Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
lines where development made a change unrelated to MBEDTLS_SHAxxx and our
branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
`MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
no change to what the test does. Pick the other branch's dependency
changes then apply our SHA dpeendency change.
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 0962898..f3cba5a 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1132,6 +1132,16 @@
all_final += cert_md5.crt
################################################################
+#### Diffie-Hellman parameters
+################################################################
+
+dh.998.pem:
+ $(OPENSSL) dhparam -out $@ -text 998
+
+dh.999.pem:
+ $(OPENSSL) dhparam -out $@ -text 999
+
+################################################################
#### Meta targets
################################################################
diff --git a/tests/data_files/dh.998.pem b/tests/data_files/dh.998.pem
new file mode 100644
index 0000000..96d6cf2
--- /dev/null
+++ b/tests/data_files/dh.998.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (998 bit)
+ prime:
+ 39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
+ b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
+ 6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
+ 48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
+ 9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
+ fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
+ c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
+ 8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
+ de:f8:08:25:db
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
+YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
+EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/data_files/dh.999.pem b/tests/data_files/dh.999.pem
new file mode 100644
index 0000000..6e3ceb3
--- /dev/null
+++ b/tests/data_files/dh.999.pem
@@ -0,0 +1,17 @@
+ DH Parameters: (999 bit)
+ prime:
+ 4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
+ 69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
+ 6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
+ 14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
+ 69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
+ bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
+ 82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
+ 68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
+ f2:e6:c4:94:03
+ generator: 2 (0x2)
+-----BEGIN DH PARAMETERS-----
+MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
+cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
+vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
+-----END DH PARAMETERS-----
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
index 1be8910..2207cb3 100644
--- a/tests/include/test/drivers/aead.h
+++ b/tests/include/test/drivers/aead.h
@@ -37,18 +37,19 @@
unsigned long hits;
/* Status returned by the last AEAD driver function call. */
psa_status_t driver_status;
-} test_driver_aead_hooks_t;
+} mbedtls_test_driver_aead_hooks_t;
-#define TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
-static inline test_driver_aead_hooks_t test_driver_aead_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0 }
+static inline mbedtls_test_driver_aead_hooks_t
+ mbedtls_test_driver_aead_hooks_init( void )
{
- const test_driver_aead_hooks_t v = TEST_DRIVER_AEAD_INIT;
+ const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
return( v );
}
-extern test_driver_aead_hooks_t test_driver_aead_hooks;
+extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
-psa_status_t test_transparent_aead_encrypt(
+psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -57,7 +58,7 @@
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
-psa_status_t test_transparent_aead_decrypt(
+psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
index 6d6a6af..4fe5596 100644
--- a/tests/include/test/drivers/cipher.h
+++ b/tests/include/test/drivers/cipher.h
@@ -41,101 +41,102 @@
psa_status_t forced_status;
/* Count the amount of times one of the cipher driver functions is called. */
unsigned long hits;
-} test_driver_cipher_hooks_t;
+} mbedtls_test_driver_cipher_hooks_t;
-#define TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_cipher_hooks_t test_driver_cipher_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_cipher_hooks_t
+ mbedtls_test_driver_cipher_hooks_init( void )
{
- const test_driver_cipher_hooks_t v = TEST_DRIVER_CIPHER_INIT;
+ const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
return( v );
}
-extern test_driver_cipher_hooks_t test_driver_cipher_hooks;
+extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
-psa_status_t test_transparent_cipher_encrypt(
+psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_decrypt(
+psa_status_t mbedtls_test_transparent_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_encrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_transparent_cipher_decrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_transparent_cipher_abort(
+psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation );
-psa_status_t test_transparent_cipher_set_iv(
+psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
-psa_status_t test_transparent_cipher_update(
+psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_transparent_cipher_finish(
+psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
/*
* opaque versions
*/
-psa_status_t test_opaque_cipher_encrypt(
+psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_decrypt(
+psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_encrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_opaque_cipher_decrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg);
-psa_status_t test_opaque_cipher_abort(
+psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation);
-psa_status_t test_opaque_cipher_set_iv(
+psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv, size_t iv_length);
-psa_status_t test_opaque_cipher_update(
+psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length);
-psa_status_t test_opaque_cipher_finish(
+psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output, size_t output_size, size_t *output_length);
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
new file mode 100644
index 0000000..ebe83de
--- /dev/null
+++ b/tests/include/test/drivers/hash.h
@@ -0,0 +1,80 @@
+/*
+ * Test driver for hash driver entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
+#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <psa/crypto_driver_common.h>
+
+typedef struct {
+ /* If not PSA_SUCCESS, return this error code instead of processing the
+ * function call. */
+ psa_status_t forced_status;
+ /* Count the amount of times hash driver entry points are called. */
+ unsigned long hits;
+ /* Status returned by the last hash driver entry point call. */
+ psa_status_t driver_status;
+} mbedtls_test_driver_hash_hooks_t;
+
+#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
+static inline mbedtls_test_driver_hash_hooks_t
+ mbedtls_test_driver_hash_hooks_init( void )
+{
+ const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
+ return( v );
+}
+
+extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
+
+psa_status_t mbedtls_test_transparent_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size, size_t *hash_length );
+
+psa_status_t mbedtls_test_transparent_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg );
+
+psa_status_t mbedtls_test_transparent_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation );
+
+psa_status_t mbedtls_test_transparent_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length );
+
+psa_status_t mbedtls_test_transparent_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length );
+
+psa_status_t mbedtls_test_transparent_hash_abort(
+ mbedtls_psa_hash_operation_t *operation );
+
+#endif /* PSA_CRYPTO_DRIVER_TEST */
+#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
index b30baa2..45814fd 100644
--- a/tests/include/test/drivers/key_management.h
+++ b/tests/include/test/drivers/key_management.h
@@ -29,6 +29,9 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
+#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
+
typedef struct {
/* If non-null, on success, copy this to the output. */
void *forced_output;
@@ -39,41 +42,44 @@
/* Count the amount of times one of the key management driver functions
* is called. */
unsigned long hits;
-} test_driver_key_management_hooks_t;
+} mbedtls_test_driver_key_management_hooks_t;
-#define TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_key_management_hooks_t test_driver_key_management_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks_init( void )
{
