1b9227a959fec8b9eef0e9780cb6a427af946597d7e6059a07d50e878d7ae14eed8b571ac88e1c5d1a00d16c0de1c5148ec5781036676c6355e0cbca06346eebaf6c7de938cedd47a244f908ba1189bfbd97bd2667e8eba95e007a64b165dbfc4bf35878cd606732fd469f922ec141e5bc6a7d5c1875233cff612d336c28466c271764ef94e9c07e701923f1f68f39e2f003487dbe41d5505862eb4e90402e50f7b3cb918ef3eff893d0f00b203e2a511cfea4ca54c043ed0598d022c947cad5129fc47f5e79db97a0eea5afd7bb801a367a7bb8d929de1c12a54865e1e183ed926bb8da9d454c7a52b30cfcfe9ed3479799276f4a65b30f430e61fcf520e46e4eb9bea59ba064e7c9c72c9b58bf4ff633897d3ea46d989cec31ce4fc32e46e5a3d1805c35a30b387fb77afe20dba19be37252e40b252d346b69d3cf2":20:0
RSASSA-PSS Signature RSA-4096, SHA-256, Salt Length 20
@@ -1207,7 +1207,7 @@
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"480aa96e4b3a710d9924a84998e46b7246e26671e7d11efa6c6ec34919eac963":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2e512f73d198e623afe019bd4cea9192ff8b24ab555099d31bd52d705fc808229a269bf749c8061a3dc7ffae9ef7c6bdcd8c34910f92f0a0fcd6d73017ca3388ca5e99a1735e005ff5d5eade3ec0ea0c2436f0e78b197c2d999ba4351b9e37a09195504b63a42762bea22d307a0328fc9c80acdc28fc8f4050e25fbd5890233028f97ea3a2669ff4d5f4232c1e48571499af28ed6f5a92e7936de39d913e12c5cef51e25f90a1e903f3f60a6a9cddbc56564b146aca6af6236b899c2cb7223a6941f0beaa3aa787b2333e4f3e66b334b99b90825153ebd0095f27691880f44e4e77135f26df376e261adfe0d8354cfa15b49138d624d9f62a9751221ee0598097891c9864ad3651e89723bc9ec6086f571e199619ceb6720ab5a4998254cb807dce75a5a5203d38a9f5d56adee4239ff50cefe3e927eba91de7e1f8e1ae8b0505c077788372af7d8ef00735cc531fd46dbe86702ac49171f0a921f4626442ae960e972a5594ee3bcbfbf687cd96ed300aa9df1b9487607b5bae0f1abecbc1d2291fe93b9f8a091ffac8469b0f00ba561f0628f5e004ed1fd8713650e147c4b2cab7f4d69a4ad57b145c1e5e4c1412e86fbbda5a6096f66293203207e35098bf94dafff75ed094d10e6034cd22179d94655004fa4bf4de774807b6f5cd27d90255468cf01db7b6f82607df597f72d1f9c9c91d17740a14a4816ae65e63fde480d":20:0
RSASSA-PSS Signature RSA-4096, SHA-384, Salt Length 20
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"c6e4881e3f76394a6d8cfb1786e1757f78d66cf048ba1a8aaaa28be02430097e30d92e459257f8f571c6389d1d94b0d5":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"364ad106da2cec6ce94e141e16af855f6d6e31ac6d7bdb2649695645a3d7f176a9b55f60b861776d49077dcfda4db42bb584767606f90de7289e71f188ff139b138bbd24f7a7f50192a137f2c648e19fe78a836bd2a01d31b248857cd29dbf3d1251c2d4cb339f2ff78add26304fbc3e44f8a2f04b47dc754b984169fba4a091d70f956074880c709ee849a05f8f2dcffee09b221078e98b6e28a965a2d44fcde72c6b27ff0a3def818d80aaba17915d37ad1d72755548310062e73da15a8d2544b311060b404683c00394666dc3a890f60ec9d85b2d0fca8a76fc96c4cfd0e3c4a83594957bac42866c395f8feab3b40c9bc9a675f47a1cd62fc43ebe0fff2bbd239130bbbe5257c5c3756044eb2190db7a309cddc4ef410e9abccd0f93158e0edfab2f0a50e80d814a428f61c531b2b747e64feb41523c5802a53c374f35df21abe67a877d062f56a001b47ee6ab571b0bbe7141e0b49cfdc97a15dc19138863d140cc772074c12b3d751985b7852fe76932be1f44a165f4fe58a341d28c3f86924defab4cf2458ba4cc3fb92558511ceee6d91c672b24b8727b867132bf6b8d7af714ab668f06f046448c1e854ae98e59cf21f2b7370c9378ee0eb34b031f9f4795057557773af0f7fc18ddeec7e95c2ccdd5f66ed224d08fbdfb37995e87f4df9691e499d77afaa8d5b93f3275c43f69edbe37672cf192f94509df0a4e9b":20:0
RSASSA-PSS Signature RSA-4096, SHA-512, Salt Length 20
@@ -1215,11 +1215,11 @@
pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"ebbca26fb18da6226cc47dea14c57d9f3c935cb449462cc9446689577031ebc915fdd09cdb79d4703a53eb5dd447852f3bc72f974487ffb998cbe996d206c80c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6edfb6bfb20da2621e7ca0b8e13bfc3801d8bcb43ef3822be960b96a67d3e8afbbe2ef22e206b328ce99dd8f9758052d42a8ee93e16d8e160a50687e8ffce72d258610064ebde4c4cc2ab96c8e516ec2c1eed816c8e6ac537a0570c9eff81a38147bcd8f4747390676f9d755f613687ac59dbac14f69ca6e56a26727699fa11c200eb77339ead56fc6883acf9b92c6deb6f4d79f82ccdc493fedc6165f78c174adcf32941eeb237a4ae369dbbafb4553c98e413823f6f46da0d47d47a164b792aaf1324a8be4f01601bceb809f8c08f3458b1de2c6378cf93fb293212f6bd4a7b1fd1bfa14a1af29575a5ecc4281420179758e96b4465ec07f6cce4e5e5c2307d531e400e494725eb7dceb1d8dac1000d92f62f319534063c01aec9c6ec0c7675351f2883e462b0454db364f03700d6593c9be195fbea5800ebb81578c765409ac2c37f78fabe8783c5d324fa4dfabe4f192866e34037901615304237f08028a75f00a3904bea03219ef9dbfeb48d10ec59d481eb0429cfc9ae835cc578377e61023d5ceedfd3d0a05aceddb274c13782dda9299d6197519e14791208f8d86d63e0ab7fb42a1e14f8f37f49732e23d4b7d4f07cd0bc828649a12748e8d70f53683580bca87290992a349730370bbed6ed743e705759734872c54ff03c1a97037a7b9ee3c8c42d12c3ebe0c1bf3b42854d04a9177d1a24000bd388fa289fd77d5":20:0
RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 15
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"3be4397c9467ec90f5d5640834f6e9febee4ce2477aa3f385cab9435":"463729b3eaf43502d9cff129925681":"7e628bcbe6ff83a937b8961197d8bdbb322818aa8bdf30cdfb67ca6bf025ef6f09a99dba4c3ee2807d0b7c77776cfeff33b68d7e3fa859c4688626b2441897d26e5d6b559dd72a596e7dad7def9278419db375f7c67cee0740394502212ebdd4a6c8d3af6ee2fd696d8523de6908492b7cbf2254f15a348956c19840dc15a3d732ef862b62ede022290de3af11ca5e79a3392fff06f75aca8c88a2de1858b35a216d8f73fd70e9d67958ed39a6f8976fb94ec6e61f238a52f9d42241e8354f89e3ece94d6fa5bfbba1eeb70e1698bff31a685fbe799fb44efe21338ed6eea2129155aabc0943bc9f69a8e58897db6a8abcc2879d5d0c5d3e6dc5eb48cf16dac8":15:0
RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 25
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1c389ed84b9f252bedde76a9a694986fa130906633047674c9a44e887f359e1cfc19d2d9a53a8fdfb2f826d813ca7a58":"b750587671afd76886e8ffb7865e78f706641b2e4251b48706":"2ca37a3d6abd28c1eaf9bde5e7ac17f1fa799ce1b4b899d19985c2ff7c8ba959fe54e5afb8bc4021a1f1c687eebb8cba800d1c51636b1f68dc3e48f63e2da6bc6d09c6668f68e508c5d8c19bef154759e2f89ade152717370a8944f537578296380d1fe6be809e8b113d2b9d89e6a46f5c333d4fd48770fc1ea1c548104575b84cf071042bfe5acf496392be8351a41c46a2cab0864c4c1c5b5e0c7b27e7b88c69f37ffa7e1a8cd98f343ac84a4ad67025a40ed8f664e9d630337de6e48bb2125e2552123609491f183afd92634487f0b2cf971f2626e88858879d45a29b0fefb66cd41b2e4e968385bd9fc8c7211976bc6bd3e1ad6df60856985a825f4726d2":25:0
RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 30
@@ -1267,15 +1267,15 @@
pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":63:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 0