- const test_driver_key_management_hooks_t v = TEST_DRIVER_KEY_MANAGEMENT_INIT;
+ const mbedtls_test_driver_key_management_hooks_t
+ v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
return( v );
}
-extern test_driver_key_management_hooks_t test_driver_key_management_hooks;
+extern mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks;
-psa_status_t test_transparent_generate_key(
+psa_status_t mbedtls_test_transparent_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_opaque_generate_key(
+psa_status_t mbedtls_test_opaque_generate_key(
const psa_key_attributes_t *attributes,
uint8_t *key, size_t key_size, size_t *key_length );
-psa_status_t test_opaque_export_key(
+psa_status_t mbedtls_test_opaque_export_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_transparent_export_public_key(
+psa_status_t mbedtls_test_transparent_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_opaque_export_public_key(
+psa_status_t mbedtls_test_opaque_export_public_key(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
uint8_t *data, size_t data_size, size_t *data_length );
-psa_status_t test_transparent_import_key(
+psa_status_t mbedtls_test_transparent_import_key(
const psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length,
@@ -82,5 +88,10 @@
size_t *key_buffer_length,
size_t *bits);
+psa_status_t mbedtls_test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
+
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
index e785151..1586ce9 100644
--- a/tests/include/test/drivers/signature.h
+++ b/tests/include/test/drivers/signature.h
@@ -38,40 +38,44 @@
psa_status_t forced_status;
/* Count the amount of times one of the signature driver functions is called. */
unsigned long hits;
-} test_driver_signature_hooks_t;
+} mbedtls_test_driver_signature_hooks_t;
-#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void )
+#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
+static inline mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_hooks_init( void )
{
- const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT;
+ const mbedtls_test_driver_signature_hooks_t
+ v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
return( v );
}
-extern test_driver_signature_hooks_t test_driver_signature_sign_hooks;
-extern test_driver_signature_hooks_t test_driver_signature_verify_hooks;
+extern mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_sign_hooks;
+extern mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_verify_hooks;
-psa_status_t test_transparent_signature_sign_hash(
+psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t test_opaque_signature_sign_hash(
+psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length );
-psa_status_t test_transparent_signature_verify_hash(
+psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length );
-psa_status_t test_opaque_signature_verify_hash(
+psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
diff --git a/tests/include/test/drivers/size.h b/tests/include/test/drivers/size.h
index 4bfe986..b2665bd 100644
--- a/tests/include/test/drivers/size.h
+++ b/tests/include/test/drivers/size.h
@@ -29,67 +29,9 @@
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include <psa/crypto_driver_common.h>
-typedef struct {
- unsigned int context;
-} test_driver_key_context_t;
-
-/** \def TEST_DRIVER_KEY_CONTEXT_BASE_SIZE
- *
- * This macro returns the base size for the key context. It is the size of the
- * driver specific information stored in each key context.
- */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
-
-/** \def TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE
- *
- * Number of bytes included in every key context for a key pair.
- *
- * This pair size is for an ECC 256-bit private/public key pair.
- * Based on this value, the size of the private key can be derived by
- * subtracting the public key size below from this one.
- */
-
-#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65
-
-/** \def TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE
- *
- * Number of bytes included in every key context for a public key.
- *
- * For ECC public keys, it needs 257 bits so 33 bytes.
- */
-#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33
-
-/** \def TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR
- *
- * Every key context for a symmetric key includes this many times the key size.
- */
-#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0
-
-/** \def TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY
- *
- * If this is true for a key pair, the key context includes space for the public key.
- * If this is false, no additional space is added for the public key.
- *
- * For this instance, store the public key with the private one.
- */
-#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1
-
-/** \def TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
- *
- * If TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION is defined, the test driver
- * provides a size_function entry point, otherwise, it does not.
- *
- * Some opaque drivers have the need to support a custom size for the storage
- * of key and context information. The size_function provides the ability to
- * provide that customization.
- */
-//#define TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
-
-#ifdef TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION
-size_t test_size_function(
+size_t mbedtls_test_size_function(
const psa_key_type_t key_type,
const size_t key_bits );
-#endif /* TEST_DRIVER_KEY_CONTEXT_SIZE_FUNCTION */
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_SIZE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
index 2fdce5c..dc2136a 100644
--- a/tests/include/test/drivers/test_driver.h
+++ b/tests/include/test/drivers/test_driver.h
@@ -20,12 +20,13 @@
#ifndef PSA_CRYPTO_TEST_DRIVER_H
#define PSA_CRYPTO_TEST_DRIVER_H
-#define PSA_CRYPTO_TEST_DRIVER_LIFETIME 0x7fffff
+#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
#include "test/drivers/aead.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/key_management.h"
#include "test/drivers/cipher.h"
+#include "test/drivers/hash.h"
+#include "test/drivers/key_management.h"
+#include "test/drivers/signature.h"
#include "test/drivers/size.h"
#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index c3a844b..9bfe085 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -278,4 +278,20 @@
void mbedtls_test_mutex_usage_check( void );
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
+#if defined(MBEDTLS_TEST_HOOKS)
+/**
+ * \brief Check that only a pure high-level error code is being combined with
+ * a pure low-level error code as otherwise the resultant error code
+ * would be corrupted.
+ *
+ * \note Both high-level and low-level error codes cannot be greater than
+ * zero however can be zero. If one error code is zero then the
+ * other error code is returned even if both codes are zero.
+ *
+ * \note If the check fails, fail the test currently being run.
+ */
+void mbedtls_test_err_add_check( int high, int low,
+ const char *file, int line);
+#endif
+
#endif /* TEST_HELPERS_H */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b01c226..a4d50c1 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1099,6 +1099,7 @@
scripts/config.py unset MBEDTLS_ECDSA_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ scripts/config.py unset MBEDTLS_ECJPAKE_C
# Disable all curves
for c in $(sed -n 's/#define \(MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED\).*/\1/p' <"$CONFIG_H"); do
scripts/config.py unset "$c"
@@ -2061,6 +2062,7 @@
scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
scripts/config.py unset MBEDTLS_ARC4_C
scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ scripts/config.py unset MBEDTLS_CMAC_C
make
msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
@@ -2207,6 +2209,7 @@
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_AES"
@@ -2423,6 +2426,20 @@
make test
}
+component_test_no_x509_info () {
+ msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
+ scripts/config.pl full
+ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
+ scripts/config.pl set MBEDTLS_X509_REMOVE_INFO
+ make CFLAGS='-Werror -O1'
+
+ msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s
+ make test
+
+ msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min
+ if_build_succeeded tests/ssl-opt.sh
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s
scripts/config.py baremetal
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 188bd29..2572e93 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -84,6 +84,7 @@
}
# Depends on a specific curve. Also, ignore error if it wasn't enabled.
system( "scripts/config.pl unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED" );
+system( "scripts/config.pl unset MBEDTLS_ECJPAKE_C" );
# Test with only $curve enabled, for each $curve.
for my $curve (@curves) {
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 2727ff9..fd19c47 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -22,7 +22,7 @@
exit 1
fi
-HEADERS=$( ls include/mbedtls/*.h include/psa/*.h )
+HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h )
HEADERS="$HEADERS library/*.h"
HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index cf4175a..57263a3 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -36,8 +36,6 @@
},
'config-no-entropy.h' => {
},
- 'config-psa-crypto.h' => {
- },
'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
new file mode 100644
index 0000000..f95aa6b
--- /dev/null
+++ b/tests/src/drivers/hash.c
@@ -0,0 +1,161 @@
+/*
+ * Test driver for hash entry points.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa_crypto_hash.h"
+
+#include "test/drivers/hash.h"
+
+mbedtls_test_driver_hash_hooks_t
+ mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
+
+psa_status_t mbedtls_test_transparent_hash_compute(
+ psa_algorithm_t alg,
+ const uint8_t *input, size_t input_length,
+ uint8_t *hash, size_t hash_size, size_t *hash_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_compute(
+ alg, input, input_length,
+ hash, hash_size, hash_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_setup(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ psa_algorithm_t alg )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_setup( operation, alg );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_clone(
+ const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
+ mbedtls_transparent_test_driver_hash_operation_t *target_operation )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_clone( source_operation,
+ target_operation );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_update(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ const uint8_t *input,
+ size_t input_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_update(
+ operation, input, input_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_finish(
+ mbedtls_transparent_test_driver_hash_operation_t *operation,
+ uint8_t *hash,
+ size_t hash_size,
+ size_t *hash_length )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_finish(
+ operation, hash, hash_size, hash_length );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+
+psa_status_t mbedtls_test_transparent_hash_abort(
+ mbedtls_transparent_test_driver_hash_operation_t *operation )
+{
+ mbedtls_test_driver_hash_hooks.hits++;
+
+ if( mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_test_driver_hash_hooks.forced_status;
+ }
+ else
+ {
+ mbedtls_test_driver_hash_hooks.driver_status =
+ mbedtls_transparent_test_driver_hash_abort( operation );
+ }
+
+ return( mbedtls_test_driver_hash_hooks.driver_status );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/key_management.c b/tests/src/drivers/key_management.c
deleted file mode 100644
index 10a40c3..0000000
--- a/tests/src/drivers/key_management.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- * Currently only supports generating and verifying ECC keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_rsa.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/error.h"
-
-#include "test/drivers/key_management.h"
-
-#include "test/random.h"
-
-#include <string.h>
-
-test_driver_key_management_hooks_t test_driver_key_management_hooks =
- TEST_DRIVER_KEY_MANAGEMENT_INIT;
-
-psa_status_t test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- if( test_driver_key_management_hooks.forced_output != NULL )
- {
- if( test_driver_key_management_hooks.forced_output_length > key_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( key, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *key_length = test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
- }
-
- /* Copied from psa_crypto.c */
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
- if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
- && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
- {
- return( mbedtls_transparent_test_driver_ecp_generate_key(
- attributes, key, key_size, key_length ) );
- }
- else
-#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
- if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
- return( mbedtls_transparent_test_driver_rsa_generate_key(
- attributes, key, key_size, key_length ) );
- else
-#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
- {
- (void)attributes;
- return( PSA_ERROR_NOT_SUPPORTED );
- }
-}
-
-psa_status_t test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length )
-{
- (void) attributes;
- (void) key;
- (void) key_size;
- (void) key_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type( attributes );
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_ECC( type ) )
- {
- status = mbedtls_transparent_test_driver_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
- }
- else
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( type ) )
- {
- status = mbedtls_transparent_test_driver_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits );
- }
- else
-#endif
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void)data;
- (void)data_length;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_buffer_length;
- (void)bits;
- (void)type;
- }
-
- return( status );
-}
-
-psa_status_t test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) data;
- (void) data_size;
- (void) data_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-psa_status_t test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- ++test_driver_key_management_hooks.hits;
-
- if( test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_key_management_hooks.forced_status );
-
- if( test_driver_key_management_hooks.forced_output != NULL )
- {
- if( test_driver_key_management_hooks.forced_output_length > data_size )
- return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( data, test_driver_key_management_hooks.forced_output,
- test_driver_key_management_hooks.forced_output_length );
- *data_length = test_driver_key_management_hooks.forced_output_length;
- return( PSA_SUCCESS );
- }
-
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type( attributes );
-
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_ECC( key_type ) )
- {
- status = mbedtls_transparent_test_driver_ecp_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length );
- }
- else
-#endif
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
- if( PSA_KEY_TYPE_IS_RSA( key_type ) )
- {
- status = mbedtls_transparent_test_driver_rsa_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length );
- }
- else
-#endif
- {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void)key_buffer;
- (void)key_buffer_size;
- (void)key_type;
- }
-
- return( status );
-}
-
-psa_status_t test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length )
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) data;
- (void) data_size;
- (void) data_length;
- return( PSA_ERROR_NOT_SUPPORTED );
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
new file mode 100644
index 0000000..759fa78
--- /dev/null
+++ b/tests/src/drivers/platform_builtin_keys.c
@@ -0,0 +1,91 @@
+/** \file platform_builtin_keys.c
+ *
+ * \brief Test driver implementation of the builtin key support
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <psa/crypto.h>
+#include <psa/crypto_extra.h>
+
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+#include <test/drivers/test_driver.h>
+#endif
+
+typedef struct
+{
+ psa_key_id_t builtin_key_id;
+ psa_key_lifetime_t lifetime;
+ psa_drv_slot_number_t slot_number;
+} mbedtls_psa_builtin_key_description_t;
+
+static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
+#if defined(PSA_CRYPTO_DRIVER_TEST)
+ /* For testing, assign the AES builtin key slot to the boundary values.
+ * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+ { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
+ PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
+ PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION ),
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT},
+#else
+ {0, 0, 0}
+#endif
+};
+
+psa_status_t mbedtls_psa_platform_get_builtin_key(
+ mbedtls_svc_key_id_t key_id,
+ psa_key_lifetime_t *lifetime,
+ psa_drv_slot_number_t *slot_number )
+{
+ psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID( key_id );
+ const mbedtls_psa_builtin_key_description_t *builtin_key;
+
+ for( size_t i = 0;
+ i < ( sizeof( builtin_keys ) / sizeof( builtin_keys[0] ) ); i++ )
+ {
+ builtin_key = &builtin_keys[i];
+ if( builtin_key->builtin_key_id == app_key_id )
+ {
+ *lifetime = builtin_key->lifetime;
+ *slot_number = builtin_key->slot_number;
+ return( PSA_SUCCESS );
+ }
+ }
+
+ return( PSA_ERROR_DOES_NOT_EXIST );
+}
diff --git a/tests/src/drivers/size.c b/tests/src/drivers/size.c
deleted file mode 100644
index 16a8692..0000000
--- a/tests/src/drivers/size.c
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Test driver for retrieving key context size.