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9110b39c1ffc2d8a5f24e965e3985b06871c2be23e677bb3ea879b7b6b25c327ebdd9434387cfe5f64bcb6900a5c8395549e3681390583786b709257ff0ad90507a02ec6abb40e33dec80097322876a84ee98b1fe79ced62ba4f983bb9b52758bf9856098af527924ea83291762b179894f1fab6d8c9867b0244393fa32b5871836fa4446b247153bc117ccaf7cd51c5ec026bcaf9b634182cd19a0eb95ec40dd5e4274750c9ee3b1379fb339fa4ed8348b104936396355bea0a00337b83f47d2fd7e7353f3009752f970eebc1bbade601b912f7b0984bccc68941ed23bd31fcd23a7d0f2b0cfaabdb3d361969f485e5d198442661ee71eef258ae9fc27a19d995a5695c668f9ab78622486d6ccfe4ae11de9240588fafbc75f8bd0d04de5f2959c126b7c672eac8bb65031ea22ebb4a4e36c12f427d2dc4619eb30ef1c90ec951337a364566f0d2e32f311b425a68fd5277a85dc8d8041ab2a0165c39fd4e39160498d5eae98965e8745b77390e5ddeff0aeffc0fb18839455d524826a1f366":0:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3fe26ee600cfb2d187384e529f280485cf84830af8cb015878cb7c4c74ad6ab38fd8998fa74b612e84af8123d785a8a60a2bb002f7b15a6f7cd6bbf18325a412fd3ea2a48903d30db2543089d9d82fe304dfe5fb903f6a0d1625fe994aa2ac47e04eeb6a51be770312a88cec80bbcf849ab57f2af4e9370a0e35a458d8509fb89e8b22ef499af25c427e48c2391747d3ccc6fdc1b035cbbe6a6f1742bfb6fb5d411d4c8bb73ee7f9bc2fbcf54603c813c9c6d479fb9f38650f4fa8ce05a32c47c078d278b7b97173e82d692e303141faf71573f2b5ab58c4fa009200a3be47633719dbeed24d61ba7acae8abfc2aa5f33f18e6f4c43eb8be3e4bbee1090544401e202ef06d90aae75a939256bd374afc5030f1146ea9d2acf4918dfe96d13eb5f16da55efd504657e3d8aea010f89c60288d74963746422bd7cf":"57a5511992b30d39e150b6a7a760a74136db0a24bc635f3a700a74f865a7c9c0ed2e2e196022a6d17ad7c2d3f12946828458015beffb0c0652de2cc9c3366aaeb7634c5d6ccbdf6c7c93b8feff21a7d2831ac3ee73fd98f9c972dcb833ac61323b77ec249db0e4fb9bf33c71aef9d2aaef40aafab2cb3870f0224c8d0c3ada2abb9d3dd601a038594d290177277a8b791ebcc211d7e5379323a633c62fe9cc2394bd7a977a604122ee9799e5368cc17e1af1795046e76899aa6e7be8f27b1a3e96daa81784d967e9a36cf1912936d7ae11f80aed79c27c53237e7fa009daf9240fb205f83e8c6f8f57d3c3520e0e60213a203432c18d92979b13555ce6eab075ddb38b6d820e378ac4e3afcb3d57e5c6d3c11f165745996fdb61e36b842c6ec81d6437073fe9fc96a4dbc3b188ca766a7f7ef786f39729cadcc5700fb0fffeca0eb0bc47243783f129917948df9bee23da83fadadfa87708e0a839a62965a5d2b9a7cd16b4675cef6afc8fbc2615d97d11ede47f4dfd83e74847dc184ccdc4fd":334:0
RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max + 1
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":335:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSASSA-PSS Sign. RSA-520 SHA-512: Salt Len. 0, no possible salt size
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index 52e6823..1a782a6 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -19,23 +19,23 @@
pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3"
PBKDF2 Python hashlib Test Vector #1 (SHA224)
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e"
PBKDF2 Python hashlib Test Vector #2 (SHA224)
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971"
PBKDF2 Python hashlib Test Vector #3 (SHA224)
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60"
PBKDF2 Python hashlib Test Vector #5 (SHA224)
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057"
PBKDF2 Python hashlib Test Vector #6 (SHA224)
-depends_on:MBEDTLS_MD_CAN_SHA224
+depends_on:PSA_WANT_ALG_SHA_224
pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c"
PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256)
@@ -67,23 +67,23 @@
pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687"
PBKDF2 Python hashlib Test Vector #1 (SHA384)
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923"
PBKDF2 Python hashlib Test Vector #2 (SHA384)
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918"
PBKDF2 Python hashlib Test Vector #3 (SHA384)
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c"
PBKDF2 Python hashlib Test Vector #5 (SHA384)
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b"
PBKDF2 Python hashlib Test Vector #6 (SHA384)
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3"
PBKDF2 Python hashlib Test Vector #1 (SHA512)
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 1650f51..7eb2231 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -315,147 +315,147 @@
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
@@ -603,147 +603,147 @@
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
@@ -891,44 +891,46 @@
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0
Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0
Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0
Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0
Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0
Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit)
-depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0
-Parse RSA Key #100.1 (512-bit)
-depends_on:MBEDTLS_PEM_C
-pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0
+# Test keys with non-word-aligned sizes.
+# We use sizes that are large enough to exercise PKCS#1 v1.5 signature with
+# the largest supported hashes (SHA-512 and SHA3-512.)
+Parse RSA Key #100 (768-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_768_clear.der":"":0
-Parse RSA Key #100.1 (521-bit)
-depends_on:MBEDTLS_PEM_C
-pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0
+Parse RSA Key #100 (769-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_769_clear.der":"":0
-Parse RSA Key #100.1 (522-bit)
-depends_on:MBEDTLS_PEM_C
-pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0
+Parse RSA Key #100 (770-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_770_clear.der":"":0
-Parse RSA Key #100.1 (528-bit)
-depends_on:MBEDTLS_PEM_C
-pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0
+Parse RSA Key #100 (776-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_776_clear.der":"":0
+
+Parse RSA Key #100 (784-bit)
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_784_clear.der":"":0
Parse Public RSA Key #1 (PKCS#8 wrapped)
depends_on:MBEDTLS_PEM_PARSE_C
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index a06fc30..63ff092 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -47,7 +47,19 @@
int ok = 0;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0);
- TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0);
+ int ret = mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key);
+ if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_RSA &&
+ mbedtls_pk_get_bitlen(ctx) % 8 != 0 &&
+ ret == MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) {
+ /* There is a historical limitation with support for RSA keys in PSA:
+ * only byte-aligned sizes are supported.
+ * https://github.com/Mbed-TLS/mbedtls/issues/9048
+ * For now, for such keys, treat not-supported from PSA as a success.
+ */
+ ok = 1;
+ goto exit;
+ }
+ TEST_EQUAL(ret, 0);
if (!mbedtls_test_key_consistency_psa_pk(psa_key, ctx)) {
goto exit;
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 4f29a7a..32c7274 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2412,9 +2412,9 @@
depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
-PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
+PSA symmetric decrypt: CCM*-no-tag, input too short (12 bytes)
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
-cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
+cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"0102030405060708090a0b0c":"":PSA_ERROR_INVALID_ARGUMENT
PSA symmetric decrypt: AES-ECB, 0 bytes, good
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
@@ -2464,10 +2464,26 @@
depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES
cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3"
-PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 24 bytes
depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697"
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 23 bytes
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad6"
+
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 3 bytes
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e":"a16a2e"
+
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 2 bytes
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe":"a16a"
+
+PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 0 bytes
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES
+cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":""
+
PSA symmetric decrypt: ChaCha20, RFC7539 keystream
depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
# Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function
index c933cb7..bc7adb4 100644
--- a/tests/suites/test_suite_psa_crypto_attributes.function
+++ b/tests/suites/test_suite_psa_crypto_attributes.function
@@ -20,6 +20,8 @@
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
+ USE_PSA_INIT();
+
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
@@ -56,6 +58,8 @@
TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
TEST_EQUAL(psa_get_key_type(&attributes), 0);
TEST_EQUAL(psa_get_key_bits(&attributes), 0);
+
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 37c15ee..54e0892 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -238,10 +238,11 @@
generate_ec_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS
generate_ec_key through transparent driver: in-driver
+depends_on:MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
generate_ec_key:PSA_SUCCESS:"":PSA_SUCCESS
generate_ec_key through transparent driver: fallback
-depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE
+depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
generate_ec_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS
generate_ec_key through transparent driver: fallback not available
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a788827..e7925dd 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -748,7 +748,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
void generate_ec_key(int force_status_arg,
data_t *fake_output,
int expected_status_arg)
@@ -782,13 +782,14 @@
fake_output->len;
}
- mbedtls_test_driver_key_management_hooks.hits = 0;
- mbedtls_test_driver_key_management_hooks.forced_status = force_status;
-
PSA_ASSERT(psa_crypto_init());
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.hits_generate_key = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
+
actual_status = psa_generate_key(&attributes, &key);
- TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1);
+ TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1);
TEST_EQUAL(actual_status, expected_status);
if (actual_status == PSA_SUCCESS) {
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 20167fd..c7c72f4 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
* END_DEPENDENCIES
*/
@@ -35,7 +35,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */
void hmac(int alg_arg, char *input, data_t *expected_mac)
{
psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);
diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data
index baebded..f81bb53 100644
--- a/tests/suites/test_suite_psa_crypto_pake.data
+++ b/tests/suites/test_suite_psa_crypto_pake.data
@@ -74,7 +74,7 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT
-PSA PAKE: unkown input step
+PSA PAKE: unknown input step
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT
@@ -94,7 +94,7 @@
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT
-PSA PAKE: unkown output step
+PSA PAKE: unknown output step
depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT
@@ -211,19 +211,19 @@
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID:1
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT
-depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT
-depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE:0
PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END
-depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END
-depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256
ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE:1
PSA PAKE: ecjpake size macros
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index e3681ba..37a72d9 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -13,6 +13,19 @@
#include "psa/internal_trusted_storage.h"
#endif
+/* Same in library/psa_crypto.c */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+#define BUILTIN_ALG_ANY_HKDF 1
+#endif
+#if defined(BUILTIN_ALG_ANY_HKDF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \
+ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \
+ defined(PSA_HAVE_SOFT_PBKDF2)
+#define AT_LEAST_ONE_BUILTIN_KDF
+#endif
/****************************************************************/
/* Test driver helpers */
@@ -720,7 +733,7 @@
buffer, sizeof(buffer), NULL, 0,
buffer, sizeof(buffer), &length));
-#if defined(PSA_WANT_ALG_SHA_256)
+#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF)
/* Try the key in a plain key derivation. */
PSA_ASSERT(psa_key_derivation_setup(&derivation_operation,
PSA_ALG_HKDF(PSA_ALG_SHA_256)));
@@ -753,7 +766,9 @@
alg, key, buffer, length,
buffer, sizeof(buffer), &length));
}
-#endif /* PSA_WANT_ALG_SHA_256 */
+#else
+ (void) derivation_operation;
+#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_PSA_BUILTIN_ALG_HKDF */
ok = 1;
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 807007b..c84a836 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -6,6 +6,16 @@
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+# Check coordinates one byte larger than the largest supported curve.
+# If we add an even larger curve, this test case will fail in the full
+# configuration because mbedtls_ecdsa_raw_to_der() will return 0, and we'll
+# need to use larger data for this test case.
+ECDSA Raw -> DER, very large input (536-bit)
+ecdsa_raw_to_der:536:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818a024311111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024322222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ECDSA Raw -> DER, very large input (1016-bit)
+ecdsa_raw_to_der:1016:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30820102027f11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111027f22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
ECDSA Raw -> DER, 256bit, Null r
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
@@ -58,6 +68,16 @@
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+# Check coordinates one byte larger than the largest supported curve.
+# If we add an even larger curve, this test case will fail in the full
+# configuration because mbedtls_ecdsa_der_to_raw() will return 0, and we'll
+# need to use larger data for this test case.
+ECDSA DER -> Raw, very large input (536-bit)
+ecdsa_der_to_raw:536:"30818a024311111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024322222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ECDSA DER -> Raw, very large input (1016-bit)
+ecdsa_der_to_raw:1016:"30820102027f11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111027f22222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
ECDSA DER -> Raw, 256bit, Wrong sequence tag
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index b52c7dc..8123f13 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -21,7 +21,7 @@
mbedtls_rsa_pkcs1_verify:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
RSA PKCS1 Verify v1.5 CAVS #4
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"693c1ac1a3fc23157b4a854f886b6b8d18e28b321b8382a93dcf2426":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3bb7b1c5f3391de4549e2e96fd33afa4d647dd90e321d9d576f3808e32213e948b697ef4fd2dd12923de6ec3ffd625078a57f86af38dc07052bb50547c616ed51fa1352b3ab66788408168d21263ef2d3388d567d2ce8cf674f45491ab2b0319d47be1266bda39e343b2a38ea2d6aaaee6c4465aee1d7bb33e93a1c40a8e3ae4":0
RSA PKCS1 Verify v1.5 CAVS #5
@@ -29,11 +29,11 @@
mbedtls_rsa_pkcs1_verify:"944d593f3e31817d712038dbf88a17c1772b135c34c66b236daf9a7413c2a8af":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"7b5fba70ec5b521638f182bcab39cec30b76e7bc017bdbd1059658a9a1db0969ab482dce32f3e9865952f0a0de0978272c951e3c015328ea3758f47029a379ab4200550fba58f11d51264878406fc717d5f7b72b3582946f16a7e5314a220881fc820f7d29949710273421533d8ac0a449dc6d0fd1a21c22444edd1c0d5b44d3":0
RSA PKCS1 Verify v1.5 CAVS #6
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"5a3b396a237f5460a9c8d40628e4bc324d046d0bf3ad6417db59ff3904513a79297d51656ab6c70cc07f08b8eefd2f15":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"38fc4f6f0430bb3ea9f470a4c0f5cebdabac4dbeb3b9c99d4168e7b00f5eb294ec0ece1908eded1f3e14f1e69d10f9feb425bda0c998af945ef864298a60a675f0bb5c540a7be3f534d5faddff974eea8bffe182a44e2ee1f4f653e71967a11869ee1a850edb03cb44a340378cb7a1bc9616d3649b78002b390a05a7e54edec6":0
RSA PKCS1 Verify v1.5 CAVS #7
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
# Bad padding after performing the public key operation
mbedtls_rsa_pkcs1_verify:"900ada01bc5536ee88ee7f2b95d15e2e6353bc3de0ef9610f8e6deb736c30623b961eda17f316229c013bb4696fc7346":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_VERIFY_FAILED
@@ -50,7 +50,7 @@
mbedtls_rsa_pkcs1_verify:"f0571d8513c4ff68dc68c605dfe856f27bdfed91":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Verify v1.5 CAVS #11
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"16d8bbe3323f26b66f1513e1ffc0ff2cd823747a3cc1534fdb1de304":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"d8ef7bdc0f111b1249d5ad6515b6fe37f2ff327f493832f1385c10e975c07b0266497716fcb84f5039cd60f5a050614fde27f354a6c45e8a7d74f9821e2f301500ac1953feafeb9d98cf88d2c928413f337813135c66abfc3dc7a4d80655d925bf96f21872ca2b3a2684b976ca768fe37feae20a69eeec3cc8f1de0db34b3462":0
RSA PKCS1 Verify v1.5 CAVS #12
@@ -58,7 +58,7 @@
mbedtls_rsa_pkcs1_verify:"63030cef0e2d4067573222bef3a3f83e7c98ec4c2d21780a7438673ad48bfe29":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"52111f4798da3c11b3c74394358348ab0fc797bde99080f238d33a69b04b08ac2bd767b33872473943e23af27ca32fd568a43a8c7d6cc55b4fbb380212fdfcb60487e20694d4287e233efdf7b04737c0037a592d03077801828b051998c42b9f9e2420063331d5b2349918a64d8b65b21a2011ee7318fcef48aced95b8ddf501":0