- * Only used by opaque drivers.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
-
-#include "test/drivers/size.h"
-
-#ifdef TEST_KEY_CONTEXT_SIZE_FUNCTION
-size_t test_size_function(
- const psa_key_type_t key_type,
- const size_t key_bits )
-{
- (void) key_type;
- (void) key_bits;
- return 0;
-}
-#endif /*TEST_KEY_CONTEXT_SIZE_FUNCTION */
-
-#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/aead.c b/tests/src/drivers/test_driver_aead.c
similarity index 73%
rename from tests/src/drivers/aead.c
rename to tests/src/drivers/test_driver_aead.c
index c877525..25396c9 100644
--- a/tests/src/drivers/aead.c
+++ b/tests/src/drivers/test_driver_aead.c
@@ -28,9 +28,10 @@
#include "test/drivers/aead.h"
-test_driver_aead_hooks_t test_driver_aead_hooks = TEST_DRIVER_AEAD_INIT;
+mbedtls_test_driver_aead_hooks_t
+ mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
-psa_status_t test_transparent_aead_encrypt(
+psa_status_t mbedtls_test_transparent_aead_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -39,16 +40,16 @@
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length )
{
- test_driver_aead_hooks.hits++;
+ mbedtls_test_driver_aead_hooks.hits++;
- if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
{
- test_driver_aead_hooks.driver_status =
- test_driver_aead_hooks.forced_status;
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
}
else
{
- test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_encrypt(
attributes, key_buffer, key_buffer_size,
alg,
@@ -58,10 +59,10 @@
ciphertext, ciphertext_size, ciphertext_length );
}
- return( test_driver_aead_hooks.driver_status );
+ return( mbedtls_test_driver_aead_hooks.driver_status );
}
-psa_status_t test_transparent_aead_decrypt(
+psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
@@ -70,16 +71,16 @@
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length )
{
- test_driver_aead_hooks.hits++;
+ mbedtls_test_driver_aead_hooks.hits++;
- if( test_driver_aead_hooks.forced_status != PSA_SUCCESS )
+ if( mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS )
{
- test_driver_aead_hooks.driver_status =
- test_driver_aead_hooks.forced_status;
+ mbedtls_test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.forced_status;
}
else
{
- test_driver_aead_hooks.driver_status =
+ mbedtls_test_driver_aead_hooks.driver_status =
mbedtls_psa_aead_decrypt(
attributes, key_buffer, key_buffer_size,
alg,
@@ -89,7 +90,7 @@
plaintext, plaintext_size, plaintext_length );
}
- return( test_driver_aead_hooks.driver_status );
+ return( mbedtls_test_driver_aead_hooks.driver_status );
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/cipher.c b/tests/src/drivers/test_driver_cipher.c
similarity index 75%
rename from tests/src/drivers/cipher.c
rename to tests/src/drivers/test_driver_cipher.c
index 4dc4678..a415dd8 100644
--- a/tests/src/drivers/cipher.c
+++ b/tests/src/drivers/test_driver_cipher.c
@@ -36,14 +36,10 @@
#include <string.h>
-/* Test driver implements AES-CTR only. Its default behaviour (when its return
- * status is not overridden through the hooks) is to take care of all AES-CTR
- * operations, and return PSA_ERROR_NOT_SUPPORTED for all others.
- * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use
- * fallback even for AES-CTR. */
-test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT;
+mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
+ MBEDTLS_TEST_DRIVER_CIPHER_INIT;
-static psa_status_t test_transparent_cipher_oneshot(
+static psa_status_t mbedtls_test_transparent_cipher_oneshot(
mbedtls_operation_t direction,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -51,7 +47,7 @@
const uint8_t *input, size_t input_length,
uint8_t *output, size_t output_size, size_t *output_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
/* Test driver supports AES-CTR only, to verify operation calls. */
if( alg != PSA_ALG_CTR ||
@@ -59,21 +55,21 @@
return( PSA_ERROR_NOT_SUPPORTED );
/* If test driver response code is not SUCCESS, we can return early */
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
/* If test driver output is overridden, we don't need to do actual crypto */
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return( PSA_ERROR_BUFFER_TOO_SMALL );
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
/* Run AES-CTR using the cipher module */
@@ -171,7 +167,7 @@
}
}
-psa_status_t test_transparent_cipher_encrypt(
+psa_status_t mbedtls_test_transparent_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -179,7 +175,7 @@
uint8_t *output, size_t output_size, size_t *output_length)
{
return (
- test_transparent_cipher_oneshot(
+ mbedtls_test_transparent_cipher_oneshot(
MBEDTLS_ENCRYPT,
attributes,
key, key_length,
@@ -188,7 +184,7 @@
output, output_size, output_length) );
}
-psa_status_t test_transparent_cipher_decrypt(
+psa_status_t mbedtls_test_transparent_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -196,7 +192,7 @@
uint8_t *output, size_t output_size, size_t *output_length)
{
return (
- test_transparent_cipher_oneshot(
+ mbedtls_test_transparent_cipher_oneshot(
MBEDTLS_DECRYPT,
attributes,
key, key_length,
@@ -205,13 +201,13 @@
output, output_size, output_length) );
}
-psa_status_t test_transparent_cipher_encrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
/* Wiping the entire struct here, instead of member-by-member. This is
* useful for the test suite, since it gives a chance of catching memory
@@ -219,32 +215,32 @@
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_encrypt_setup(
operation, attributes, key, key_length, alg ) );
}
-psa_status_t test_transparent_cipher_decrypt_setup(
+psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return ( mbedtls_transparent_test_driver_cipher_decrypt_setup(
operation, attributes, key, key_length, alg ) );
}
-psa_status_t test_transparent_cipher_abort(
+psa_status_t mbedtls_test_transparent_cipher_abort(
mbedtls_transparent_test_driver_cipher_operation_t *operation)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
if( operation->alg == 0 )
return( PSA_SUCCESS );
@@ -257,24 +253,24 @@
* our context struct. */
memset( operation, 0, sizeof( *operation ) );
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
-psa_status_t test_transparent_cipher_set_iv(
+psa_status_t mbedtls_test_transparent_cipher_set_iv(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_set_iv(
operation, iv, iv_length ) );
}
-psa_status_t test_transparent_cipher_update(
+psa_status_t mbedtls_test_transparent_cipher_update(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -282,52 +278,52 @@
size_t output_size,
size_t *output_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return PSA_ERROR_BUFFER_TOO_SMALL;
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_update(
operation, input, input_length,
output, output_size, output_length ) );
}
-psa_status_t test_transparent_cipher_finish(
+psa_status_t mbedtls_test_transparent_cipher_finish(
mbedtls_transparent_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
size_t *output_length)
{
- test_driver_cipher_hooks.hits++;
+ mbedtls_test_driver_cipher_hooks.hits++;
- if( test_driver_cipher_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_cipher_hooks.forced_output != NULL )
{
- if( output_size < test_driver_cipher_hooks.forced_output_length )
+ if( output_size < mbedtls_test_driver_cipher_hooks.forced_output_length )
return PSA_ERROR_BUFFER_TOO_SMALL;
memcpy( output,
- test_driver_cipher_hooks.forced_output,
- test_driver_cipher_hooks.forced_output_length );
- *output_length = test_driver_cipher_hooks.forced_output_length;
+ mbedtls_test_driver_cipher_hooks.forced_output,
+ mbedtls_test_driver_cipher_hooks.forced_output_length );
+ *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
- return( test_driver_cipher_hooks.forced_status );
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
}
- if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_cipher_hooks.forced_status );
+ if( mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_cipher_hooks.forced_status );
return( mbedtls_transparent_test_driver_cipher_finish(
operation, output, output_size, output_length ) );
@@ -336,7 +332,7 @@
/*
* opaque versions, to do
*/
-psa_status_t test_opaque_cipher_encrypt(
+psa_status_t mbedtls_test_opaque_cipher_encrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -355,7 +351,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_decrypt(
+psa_status_t mbedtls_test_opaque_cipher_decrypt(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -374,7 +370,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_encrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -388,7 +384,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_decrypt_setup(
+psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
@@ -402,14 +398,14 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_abort(
+psa_status_t mbedtls_test_opaque_cipher_abort(
mbedtls_opaque_test_driver_cipher_operation_t *operation )
{
(void) operation;
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_set_iv(
+psa_status_t mbedtls_test_opaque_cipher_set_iv(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *iv,
size_t iv_length)
@@ -420,7 +416,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_update(
+psa_status_t mbedtls_test_opaque_cipher_update(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
const uint8_t *input,
size_t input_length,
@@ -437,7 +433,7 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_opaque_cipher_finish(
+psa_status_t mbedtls_test_opaque_cipher_finish(
mbedtls_opaque_test_driver_cipher_operation_t *operation,
uint8_t *output,
size_t output_size,
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
new file mode 100644
index 0000000..19e1033
--- /dev/null
+++ b/tests/src/drivers/test_driver_key_management.c
@@ -0,0 +1,392 @@
+/*
+ * Test driver for generating and verifying keys.
+ * Currently only supports generating and verifying ECC keys.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+#include "psa/crypto.h"
+#include "psa_crypto_core.h"
+#include "psa_crypto_ecp.h"
+#include "psa_crypto_rsa.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/error.h"
+
+#include "test/drivers/key_management.h"
+
+#include "test/random.h"
+
+#include <string.h>
+
+mbedtls_test_driver_key_management_hooks_t
+ mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
+
+const uint8_t mbedtls_test_driver_aes_key[16] =
+ { 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
+ 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
+const uint8_t mbedtls_test_driver_ecdsa_key[32] =
+ { 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
+ 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
+ 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
+ 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
+const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
+ { 0x04,
+ 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
+ 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
+ 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
+ 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
+ 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
+ 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
+ 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
+ 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
+
+psa_status_t mbedtls_test_transparent_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ ++mbedtls_test_driver_key_management_hooks.hits;
+
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
+
+ if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
+ {
+ if( mbedtls_test_driver_key_management_hooks.forced_output_length >
+ key_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( key, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length );
+ *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ /* Copied from psa_crypto.c */
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
+ if ( PSA_KEY_TYPE_IS_ECC( psa_get_key_type( attributes ) )
+ && PSA_KEY_TYPE_IS_KEY_PAIR( psa_get_key_type( attributes ) ) )
+ {
+ return( mbedtls_transparent_test_driver_ecp_generate_key(
+ attributes, key, key_size, key_length ) );
+ }
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) */
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
+ if ( psa_get_key_type( attributes ) == PSA_KEY_TYPE_RSA_KEY_PAIR )
+ return( mbedtls_transparent_test_driver_rsa_generate_key(
+ attributes, key, key_size, key_length ) );
+ else
+#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
+ {
+ (void)attributes;
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+}
+
+psa_status_t mbedtls_test_opaque_generate_key(
+ const psa_key_attributes_t *attributes,
+ uint8_t *key, size_t key_size, size_t *key_length )
+{
+ (void) attributes;
+ (void) key;
+ (void) key_size;
+ (void) key_length;
+ return( PSA_ERROR_NOT_SUPPORTED );
+}
+
+psa_status_t mbedtls_test_transparent_import_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *data,
+ size_t data_length,
+ uint8_t *key_buffer,
+ size_t key_buffer_size,
+ size_t *key_buffer_length,
+ size_t *bits)
+{
+ ++mbedtls_test_driver_key_management_hooks.hits;
+
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
+
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t type = psa_get_key_type( attributes );
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_ECC( type ) )
+ {
+ status = mbedtls_transparent_test_driver_ecp_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
+ }
+ else
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_RSA( type ) )
+ {
+ status = mbedtls_transparent_test_driver_rsa_import_key(
+ attributes,
+ data, data_length,
+ key_buffer, key_buffer_size,
+ key_buffer_length, bits );
+ }
+ else
+#endif
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ (void)data;
+ (void)data_length;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)key_buffer_length;
+ (void)bits;
+ (void)type;
+ }
+
+ return( status );
+}
+
+psa_status_t mbedtls_test_opaque_export_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ {
+ /* Test driver does not support generic opaque key handling yet. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ /* Assume this is a builtin key based on the key material length. */
+ psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ /* This is the ECDSA slot. Verify the key's attributes before
+ * returning the private key. */
+ if( psa_get_key_type( attributes ) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) !=
+ PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( ( psa_get_key_usage_flags( attributes ) &
+ PSA_KEY_USAGE_EXPORT ) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( mbedtls_test_driver_ecdsa_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, mbedtls_test_driver_ecdsa_key,
+ sizeof( mbedtls_test_driver_ecdsa_key ) );
+ *data_length = sizeof( mbedtls_test_driver_ecdsa_key );
+ return( PSA_SUCCESS );
+
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+ /* This is the AES slot. Verify the key's attributes before
+ * returning the key. */
+ if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 128 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) != PSA_ALG_CTR )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( ( psa_get_key_usage_flags( attributes ) &
+ PSA_KEY_USAGE_EXPORT ) == 0 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( mbedtls_test_driver_aes_key ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, mbedtls_test_driver_aes_key,
+ sizeof( mbedtls_test_driver_aes_key ) );
+ *data_length = sizeof( mbedtls_test_driver_aes_key );
+ return( PSA_SUCCESS );
+
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+psa_status_t mbedtls_test_transparent_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key_buffer, size_t key_buffer_size,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ ++mbedtls_test_driver_key_management_hooks.hits;