RSA PKCS1 Verify v1.5 CAVS #13
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"b6a6dcf38a14037e598508fcff07f8da0e3f00538961cb159402f60442cbaf8d8abec885c4f0017018e2c2f45f3b076d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"d5dcd27c74e040ea86f106b63d3275fa7b7e98d2dd701f38ec15fc7301b72df127f6d3bd5571253a0b9e0e719d7d522893896941a1aeccc697912282b5308d829b91905b5dd7b7e1b8fe27e2bd4003b09dfe7fe295f8a43c076c0cb52f2aac067e87de7ffe3a275d21a870c3dfc9b1d06d7f018667de9eb187bdf53d282e5d8b":0
RSA PKCS1 Verify v1.5 CAVS #14
@@ -70,7 +70,7 @@
mbedtls_rsa_pkcs1_verify:"1340fc324c96aa313425ecfa971297f2cddca172":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"1f7938b20a9cd8bb8ca26bad9e79ea92373174203f3ab212a06de34a9a3e14e102d19a8878c28a2fc8083a97c06b19c1ae62678289d5d071a904aed1d364655d9e2d16480a6fd18f4c8edf204844a34d573b1b988b82d495caefd9298c1635083e196a11f4a7df6a7e3cc4db7b9642e7682d22ec7038c3bad791e1365fe8836976092460e6df749dc032baf1e026684f55936beb9369845c53c3d217941c1f8d8f54a32333a4c049c3f2d527125778032f5d390040d1d4cce83dc353ce250152":0
RSA PKCS1 Verify v1.5 CAVS #16
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"64d856065bbe1590ed1cc1e2ad048641b3aedbfe13ea2f9df2270b74":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"339dce3a1937669d9fb14c4f652378861fd5adc4da88eaf833b16020b55a24ddc83b7ae3395a9a49b426bb9a4170cb765b02652faa9594b457aeefdae4f802e93d8e65c687ddc723701465a5ef19249ed5d2617b5121c58557b34eb99a663bbcf4453a6e1db5d88723de449fcf58ca8ef514daf08cfdc71be155bb3d0724df0c0a6fd5aa7737433cc376640b9b8b4c7ddd09776bae0245729cddb56e36f28edad6aecaed0821ec8d843a96348e722bf0a84cf060a793a2179f054138f907d0c3":0
RSA PKCS1 Verify v1.5 CAVS #17
@@ -78,7 +78,7 @@
mbedtls_rsa_pkcs1_verify:"7743dd578de944491852bfddfdeb0d239eb8d3d40a3315b8a028854627dd0ff7":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"8117a6897e14c183737661cf5741350a84ae00495cd9ee8fb033582e559f79701ab424706660515ee5821a69a6850647ec641676a625d1a3899932aaa52161fbc0c0a825db82fde0585b3c9b9c16de43e26da6a30fe5a601dae68bded1e29ec34557b5f6962efb10b9450d6f096655f68e8499cfa16a0adeb9075e7b91851fef84243132d08273d35d01ad89c17e1e6e4deaf1cb233050b275fa9d2cae57e9e1a0e23139267040aa39b6abd8f10fa1cec38ce2183573ddc11626fc262e1a0ced":0
RSA PKCS1 Verify v1.5 CAVS #18
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"c293af20d96cc76b460fe8d4a7f02bf6e131750cadeaa898c7c2086a70ee9021986e408e896fbfdde338cbc9ab5ab94e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"6b49553ed964ae196a41ea281f4d2a250ce7d1e7434e45cf6a82f7bed17554f39c3f0241e0364702fcb87475eb0c0839ffd2180890fa05b4bbf31bbfa4bf5119dea0c9f88e1e9617fcdadabc6fa1945136cc66e039b905d78ed365c5806d38aec88b3edfb86c05ff446dbfd51d7cd75cbf8d3b85154c783765386f51637532221f52429db5612dcc034968bb8feab7dc6f5ed1f2feb557f6dd49c980296117be2c4195ec7b6101ea767df9d16a56fc9709b49308a54dab63dbc4d609f959ce17":0
RSA PKCS1 Verify v1.5 CAVS #19
@@ -94,11 +94,11 @@
mbedtls_rsa_pkcs1_verify:"a827c0785f663e39a08106f8036fd669d05b345c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Verify v1.5 CAVS #22
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"e5979f65ad7572ed4b0bc3a5fcad893a142a73379a1a16b45570d77d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Verify v1.5 CAVS #23
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"7af156b6b8089300a6d8cd3f32176c4c619135f4eced14dcfd633d2e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"5e08f399258e6de075b67a0a6a822ceb21b1eb7a0342eca6a4295739f644547dee3456243cf32bd6ea6f357c88632508457130f3dae04f7806efaed43d1d501e16c961dfbd6c71a42b480e95c7027f8275063d05a9aac3eef0520867b9896ebe8ec358f7d121beb4e61ddfdc3dcd835dfe265f2ba68d300ef566ed1284f9f3d7b1af363ed47bfa2e5f0492925444df7e5fcb1e79e690c746117650b543a5e82c39553552f0f44e617b5cf773c533050f4129e893ac22af69b1eb9afb4b5ba5f5":0
RSA PKCS1 Verify v1.5 CAVS #24
@@ -106,7 +106,7 @@
mbedtls_rsa_pkcs1_verify:"f5f493fc1dfc2221e2a5d61d8fc88480ec03b1fddec8b14d1d77c558859659db":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"a003ae9cf0704d58763b214f20446ecc4099c566f25384e28d0dd6540c58705fc8d0bfe1ceaa06096ed1e230146edb82056e39e6727abec09f25e44079b6ce1ca2c6a540dec7aa34444d7d435f41e5fca9b0bba62759ae2780638e5160e031bb60409c2e85674ac7a776b444b37b9d7f4dbaa557e88b8562a584f2dbe90729b241aede95dfcc7e05b10deef06255cb89f0e7ccff23354818756a1f8bb9f00fd18f6cd22ca1b4bfc38027562bb37562c77c7883b5d735170d75521195fd3f2bd3":0
RSA PKCS1 Verify v1.5 CAVS #25
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"d8758fac95ed9177581c1eb690c5fad797f47e798c4a92706dd57eb038af9dbfa02c0b964c301053bb50ac8fc652d564":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"2c6b301852cc55a993a933e2c080eb9dabfe19e9dc3571066caeabed1492d3501cd838de1c01784932df7a5ad5bbfb48c78f53a45f76e9812d046f23bd968495ef7e981e5add4acfc538fe33a5205de74bb37d3d9b6b87b2d174e85a73f216fd67d5738fc469dff7ea6b852e8dd08bc8df036597372d4d51185e6f47a45fbe1b9bdb06a4018783425ec95294de41f27235ad3b3263a890b8b62b17410a9bb08673393ff205a866ee2057e99c6517c6bbc84f8d87717b83d6f64de7ee215e1e8d":0
RSA PKCS1 Verify v1.5 CAVS #26
@@ -118,7 +118,7 @@
mbedtls_rsa_pkcs1_verify:"46ba38d521ffa6fc01bd69512008fd557785c783":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"180caf03781b391aacebe5b3f5e1d3b01c68a00df4ecfb6c4bf14217aed7cfca0adac099ec1d6e1f0b43b09b86788533fee6691d773807af0df6cc3bbdde3cf34bf5b848fa59c8bc10227cc3eba3452a85e0520fccdb2d8d32dd99672d302756a2d7f7f2693db3a48be17bd34d9d891f4ba44449c5bad1de91b788f524500a7703cccbaa77b9fe8791f5c8aa7b8f055336f28fcfc01733712e33cfb3d33fe71ddb9ced2a31931ec38007f5ad4a0d19acc428124b0e5ee6e0746fb33c1a4d90c8":0
RSA PKCS1 Verify v1.5 CAVS #28
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"807ca5785542d26b3d1615209ab0ad3ff5f58707fe25f986abc19c0a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"8c846e75e32ce5f9964bdd8f6dcf1d2996a646b233bcf1bd6394e13e856691b89bedd18290a0f9f7c90dca307271b3108e795340490513b25e6789e93722c65ec064b4c43457295a31d1f07dd605e133fd6eaafc58cda132df2939f5f693e0205af34550afaa137f3e482885e50dfb48333a15c0821e7a19642acdddc6fea3c7487c691246a2b083dac439889d5ae741b7e08c47937530b4b069f1a260cd07fe4a0ddd530ab11534fb805e9b562118ee0e97932966008aadfc83f3b8a10de8ee":0
RSA PKCS1 Verify v1.5 CAVS #29
@@ -130,11 +130,11 @@
mbedtls_rsa_pkcs1_verify:"db7e6ef51ffecd9c1cb88078275c362c0e36730860a33a0802c4a9237467d48d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Verify v1.5 CAVS #31
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"810b988d9966877681759634c332d6099cf905c7cd57c871b9e3399730fe4ef8cd1d3c7391ec4def78d4624b384664c4":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Verify v1.5 CAVS #32
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"cc43d91a2ae21a1a1fe7e51801f48f5a2f21ff4827d79cf6193e7610e2a5d9881f21577dcd100b2b5d087d936f867960":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"57edd0560df9840a25c28ff6d254e432395a5cd2d92248b3b44d7eab0fc65b3c4e545a916a8e90ce89745119db9ec9799aa8890f5250fb589cfc12dac1b6e406a39bc3b3663892da5354ba453cbd5e4c89bdce82d0ffe97052a03a5c3308819c1139ebc780c13cf6dc1477faf734abcb1db3fafaed6f22885c9c0222ff5deacb8cc6d027f2e959c3075011b382e88c4b27b83b4f2e6fda022e331c3602d19f5ac7bccfe95ea1e93d736dbd918ae5b1f468cd0b5b536a2f918d5e27a0757e75b7":0
RSA PKCS1 Verify v1.5 CAVS #33
@@ -205,19 +205,19 @@
mbedtls_rsa_pkcs1_verify:"8cfd7c2f07a94aea1ff222dc9b80c58a946c975470ff2d2d3fbdb45eac1efa5c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED
RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA)
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_sign:"32f339fe33f10a0fa152bf9659cdf7a0e4b741444ea31a85d40ed4bb":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0
RSA PKCS1 Sign #3 Verify
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"32f339fe33f10a0fa152bf9659cdf7a0e4b741444ea31a85d40ed4bb":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0
RSA PKCS1 Sign #4 (SHA384, 2048 bits RSA)
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_sign:"7fccca8778575cf67d95d44e6825128e2ba5155f7cc91d968a923dbac35bc04b4d45bf6fd0009144ef9d70898948eeec":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0
RSA PKCS1 Sign #4 Verify
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"7fccca8778575cf67d95d44e6825128e2ba5155f7cc91d968a923dbac35bc04b4d45bf6fd0009144ef9d70898948eeec":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0
RSA PKCS1 Sign #7 (MD5, 2048 bits RSA)
@@ -249,11 +249,11 @@
mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA)
-depends_on:MBEDTLS_MD_CAN_RIPEMD160:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_RIPEMD160:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_sign:"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0
RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA)
-depends_on:MBEDTLS_MD_CAN_RIPEMD160:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_RIPEMD160:MBEDTLS_PKCS1_V15
mbedtls_rsa_pkcs1_verify:"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0
RSA PKCS1 Encrypt #1
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 734b945..16e6d3f 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -117,7 +117,7 @@
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1
TLS 1.2:Move client handshake to SERVER_CERTIFICATE
-depends_on:MBEDTLS_SSP_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1
TLS 1.2:Move client handshake to SERVER_KEY_EXCHANGE
@@ -365,7 +365,7 @@
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3
Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0
Handshake, RSA-WITH-AES-128-CCM
@@ -381,7 +381,7 @@
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
Handshake, PSK-WITH-AES-128-CBC-SHA
@@ -393,7 +393,7 @@
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1
DTLS Handshake, RSA-WITH-AES-128-CCM
@@ -409,7 +409,7 @@
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
@@ -453,71 +453,71 @@
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
@@ -541,39 +541,39 @@
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
Sending app data via TLS, MFL=512 without fragmentation
@@ -710,51 +710,51 @@
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:""
DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
@@ -930,35 +930,35 @@
ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: session serialization: Wrong major version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong minor version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong patch version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: session serialization: Wrong config
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong major version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong minor version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong patch version
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: session serialization: Wrong config
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS
ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Test Session id & Ciphersuite accessors TLS 1.2
@@ -970,27 +970,27 @@
ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_3
Record crypt, AES-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-128-CBC, 1.2, SHA-256
@@ -1066,27 +1066,27 @@
ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, AES-256-CBC, 1.2, SHA-256
@@ -1162,27 +1162,27 @@
ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-128-CBC, 1.2, SHA-256
@@ -1258,27 +1258,27 @@
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, ARIA-256-CBC, 1.2, SHA-256
@@ -1354,27 +1354,27 @@
ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256
@@ -1450,27 +1450,27 @@
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256
@@ -1786,11 +1786,11 @@
ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, NULL cipher, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, NULL cipher, 1.2, SHA-256
@@ -1842,27 +1842,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-128-CBC, 1.2, SHA-256
@@ -1938,27 +1938,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, AES-256-CBC, 1.2, SHA-256
@@ -2034,27 +2034,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256
@@ -2130,27 +2130,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256
@@ -2226,27 +2226,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256
@@ -2322,27 +2322,27 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0
-depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256
@@ -2658,11 +2658,11 @@
ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0
Record crypt, little space, NULL cipher, 1.2, SHA-384
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM
-depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
+depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC
ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0
Record crypt, little space, NULL cipher, 1.2, SHA-256
@@ -2931,7 +2931,7 @@
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_PROTO_TLS1_2
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256
@@ -2939,7 +2939,7 @@
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled
-depends_on:!MBEDTLS_MD_CAN_SHA384
+depends_on:!PSA_WANT_ALG_SHA_384
ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled
@@ -2971,7 +2971,7 @@
ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, save-load: no ticket
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3
+depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3
ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, save-load: small ticket
@@ -3091,7 +3091,7 @@
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2
TLS 1.3: CLI: Session serialization, load buffer size: no ticket
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: CLI: Session serialization, load buffer size: small ticket
@@ -3103,7 +3103,7 @@
ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3
TLS 1.3: SRV: Session serialization, load buffer size
-depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C
ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 67d97e4..8125e58 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2093,7 +2093,7 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
- TEST_ASSERT(original.ciphersuite == restored.ciphersuite);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add);
TEST_ASSERT(original.ticket_flags == restored.ticket_flags);
TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len);
@@ -2104,22 +2104,24 @@
restored.resumption_key,
original.resumption_key_len) == 0);
}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- TEST_ASSERT(
- original.max_early_data_size == restored.max_early_data_size);
-#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
+#if defined(MBEDTLS_SSL_SRV_C)
if (endpoint_type == MBEDTLS_SSL_IS_SERVER) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN)
TEST_ASSERT(original.ticket_alpn != NULL);
TEST_ASSERT(restored.ticket_alpn != NULL);
TEST_MEMORY_COMPARE(original.ticket_alpn, strlen(original.ticket_alpn),
restored.ticket_alpn, strlen(restored.ticket_alpn));
+#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
}
-#endif
-#endif
+#endif /* MBEDTLS_SSL_SRV_C */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+#if defined(MBEDTLS_SSL_CLI_C)
if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) {
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
#if defined(MBEDTLS_HAVE_TIME)
TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time);
#endif
@@ -2132,12 +2134,23 @@
restored.ticket,
original.ticket_len) == 0);
}
-
- }
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ TEST_ASSERT(original.hostname != NULL);
+ TEST_ASSERT(restored.hostname != NULL);
+ TEST_MEMORY_COMPARE(original.hostname, strlen(original.hostname),
+ restored.hostname, strlen(restored.hostname));
#endif
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ }
+#endif /* MBEDTLS_SSL_CLI_C */
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ TEST_ASSERT(
+ original.max_early_data_size == restored.max_early_data_size);
+#endif
+
#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
TEST_ASSERT(original.record_size_limit == restored.record_size_limit);
#endif
@@ -3284,7 +3297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data
index 27ea27a..10bb56d 100644
--- a/tests/suites/test_suite_ssl_decrypt.misc.data
+++ b/tests/suites/test_suite_ssl_decrypt.misc.data
@@ -11,7 +11,7 @@
ssl_decrypt_null:MBEDTLS_MD_SHA256
Decrypt null cipher, SHA-384
-depends_on:MBEDTLS_MD_CAN_SHA384
+depends_on:PSA_WANT_ALG_SHA_384
ssl_decrypt_null:MBEDTLS_MD_SHA384
Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad
@@ -111,35 +111,35 @@
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1
Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15
Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255
Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad
@@ -239,35 +239,35 @@
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15
Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255
Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad
@@ -367,33 +367,33 @@
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15
Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255
-depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384
ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 754660c..58fa774 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -31,7 +31,7 @@
x509_cert_info:"data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509_cert_info:"data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA256 Digest
@@ -39,7 +39,7 @@
x509_cert_info:"data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_384
x509_cert_info:"data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA512 Digest
@@ -51,7 +51,7 @@
x509_cert_info:"data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224
x509_cert_info:"data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA256 Digest
@@ -59,7 +59,7 @@
x509_cert_info:"data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384
x509_cert_info:"data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA512 Digest
@@ -71,7 +71,7 @@
x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_224
x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest
@@ -79,7 +79,7 @@
x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_384
x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA512 Digest
@@ -239,71 +239,71 @@
x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 CRL information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1
mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
X509 CRL information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224
mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
X509 CRL information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256
mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
X509 CRL information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384
mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
X509 CRL information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512
mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME
mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PK_CAN_ECDSA_SOME
mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME
mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PK_CAN_ECDSA_SOME
mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME
mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
@@ -327,23 +327,23 @@
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
-X509 CSR Information RSA with SHA-256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO
+X509 CSR Information RSA with SHA256
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
-X509 CSR Information RSA with SHA-256, containing commas
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO
+X509 CSR Information RSA with SHA256, containing commas
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
@@ -351,7 +351,7 @@
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA256
@@ -359,7 +359,7 @@
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information EC with SHA512
@@ -371,7 +371,7 @@
mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA256
@@ -379,15 +379,15 @@
mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CSR Information RSA-PSS with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
-X509 CSR Information RSA with SHA-256 - Microsoft header
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C
+X509 CSR Information RSA with SHA256 - Microsoft header
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information v3 extensions #1 (all)
@@ -680,7 +680,7 @@
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL"
X509 CRT verification #15 (Valid Cert SHA224 Digest)
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #16 (Valid Cert SHA256 Digest)
@@ -688,7 +688,7 @@
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #17 (Valid Cert SHA384 Digest)
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #18 (Valid Cert SHA512 Digest)
@@ -772,11 +772,11 @@
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_224
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA384:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:PSA_WANT_ALG_SHA_384:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1
x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #39 (Valid, EC CA, SHA512 Digest)
@@ -860,7 +860,7 @@
x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256)
@@ -868,7 +868,7 @@
x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512)
@@ -908,7 +908,7 @@
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA224:MBEDTLS_MD_CAN_SHA1
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:PSA_WANT_ALG_SHA_224:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #70 (v1 trusted CA)
@@ -1020,7 +1020,7 @@
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL"
X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest)
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL"
X509 CRT verification #97 (next profile Valid Cert SHA256 Digest)
@@ -2468,35 +2468,35 @@
x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, issuer set missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