+
+ if( mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_key_management_hooks.forced_status );
+
+ if( mbedtls_test_driver_key_management_hooks.forced_output != NULL )
+ {
+ if( mbedtls_test_driver_key_management_hooks.forced_output_length >
+ data_size )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+ memcpy( data, mbedtls_test_driver_key_management_hooks.forced_output,
+ mbedtls_test_driver_key_management_hooks.forced_output_length );
+ *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
+ return( PSA_SUCCESS );
+ }
+
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_type_t key_type = psa_get_key_type( attributes );
+
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_ECC( key_type ) )
+ {
+ status = mbedtls_transparent_test_driver_ecp_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length );
+ }
+ else
+#endif
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
+ defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+ if( PSA_KEY_TYPE_IS_RSA( key_type ) )
+ {
+ status = mbedtls_transparent_test_driver_rsa_export_public_key(
+ attributes,
+ key_buffer, key_buffer_size,
+ data, data_size, data_length );
+ }
+ else
+#endif
+ {
+ status = PSA_ERROR_NOT_SUPPORTED;
+ (void)key_buffer;
+ (void)key_buffer_size;
+ (void)key_type;
+ }
+
+ return( status );
+}
+
+psa_status_t mbedtls_test_opaque_export_public_key(
+ const psa_key_attributes_t *attributes,
+ const uint8_t *key, size_t key_length,
+ uint8_t *data, size_t data_size, size_t *data_length )
+{
+ if( key_length != sizeof( psa_drv_slot_number_t ) )
+ {
+ /* Test driver does not support generic opaque key handling yet. */
+ return( PSA_ERROR_NOT_SUPPORTED );
+ }
+
+ /* Assume this is a builtin key based on the key material length. */
+ psa_drv_slot_number_t slot_number = *( ( psa_drv_slot_number_t* ) key );
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ /* This is the ECDSA slot. Verify the key's attributes before
+ * returning the public key. */
+ if( psa_get_key_type( attributes ) !=
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_bits( attributes ) != 256 )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+ if( psa_get_key_algorithm( attributes ) !=
+ PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) )
+ return( PSA_ERROR_CORRUPTION_DETECTED );
+
+ if( data_size < sizeof( mbedtls_test_driver_ecdsa_pubkey ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ memcpy( data, mbedtls_test_driver_ecdsa_pubkey,
+ sizeof( mbedtls_test_driver_ecdsa_pubkey ) );
+ *data_length = sizeof( mbedtls_test_driver_ecdsa_pubkey );
+ return( PSA_SUCCESS );
+
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+/* The opaque test driver exposes two built-in keys when builtin key support is
+ * compiled in.
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
+ * key which allows CTR mode.
+ * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
+ * private key which allows ECDSA sign & verify.
+ * The key buffer format for these is the raw format of psa_drv_slot_number_t
+ * (i.e. for an actual driver this would mean 'builtin_key_size' =
+ * sizeof(psa_drv_slot_number_t)).
+ */
+psa_status_t mbedtls_test_opaque_get_builtin_key(
+ psa_drv_slot_number_t slot_number,
+ psa_key_attributes_t *attributes,
+ uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length )
+{
+ switch( slot_number )
+ {
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
+ psa_set_key_type( attributes, PSA_KEY_TYPE_AES );
+ psa_set_key_bits( attributes, 128 );
+ psa_set_key_usage_flags(
+ attributes,
+ PSA_KEY_USAGE_ENCRYPT |
+ PSA_KEY_USAGE_DECRYPT |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm( attributes, PSA_ALG_CTR );
+
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ *( (psa_drv_slot_number_t*) key_buffer ) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
+ psa_set_key_type(
+ attributes,
+ PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
+ psa_set_key_bits( attributes, 256 );
+ psa_set_key_usage_flags(
+ attributes,
+ PSA_KEY_USAGE_SIGN_HASH |
+ PSA_KEY_USAGE_VERIFY_HASH |
+ PSA_KEY_USAGE_EXPORT );
+ psa_set_key_algorithm(
+ attributes, PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ) );
+
+ if( key_buffer_size < sizeof( psa_drv_slot_number_t ) )
+ return( PSA_ERROR_BUFFER_TOO_SMALL );
+
+ *( (psa_drv_slot_number_t*) key_buffer ) =
+ PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
+ *key_buffer_length = sizeof( psa_drv_slot_number_t );
+ return( PSA_SUCCESS );
+ default:
+ return( PSA_ERROR_DOES_NOT_EXIST );
+ }
+}
+
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/test_driver_signature.c
similarity index 81%
rename from tests/src/drivers/signature.c
rename to tests/src/drivers/test_driver_signature.c
index 47c6deb..be8c179 100644
--- a/tests/src/drivers/signature.c
+++ b/tests/src/drivers/test_driver_signature.c
@@ -41,28 +41,32 @@
#include <string.h>
-test_driver_signature_hooks_t test_driver_signature_sign_hooks = TEST_DRIVER_SIGNATURE_INIT;
-test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_SIGNATURE_INIT;
+mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
+mbedtls_test_driver_signature_hooks_t
+ mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-psa_status_t test_transparent_signature_sign_hash(
+psa_status_t mbedtls_test_transparent_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
uint8_t *signature, size_t signature_size, size_t *signature_length )
{
- ++test_driver_signature_sign_hooks.hits;
+ ++mbedtls_test_driver_signature_sign_hooks.hits;
- if( test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_signature_sign_hooks.forced_status );
+ if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_sign_hooks.forced_status );
- if( test_driver_signature_sign_hooks.forced_output != NULL )
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL )
{
- if( test_driver_signature_sign_hooks.forced_output_length > signature_size )
+ if( mbedtls_test_driver_signature_sign_hooks.forced_output_length >
+ signature_size )
return( PSA_ERROR_BUFFER_TOO_SMALL );
- memcpy( signature, test_driver_signature_sign_hooks.forced_output,
- test_driver_signature_sign_hooks.forced_output_length );
- *signature_length = test_driver_signature_sign_hooks.forced_output_length;
+ memcpy( signature,
+ mbedtls_test_driver_signature_sign_hooks.forced_output,
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length );
+ *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
return( PSA_SUCCESS );
}
@@ -120,7 +124,7 @@
}
}
-psa_status_t test_opaque_signature_sign_hash(
+psa_status_t mbedtls_test_opaque_signature_sign_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
@@ -140,17 +144,17 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t test_transparent_signature_verify_hash(
+psa_status_t mbedtls_test_transparent_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg,
const uint8_t *hash, size_t hash_length,
const uint8_t *signature, size_t signature_length )
{
- ++test_driver_signature_verify_hooks.hits;
+ ++mbedtls_test_driver_signature_verify_hooks.hits;
- if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
- return( test_driver_signature_verify_hooks.forced_status );
+ if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
+ return( mbedtls_test_driver_signature_verify_hooks.forced_status );
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
@@ -200,7 +204,7 @@
}
}
-psa_status_t test_opaque_signature_verify_hash(
+psa_status_t mbedtls_test_opaque_signature_verify_hash(
const psa_key_attributes_t *attributes,
const uint8_t *key, size_t key_length,
psa_algorithm_t alg,
diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c
new file mode 100644
index 0000000..d8bcaee
--- /dev/null
+++ b/tests/src/drivers/test_driver_size.c
@@ -0,0 +1,101 @@
+/*
+ * Test driver for retrieving key context size.