# 305c
@@ -2518,43 +2518,43 @@
# 03020001 signatureValue BIT STRING
# The subsequent TBSCertList negative tests remove or modify some elements.
X509 CRL ASN1 (TBSCertList, sig present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (TBSCertList, signatureValue missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, single empty entry at end)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, good entry then empty entry at end)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, missing time in entry)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, missing time in entry at end)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, invalid tag for time in entry)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, invalid tag for serial)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, no entries)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO
+depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (invalid version 2)
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 5c6a903..cb78199 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -3,7 +3,7 @@
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0
Certificate Request check Server1 SHA224
-depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0
Certificate Request check Server1 SHA256
@@ -11,7 +11,7 @@
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0
Certificate Request check Server1 SHA384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
+depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0
Certificate Request check Server1 SHA512
diff --git a/tf-psa-crypto/.gitignore b/tf-psa-crypto/.gitignore
new file mode 100644
index 0000000..f3c7a7c
--- /dev/null
+++ b/tf-psa-crypto/.gitignore
@@ -0,0 +1 @@
+Makefile
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
new file mode 100644
index 0000000..1425abb
--- /dev/null
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -0,0 +1,38 @@
+#
+# CMake build system design considerations:
+#
+# - Include directories:
+# + Do not define include directories globally using the include_directories
+# command but rather at the target level using the
+# target_include_directories command. That way, it is easier to guarantee
+# that targets are built using the proper list of include directories.
+# + Use the PUBLIC and PRIVATE keywords to specify the scope of include
+# directories. That way, a target linking to a library (using the
+# target_link_libraries command) inherits from the library PUBLIC include
+# directories and not from the PRIVATE ones.
+# - TF_PSA_CRYPTO_TARGET_PREFIX: CMake targets are designed to be alterable by
+# calling CMake in order to avoid target name clashes, via the use of
+# TF_PSA_CRYPTO_TARGET_PREFIX. The value of this variable is prefixed to the
+# tfpsacrypto and apidoc targets.
+#
+
+# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
+# until our infrastructure catches up.
+cmake_minimum_required(VERSION 3.5.1)
+
+# https://cmake.org/cmake/help/latest/policy/CMP0011.html
+# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
+# policy setting is deprecated, and will be removed in future versions.
+cmake_policy(SET CMP0011 NEW)
+# https://cmake.org/cmake/help/latest/policy/CMP0012.html
+# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2
+# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required
+# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting
+# is deprecated and will be removed in future versions.
+cmake_policy(SET CMP0012 NEW)
+
+if(LIB_INSTALL_DIR)
+ set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
+endif()
+
+add_subdirectory(include)
diff --git a/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
similarity index 97%
rename from include/mbedtls/aes.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
index d5eb1fd..a07c8a5 100644
--- a/include/mbedtls/aes.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h
@@ -35,7 +35,7 @@
#include <stddef.h>
#include <stdint.h>
-/* padlock.c and aesni.c rely on these values! */
+/* aesni.c relies on these values! */
#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
@@ -64,19 +64,15 @@
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
round keys in the buffer. */
-#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold
10 round keys for 128-bit case. */
#else
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
- one of the following purposes:
- <ul><li>Alignment if VIA padlock is
- used.</li>
- <li>Simplifying key expansion in the 256-bit
- case by generating an extra round key.
- </li></ul> */
-#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */
+ simplifying key expansion in the 256-bit
+ case by generating an extra round key. */
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
}
mbedtls_aes_context;
diff --git a/include/mbedtls/aria.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
similarity index 100%
rename from include/mbedtls/aria.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h
diff --git a/include/mbedtls/asn1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
similarity index 100%
rename from include/mbedtls/asn1.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h
diff --git a/include/mbedtls/asn1write.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
similarity index 100%
rename from include/mbedtls/asn1write.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h
diff --git a/include/mbedtls/base64.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
similarity index 100%
rename from include/mbedtls/base64.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h
diff --git a/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
similarity index 100%
rename from include/mbedtls/bignum.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h
diff --git a/include/mbedtls/block_cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
similarity index 100%
rename from include/mbedtls/block_cipher.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h
diff --git a/include/mbedtls/camellia.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
similarity index 100%
rename from include/mbedtls/camellia.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h
diff --git a/include/mbedtls/ccm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
similarity index 100%
rename from include/mbedtls/ccm.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h
diff --git a/include/mbedtls/chacha20.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
similarity index 100%
rename from include/mbedtls/chacha20.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h
diff --git a/include/mbedtls/chachapoly.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
similarity index 100%
rename from include/mbedtls/chachapoly.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h
diff --git a/include/mbedtls/cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
similarity index 100%
rename from include/mbedtls/cipher.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h
diff --git a/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
similarity index 100%
rename from include/mbedtls/cmac.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h
diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
similarity index 98%
rename from include/mbedtls/config_adjust_legacy_from_psa.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
index 0091e24..04bdae6 100644
--- a/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_legacy_from_psa.h
* \brief Adjust PSA configuration: activate legacy implementations
*
+ * This is an internal header. Do not include it directly.
+ *
* When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations
* of cryptographic mechanisms as needed to fulfill the needs of the PSA
* configuration. Generally speaking, we activate a legacy mechanism if
@@ -16,6 +18,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/* Define appropriate ACCEL macros for the p256-m driver.
* In the future, those should be generated from the drivers JSON description.
*/
@@ -498,7 +508,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
#endif /* PSA_WANT_ALG_HKDF */
@@ -509,7 +518,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
@@ -520,7 +528,6 @@
* The PSA implementation has its own implementation of HKDF, separate from
* hkdf.c. No need to enable MBEDTLS_HKDF_C here.
*/
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
@@ -630,9 +637,6 @@
#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)
#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1
#define PSA_HAVE_SOFT_PBKDF2_HMAC 1
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */
#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
similarity index 90%
rename from include/mbedtls/config_adjust_psa_superset_legacy.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
index 3a55c3f..ef65cce 100644
--- a/include/mbedtls/config_adjust_psa_superset_legacy.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h
@@ -2,6 +2,8 @@
* \file mbedtls/config_adjust_psa_superset_legacy.h
* \brief Adjust PSA configuration: automatic enablement from legacy
*
+ * This is an internal header. Do not include it directly.
+ *
* To simplify some edge cases, we automatically enable certain cryptographic
* mechanisms in the PSA API if they are enabled in the legacy API. The general
* idea is that if legacy module M uses mechanism A internally, and A has
@@ -17,6 +19,14 @@
#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/****************************************************************/
/* Hashes that are built in are also enabled in PSA.
* This simplifies dependency declarations especially
diff --git a/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
similarity index 86%
rename from include/mbedtls/config_psa.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
index 17da61b..5f3d0f3 100644
--- a/include/mbedtls/config_psa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h
@@ -22,6 +22,8 @@
#include "psa/crypto_adjust_config_synonyms.h"
+#include "psa/crypto_adjust_config_dependencies.h"
+
#include "mbedtls/config_adjust_psa_superset_legacy.h"
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
@@ -32,7 +34,11 @@
* before we deduce what built-ins are required. */
#include "psa/crypto_adjust_config_key_pair_types.h"
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/* If we are implementing PSA crypto ourselves, then we want to enable the
+ * required built-ins. Otherwise, PSA features will be provided by the server. */
#include "mbedtls/config_adjust_legacy_from_psa.h"
+#endif
#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/include/mbedtls/constant_time.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/constant_time.h
similarity index 100%
rename from include/mbedtls/constant_time.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/constant_time.h
diff --git a/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
similarity index 100%
rename from include/mbedtls/ctr_drbg.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h
diff --git a/include/mbedtls/des.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
similarity index 100%
rename from include/mbedtls/des.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/des.h
diff --git a/include/mbedtls/dhm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
similarity index 100%
rename from include/mbedtls/dhm.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h
diff --git a/include/mbedtls/ecdh.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
similarity index 100%
rename from include/mbedtls/ecdh.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h
diff --git a/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
similarity index 100%
rename from include/mbedtls/ecdsa.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
diff --git a/include/mbedtls/ecjpake.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
similarity index 100%
rename from include/mbedtls/ecjpake.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h
diff --git a/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
similarity index 100%
rename from include/mbedtls/ecp.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h
diff --git a/include/mbedtls/entropy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
similarity index 100%
rename from include/mbedtls/entropy.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h
diff --git a/include/mbedtls/error.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/error.h
similarity index 99%
rename from include/mbedtls/error.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/error.h
index 186589a..d101dee 100644
--- a/include/mbedtls/error.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/error.h
@@ -45,7 +45,6 @@
* CAMELLIA 3 0x0024-0x0026 0x0027-0x0027
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E 0x000B-0x000B
- * PADLOCK 1 0x0030-0x0030
* DES 2 0x0032-0x0032 0x0033-0x0033
* CTR_DBRG 4 0x0034-0x003A
* ENTROPY 3 0x003C-0x0040 0x003D-0x003F
diff --git a/include/mbedtls/gcm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
similarity index 100%
rename from include/mbedtls/gcm.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h
diff --git a/include/mbedtls/hmac_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
similarity index 100%
rename from include/mbedtls/hmac_drbg.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h
diff --git a/include/mbedtls/lms.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
similarity index 100%
rename from include/mbedtls/lms.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h
diff --git a/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
similarity index 97%
rename from include/mbedtls/md.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
index 478e9f7..80f37e2 100644
--- a/include/mbedtls/md.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h
@@ -67,13 +67,13 @@
* and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
* part of the code based on PSA.
*/
-#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512)
+#if defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA3_512)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
-#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384)
+#elif defined(PSA_WANT_ALG_SHA_384) || defined(MBEDTLS_MD_CAN_SHA3_384)
#define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */
#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256)
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */
-#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224)
+#elif defined(PSA_WANT_ALG_SHA_224) || defined(MBEDTLS_MD_CAN_SHA3_224)
#define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */
#else
#define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160
@@ -84,11 +84,11 @@
#define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */
#elif defined(MBEDTLS_MD_CAN_SHA3_256)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 136
-#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384)
+#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_384)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 128
#elif defined(MBEDTLS_MD_CAN_SHA3_384)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 104
-#elif defined(MBEDTLS_MD_CAN_SHA3_512)
+#elif defined(PSA_WANT_ALG_SHA3_512)
#define MBEDTLS_MD_MAX_BLOCK_SIZE 72
#else
#define MBEDTLS_MD_MAX_BLOCK_SIZE 64
diff --git a/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
similarity index 100%
rename from include/mbedtls/md5.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h
diff --git a/include/mbedtls/memory_buffer_alloc.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
similarity index 100%
rename from include/mbedtls/memory_buffer_alloc.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h
diff --git a/include/mbedtls/nist_kw.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
similarity index 100%
rename from include/mbedtls/nist_kw.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h
diff --git a/include/mbedtls/oid.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
similarity index 100%
rename from include/mbedtls/oid.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h
diff --git a/include/mbedtls/pem.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
similarity index 100%
rename from include/mbedtls/pem.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h
diff --git a/include/mbedtls/pk.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
similarity index 96%
rename from include/mbedtls/pk.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
index fde302f..52f4cc6 100644
--- a/include/mbedtls/pk.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h
@@ -359,32 +359,40 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
/**
- * \brief Initialize a PK context to wrap a PSA key.
+ * \brief Initialize a PK context to wrap a PSA key.
*
- * \note This function replaces mbedtls_pk_setup() for contexts
- * that wrap a (possibly opaque) PSA key instead of
- * storing and manipulating the key material directly.
+ * This function creates a PK context which wraps a PSA key. The PSA wrapped
+ * key must be an EC or RSA key pair (DH is not suported in the PK module).
*
- * \param ctx The context to initialize. It must be empty (type NONE).
- * \param key The PSA key to wrap, which must hold an ECC or RSA key
- * pair (see notes below).
+ * Under the hood PSA functions will be used to perform the required
+ * operations and, based on the key type, used algorithms will be:
+ * * EC:
+ * * verify, verify_ext, sign, sign_ext: ECDSA.
+ * * RSA:
+ * * sign, decrypt: use the primary algorithm in the wrapped PSA key;
+ * * sign_ext: RSA PSS if the pk_type is #MBEDTLS_PK_RSASSA_PSS, otherwise
+ * it falls back to the sign() case;
+ * * verify, verify_ext, encrypt: not supported.
*
- * \note The wrapped key must remain valid as long as the
- * wrapping PK context is in use, that is at least between
- * the point this function is called and the point
- * mbedtls_pk_free() is called on this context. The wrapped
- * key might then be independently used or destroyed.
+ * In order for the above operations to succeed, the policy of the wrapped PSA
+ * key must allow the specified algorithm.
*
- * \note This function is currently only available for ECC or RSA
- * key pairs (that is, keys containing private key material).
- * Support for other key types may be added later.
+ * Opaque PK contexts wrapping an EC keys also support \c mbedtls_pk_check_pair(),
+ * whereas RSA ones do not.
*
- * \return \c 0 on success.
- * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input
- * (context already used, invalid key identifier).
- * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an
- * ECC key pair.
- * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
+ * \warning The PSA wrapped key must remain valid as long as the wrapping PK
+ * context is in use, that is at least between the point this function
+ * is called and the point mbedtls_pk_free() is called on this context.
+ *
+ * \param ctx The context to initialize. It must be empty (type NONE).
+ * \param key The PSA key to wrap, which must hold an ECC or RSA key pair.
+ *
+ * \return \c 0 on success.
+ * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already
+ * used, invalid key identifier).
+ * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC or
+ * RSA key pair.
+ * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
*/
int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx,
const mbedtls_svc_key_id_t key);
diff --git a/include/mbedtls/pkcs12.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
similarity index 100%
rename from include/mbedtls/pkcs12.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h
diff --git a/include/mbedtls/pkcs5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
similarity index 100%
rename from include/mbedtls/pkcs5.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h
diff --git a/include/mbedtls/platform.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
similarity index 100%
rename from include/mbedtls/platform.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h
diff --git a/include/mbedtls/platform_time.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
similarity index 100%
rename from include/mbedtls/platform_time.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h
diff --git a/include/mbedtls/platform_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
similarity index 100%
rename from include/mbedtls/platform_util.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h
diff --git a/include/mbedtls/poly1305.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
similarity index 100%
rename from include/mbedtls/poly1305.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h
diff --git a/include/mbedtls/private_access.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/private_access.h
similarity index 100%
rename from include/mbedtls/private_access.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/private_access.h
diff --git a/include/mbedtls/psa_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
similarity index 100%
rename from include/mbedtls/psa_util.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h
diff --git a/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
similarity index 100%
rename from include/mbedtls/ripemd160.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h
diff --git a/include/mbedtls/rsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
similarity index 100%
rename from include/mbedtls/rsa.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
diff --git a/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
similarity index 100%
rename from include/mbedtls/sha1.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h
diff --git a/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
similarity index 100%
rename from include/mbedtls/sha256.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h
diff --git a/include/mbedtls/sha3.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
similarity index 100%
rename from include/mbedtls/sha3.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h
diff --git a/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
similarity index 100%
rename from include/mbedtls/sha512.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h
diff --git a/include/mbedtls/threading.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
similarity index 100%
rename from include/mbedtls/threading.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
diff --git a/include/mbedtls/timing.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h
similarity index 100%
rename from include/mbedtls/timing.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h
diff --git a/include/mbedtls/version.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/version.h
similarity index 100%
rename from include/mbedtls/version.h
rename to tf-psa-crypto/drivers/builtin/include/mbedtls/version.h
diff --git a/tf-psa-crypto/include/.gitignore b/tf-psa-crypto/include/.gitignore
new file mode 100644
index 0000000..f3c7a7c
--- /dev/null
+++ b/tf-psa-crypto/include/.gitignore
@@ -0,0 +1 @@
+Makefile
diff --git a/tf-psa-crypto/include/CMakeLists.txt b/tf-psa-crypto/include/CMakeLists.txt
new file mode 100644
index 0000000..bca86ff
--- /dev/null
+++ b/tf-psa-crypto/include/CMakeLists.txt
@@ -0,0 +1,19 @@
+option(INSTALL_TF_PSA_CRYPTO_HEADERS "Install TF PSA Crypto headers." ON)
+
+if(INSTALL_TF_PSA_CRYPTO_HEADERS)
+ file(GLOB psa_headers "psa/*.h")
+ file(GLOB mbedtls_crypto_headers "../drivers/builtin/include/mbedtls/*.h")
+
+ install(FILES ${psa_headers}
+ DESTINATION include/psa
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+ install(FILES ${mbedtls_crypto_headers}
+ DESTINATION include/mbedtls
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
+
+# Make includes available in an out-of-source build. ssl-opt.sh requires it.
+if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(psa)
+endif()
diff --git a/include/psa/build_info.h b/tf-psa-crypto/include/psa/build_info.h
similarity index 100%
rename from include/psa/build_info.h
rename to tf-psa-crypto/include/psa/build_info.h
diff --git a/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
similarity index 99%
rename from include/psa/crypto.h
rename to tf-psa-crypto/include/psa/crypto.h
index 7083bd9..f9db4dd 100644
--- a/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -871,7 +871,7 @@
* such that #PSA_ALG_IS_HASH(\p alg) is true).
* \param[in] input Buffer containing the message to hash.
* \param input_length Size of the \p input buffer in bytes.
- * \param[out] hash Buffer containing the expected hash value.
+ * \param[in] hash Buffer containing the expected hash value.
* \param hash_length Size of the \p hash buffer in bytes.
*
* \retval #PSA_SUCCESS
@@ -1224,7 +1224,7 @@
* such that #PSA_ALG_IS_MAC(\p alg) is true).