+ * Only used by opaque drivers.
+ */
+/* Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
+
+#include "test/drivers/size.h"
+#include "psa/crypto.h"
+
+typedef struct {
+ unsigned int context;
+} test_driver_key_context_t;
+
+/*
+ * This macro returns the base size for the key context. It is the size of the
+ * driver specific information stored in each key context.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE sizeof( test_driver_key_context_t )
+
+/*
+ * Number of bytes included in every key context for a key pair.
+ *
+ * This pair size is for an ECC 256-bit private/public key pair.
+ * Based on this value, the size of the private key can be derived by
+ * subtracting the public key size below from this one.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_KEY_PAIR_SIZE 65
+
+/*
+ * Number of bytes included in every key context for a public key.
+ *
+ * For ECC public keys, it needs 257 bits so 33 bytes.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE 33
+
+/*
+ * Every key context for a symmetric key includes this many times the key size.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR 0
+
+/*
+ * If this is true for a key pair, the key context includes space for the public key.
+ * If this is false, no additional space is added for the public key.
+ *
+ * For this instance, store the public key with the private one.
+ */
+#define TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY 1
+
+size_t mbedtls_test_size_function(
+ const psa_key_type_t key_type,
+ const size_t key_bits )
+{
+ size_t key_buffer_size = 0;
+
+ if( PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) )
+ {
+ int public_key_overhead =
+ ( ( TEST_DRIVER_KEY_CONTEXT_STORE_PUBLIC_KEY == 1 )
+ ? PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) : 0 );
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE +
+ public_key_overhead;
+ }
+ else if( PSA_KEY_TYPE_IS_PUBLIC_KEY( key_type ) )
+ {
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ TEST_DRIVER_KEY_CONTEXT_PUBLIC_KEY_SIZE;
+ }
+ else if ( !PSA_KEY_TYPE_IS_KEY_PAIR( key_type ) &&
+ !PSA_KEY_TYPE_IS_PUBLIC_KEY ( key_type ) )
+ {
+ key_buffer_size = TEST_DRIVER_KEY_CONTEXT_BASE_SIZE +
+ ( TEST_DRIVER_KEY_CONTEXT_SYMMETRIC_FACTOR *
+ ( ( key_bits + 7 ) / 8 ) );
+ }
+
+ return( key_buffer_size );
+}
+#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index e323275..b7c9867 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -282,3 +282,59 @@
}
}
#endif /* MBEDTLS_CHECK_PARAMS */
+
+#if defined(MBEDTLS_TEST_HOOKS)
+void mbedtls_test_err_add_check( int high, int low,
+ const char *file, int line )
+{
+ /* Error codes are always negative (a value of zero is a success) however
+ * their positive opposites can be easier to understand. The following
+ * examples given in comments have been made positive for ease of
+ * understanding. The structure of an error code is such:
+ *
+ * shhhhhhhhlllllll
+ *
+ * s = sign bit.
+ * h = high level error code (includes high level module ID (bits 12..14)
+ * and module-dependent error code (bits 7..11)).
+ * l = low level error code.
+ */
+ if ( high > -0x1000 && high != 0 )
+ /* high < 0001000000000000
+ * No high level module ID bits are set.
+ */
+ {
+ mbedtls_test_fail( "'high' is not a high-level error code",
+ line, file );
+ }
+ else if ( high < -0x7F80 )
+ /* high > 0111111110000000
+ * Error code is greater than the largest allowed high level module ID.
+ */
+ {
+ mbedtls_test_fail( "'high' error code is greater than 15 bits",
+ line, file );
+ }
+ else if ( ( high & 0x7F ) != 0 )
+ /* high & 0000000001111111
+ * Error code contains low level error code bits.
+ */
+ {
+ mbedtls_test_fail( "'high' contains a low-level error code",
+ line, file );
+ }
+ else if ( low < -0x007F )
+ /* low > 0000000001111111
+ * Error code contains high or module level error code bits.
+ */
+ {
+ mbedtls_test_fail( "'low' error code is greater than 7 bits",
+ line, file );
+ }
+ else if ( low > 0 )
+ {
+ mbedtls_test_fail( "'low' error code is greater than zero",
+ line, file );
+ }
+}
+#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e82f7cf..32bd65d 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4451,6 +4451,7 @@
# Tests for certificate selection based on SHA verson
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@@ -4461,6 +4462,7 @@
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@@ -4471,6 +4473,7 @@
-C "signed using.*ECDSA with SHA256" \
-c "signed using.*ECDSA with SHA1"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@@ -4481,6 +4484,7 @@
-C "signed using.*ECDSA with SHA256" \
-c "signed using.*ECDSA with SHA1"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
"$P_SRV crt_file=data_files/server5.crt \
key_file=data_files/server5.key \
@@ -4492,6 +4496,7 @@
-c "signed using.*ECDSA with SHA256" \
-C "signed using.*ECDSA with SHA1"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
"$P_SRV crt_file=data_files/server6.crt \
key_file=data_files/server6.key \
@@ -4505,6 +4510,7 @@
# tests for SNI
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: no SNI callback" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@@ -4514,6 +4520,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: matching cert 1" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4524,6 +4531,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: matching cert 2" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4534,6 +4542,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: no matching cert" \
"$P_SRV debug_level=3 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4641,6 +4650,7 @@
# Tests for SNI and DTLS
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, no SNI callback" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key" \
@@ -4650,6 +4660,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, matching cert 1" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -4660,6 +4671,7 @@
-c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
-c "subject name *: C=NL, O=PolarSSL, CN=localhost"
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SNI: DTLS, matching cert 2" \
"$P_SRV debug_level=3 dtls=1 \
crt_file=data_files/server5.crt key_file=data_files/server5.key \
@@ -5426,6 +5438,20 @@
0 \
-C "DHM prime too short:"
+run_test "DHM size: server 999, client 999, OK" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 0 \
+ -C "DHM prime too short:"
+
+run_test "DHM size: server 1000, client 1000, OK" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 0 \
+ -C "DHM prime too short:"
+
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -5433,6 +5459,27 @@
1 \
-c "DHM prime too short:"
+run_test "DHM size: server 1000, client 1001, rejected" \
+ "$P_SRV dhm_file=data_files/dh.1000.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1001" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 999, client 1000, rejected" \
+ "$P_SRV dhm_file=data_files/dh.999.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=1000" \
+ 1 \
+ -c "DHM prime too short:"
+
+run_test "DHM size: server 998, client 999, rejected" \
+ "$P_SRV dhm_file=data_files/dh.998.pem" \
+ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
+ debug_level=1 dhmlen=999" \
+ 1 \