* \param[in] input Buffer containing the input message.
* \param input_length Size of the \p input buffer in bytes.
- * \param[out] mac Buffer containing the expected MAC value.
+ * \param[in] mac Buffer containing the expected MAC value.
* \param mac_length Size of the \p mac buffer in bytes.
*
* \retval #PSA_SUCCESS
@@ -2910,7 +2910,7 @@
* \p key.
* \param[in] input The message whose signature is to be verified.
* \param[in] input_length Size of the \p input buffer in bytes.
- * \param[out] signature Buffer containing the signature to verify.
+ * \param[in] signature Buffer containing the signature to verify.
* \param[in] signature_length Size of the \p signature buffer in bytes.
*
* \retval #PSA_SUCCESS \emptydescription
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h
new file mode 100644
index 0000000..3a2af15
--- /dev/null
+++ b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h
@@ -0,0 +1,31 @@
+/**
+ * \file psa/crypto_adjust_auto_enabled.h
+ * \brief Adjust PSA configuration: enable always-on features
+ *
+ * This is an internal header. Do not include it directly.
+ *
+ * Always enable certain features which require a negligible amount of code
+ * to implement, to avoid some edge cases in the configuration combinatorics.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H
+
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
+#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
+#define PSA_WANT_KEY_TYPE_RAW_DATA 1
+
+#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */
diff --git a/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h
new file mode 100644
index 0000000..92e9c4d
--- /dev/null
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h
@@ -0,0 +1,51 @@
+/**
+ * \file psa/crypto_adjust_config_dependencies.h
+ * \brief Adjust PSA configuration by resolving some dependencies.
+ *
+ * This is an internal header. Do not include it directly.
+ *
+ * See docs/proposed/psa-conditional-inclusion-c.md.
+ * If the Mbed TLS implementation of a cryptographic mechanism A depends on a
+ * cryptographic mechanism B then if the cryptographic mechanism A is enabled
+ * and not accelerated enable B. Note that if A is enabled and accelerated, it
+ * is not necessary to enable B for A support.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H
+
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
+#if (defined(PSA_WANT_ALG_TLS12_PRF) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \
+ (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \
+ (defined(PSA_WANT_ALG_HKDF) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \
+ (defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \
+ (defined(PSA_WANT_ALG_HKDF_EXPAND) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \
+ (defined(PSA_WANT_ALG_PBKDF2_HMAC) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC))
+#define PSA_WANT_ALG_HMAC 1
+#define PSA_WANT_KEY_TYPE_HMAC 1
+#endif
+
+#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \
+ !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128))
+#define PSA_WANT_KEY_TYPE_AES 1
+#define PSA_WANT_ALG_CMAC 1
+#endif
+
+#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */
diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
similarity index 87%
rename from include/psa/crypto_adjust_config_key_pair_types.h
rename to tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
index 63afc0e..cec39e0 100644
--- a/include/psa/crypto_adjust_config_key_pair_types.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h
@@ -2,6 +2,8 @@
* \file psa/crypto_adjust_config_key_pair_types.h
* \brief Adjust PSA configuration for key pair types.
*
+ * This is an internal header. Do not include it directly.
+ *
* See docs/proposed/psa-conditional-inclusion-c.md.
* - Support non-basic operations in a keypair type implicitly enables basic
* support for that keypair type.
@@ -19,6 +21,14 @@
#ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
#define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/*****************************************************************
* ANYTHING -> BASIC
****************************************************************/
diff --git a/include/psa/crypto_adjust_config_synonyms.h b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
similarity index 76%
rename from include/psa/crypto_adjust_config_synonyms.h
rename to tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
index 332b622..54b116f 100644
--- a/include/psa/crypto_adjust_config_synonyms.h
+++ b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h
@@ -2,6 +2,8 @@
* \file psa/crypto_adjust_config_synonyms.h
* \brief Adjust PSA configuration: enable quasi-synonyms
*
+ * This is an internal header. Do not include it directly.
+ *
* When two features require almost the same code, we automatically enable
* both when either one is requested, to reduce the combinatorics of
* possible configurations.
@@ -14,6 +16,14 @@
#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H
+#if !defined(MBEDTLS_CONFIG_FILES_READ)
+#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \
+ "up to and including runtime errors such as buffer overflows. " \
+ "If you're trying to fix a complaint from check_config.h, just remove " \
+ "it from your configuration file: since Mbed TLS 3.0, it is included " \
+ "automatically at the right point."
+#endif /* */
+
/****************************************************************/
/* De facto synonyms */
/****************************************************************/
diff --git a/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h
similarity index 100%
rename from include/psa/crypto_builtin_composites.h
rename to tf-psa-crypto/include/psa/crypto_builtin_composites.h
diff --git a/include/psa/crypto_builtin_key_derivation.h b/tf-psa-crypto/include/psa/crypto_builtin_key_derivation.h
similarity index 100%
rename from include/psa/crypto_builtin_key_derivation.h
rename to tf-psa-crypto/include/psa/crypto_builtin_key_derivation.h
diff --git a/include/psa/crypto_builtin_primitives.h b/tf-psa-crypto/include/psa/crypto_builtin_primitives.h
similarity index 100%
rename from include/psa/crypto_builtin_primitives.h
rename to tf-psa-crypto/include/psa/crypto_builtin_primitives.h
diff --git a/include/psa/crypto_compat.h b/tf-psa-crypto/include/psa/crypto_compat.h
similarity index 100%
rename from include/psa/crypto_compat.h
rename to tf-psa-crypto/include/psa/crypto_compat.h
diff --git a/include/psa/crypto_config.h b/tf-psa-crypto/include/psa/crypto_config.h
similarity index 100%
rename from include/psa/crypto_config.h
rename to tf-psa-crypto/include/psa/crypto_config.h
diff --git a/include/psa/crypto_driver_common.h b/tf-psa-crypto/include/psa/crypto_driver_common.h
similarity index 100%
rename from include/psa/crypto_driver_common.h
rename to tf-psa-crypto/include/psa/crypto_driver_common.h
diff --git a/include/psa/crypto_driver_contexts_composites.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h
similarity index 98%
rename from include/psa/crypto_driver_contexts_composites.h
rename to tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h
index d717c51..5a484fc 100644
--- a/include/psa/crypto_driver_contexts_composites.h
+++ b/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h
@@ -31,7 +31,7 @@
* declared during the autogeneration process. */
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include <libtestdriver1/include/psa/crypto.h>
+#include <libtestdriver1/tf-psa-crypto/include/psa/crypto.h>
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_key_derivation.h
similarity index 100%
rename from include/psa/crypto_driver_contexts_key_derivation.h
rename to tf-psa-crypto/include/psa/crypto_driver_contexts_key_derivation.h
diff --git a/include/psa/crypto_driver_contexts_primitives.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h
similarity index 98%
rename from include/psa/crypto_driver_contexts_primitives.h
rename to tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h
index c90a5fb..281e0a1 100644
--- a/include/psa/crypto_driver_contexts_primitives.h
+++ b/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h
@@ -30,7 +30,7 @@
* declared during the autogeneration process. */
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include <libtestdriver1/include/psa/crypto.h>
+#include <libtestdriver1/tf-psa-crypto/include/psa/crypto.h>
#endif
#if defined(PSA_CRYPTO_DRIVER_TEST)
diff --git a/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h
similarity index 100%
rename from include/psa/crypto_extra.h
rename to tf-psa-crypto/include/psa/crypto_extra.h
diff --git a/include/psa/crypto_legacy.h b/tf-psa-crypto/include/psa/crypto_legacy.h
similarity index 100%
rename from include/psa/crypto_legacy.h
rename to tf-psa-crypto/include/psa/crypto_legacy.h
diff --git a/include/psa/crypto_platform.h b/tf-psa-crypto/include/psa/crypto_platform.h
similarity index 100%
rename from include/psa/crypto_platform.h
rename to tf-psa-crypto/include/psa/crypto_platform.h
diff --git a/include/psa/crypto_se_driver.h b/tf-psa-crypto/include/psa/crypto_se_driver.h
similarity index 100%
rename from include/psa/crypto_se_driver.h
rename to tf-psa-crypto/include/psa/crypto_se_driver.h
diff --git a/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h
similarity index 100%
rename from include/psa/crypto_sizes.h
rename to tf-psa-crypto/include/psa/crypto_sizes.h
diff --git a/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h
similarity index 100%
rename from include/psa/crypto_struct.h
rename to tf-psa-crypto/include/psa/crypto_struct.h
diff --git a/include/psa/crypto_types.h b/tf-psa-crypto/include/psa/crypto_types.h
similarity index 100%
rename from include/psa/crypto_types.h
rename to tf-psa-crypto/include/psa/crypto_types.h
diff --git a/include/psa/crypto_values.h b/tf-psa-crypto/include/psa/crypto_values.h
similarity index 100%
rename from include/psa/crypto_values.h
rename to tf-psa-crypto/include/psa/crypto_values.h