+ -c "DHM prime too short:"
+
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@@ -6674,6 +6721,7 @@
-s "Async resume (slot [0-9]): sign done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_config_disabled MBEDTLS_X509_REMOVE_INFO
run_test "SSL async private: sign, SNI" \
"$P_SRV debug_level=3 \
async_operations=s async_private_delay1=0 async_private_delay2=0 \
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 36a7d23..ac00f45 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -33,6 +33,10 @@
#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_TEST_HOOKS)
+#include "mbedtls/error.h"
+#endif
+
/* Test code may use deprecated identifiers only if the preprocessor symbol
* MBEDTLS_TEST_DEPRECATED is defined. When building tests, set
* MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is
@@ -279,6 +283,10 @@
*/
int main( int argc, const char *argv[] )
{
+#if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C)
+ mbedtls_test_hook_error_add = &mbedtls_test_err_add_check;
+#endif
+
int ret = mbedtls_test_platform_setup();
if( ret != 0 )
{
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 76e474f..3d3f6a3 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -422,124 +422,6 @@
valid_buffer, valid_size,
valid_buffer, NULL ) );
-#if defined(MBEDTLS_CIPHER_MODE_AEAD)
- /* mbedtls_cipher_auth_encrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_encrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- NULL, valid_size ) );
-
- /* mbedtls_cipher_auth_decrypt() */
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( NULL,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, valid_size,
- valid_buffer, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- NULL, &size_t_var,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, NULL,
- valid_buffer, valid_size ) );
- TEST_INVALID_PARAM_RET(
- MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
- mbedtls_cipher_auth_decrypt( &valid_ctx,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, valid_size,
- valid_buffer, &size_t_var,
- NULL, valid_size ) );
-#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
-
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
/* mbedtls_cipher_auth_encrypt_ext */
TEST_INVALID_PARAM_RET(
@@ -1126,11 +1008,6 @@
* of AEAD decryption and AEAD encryption. Check that
* this results in the expected plaintext, and that
* decryption and encryption are inverse to one another.
- *
- * Do that twice:
- * - once with legacy functions auth_decrypt/auth_encrypt
- * - once with new functions auth_decrypt_ext/auth_encrypt_ext
- * This allows testing both without duplicating test cases.
*/
int ret;
@@ -1146,13 +1023,6 @@
unsigned char *encrypt_buf = NULL;
size_t encrypt_buf_len = 0;
-#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(MBEDTLS_DEPRECATED_REMOVED)
- unsigned char *tmp_tag = NULL;
- unsigned char *tmp_cipher = NULL;
- unsigned char *tag_buf = NULL;
-#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
-
/* Null pointers are documented as valid for inputs of length 0.
* The test framework passes non-null pointers, so set them to NULL.
* key, cipher and tag can't be empty. */
@@ -1184,12 +1054,6 @@
cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
using_nist_kw_padding;
- /****************************************************************
- * *
- * Part 1: non-deprecated API *
- * *
- ****************************************************************/
-
/*
* Prepare context for decryption
*/
@@ -1253,7 +1117,6 @@
ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
}
- /* Free this, but keep cipher_plus_tag for deprecated function with PSA */
mbedtls_free( decrypt_buf );
decrypt_buf = NULL;
@@ -1315,135 +1178,12 @@
encrypt_buf = NULL;
}
- /****************************************************************
- * *
- * Part 2: deprecated API *
- * *
- ****************************************************************/
-
-#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(MBEDTLS_DEPRECATED_REMOVED)
-
- /*
- * Prepare context for decryption
- */
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_DECRYPT ) )
- goto exit;
-
- /*
- * Prepare pointers for decryption
- */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa == 1 )
- {
- /* PSA requires that the tag immediately follows the ciphertext.
- * Fortunately, we already have that from testing the new API. */
- tmp_cipher = cipher_plus_tag;
- tmp_tag = tmp_cipher + cipher->len;
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
- tmp_cipher = cipher->x;
- tmp_tag = tag->x;
- }
-
- /*
- * Authenticate and decrypt, and check result
- */
-
- ASSERT_ALLOC( decrypt_buf, cipher->len );
- outlen = 0;
- ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
- tmp_cipher, cipher->len, decrypt_buf, &outlen,
- tmp_tag, tag->len );
-
- if( using_nist_kw )
- {
- /* NIST_KW with legacy API */
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
- else if( strcmp( result, "FAIL" ) == 0 )
- {
- /* unauthentic message */
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
- TEST_ASSERT( buffer_is_all_zero( decrypt_buf, cipher->len ) );
- }
- else
- {
- /* authentic message: is the plaintext correct? */
- TEST_ASSERT( ret == 0 );
- ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len );
- }
-
- mbedtls_free( decrypt_buf );
- decrypt_buf = NULL;
- mbedtls_free( cipher_plus_tag );
- cipher_plus_tag = NULL;
-
- /*
- * Encrypt back if test data was authentic
- */
- if( strcmp( result, "FAIL" ) != 0 )
- {
- /* prepare context for encryption */
- if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
- MBEDTLS_ENCRYPT ) )
- goto exit;
-
- /* prepare buffers for encryption */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( use_psa )
- {
- ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len );
- tmp_cipher = cipher_plus_tag;
- tmp_tag = cipher_plus_tag + cipher->len;
- }
- else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
- {
- ASSERT_ALLOC( encrypt_buf, cipher->len );
- ASSERT_ALLOC( tag_buf, tag->len );
- tmp_cipher = encrypt_buf;
- tmp_tag = tag_buf;
- }
-
- /*
- * Encrypt and check the result
- */
- outlen = 0;
- ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
- clear->x, clear->len, tmp_cipher, &outlen,
- tmp_tag, tag->len );
-
- if( using_nist_kw )
- {
- TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
- else
- {
- TEST_ASSERT( ret == 0 );
-
- TEST_ASSERT( outlen == cipher->len );
- if( cipher->len != 0 )
- TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 );
- TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 );
- }
- }
-
-#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
-
exit:
mbedtls_cipher_free( &ctx );
mbedtls_free( decrypt_buf );
mbedtls_free( encrypt_buf );
mbedtls_free( cipher_plus_tag );
-#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
- !defined(MBEDTLS_DEPRECATED_REMOVED)
- mbedtls_free( tag_buf );
-#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( use_psa == 1 )
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index eb99b79..0935c12 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -38,11 +38,11 @@
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print certificate #1 (RSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 377d630..ad50e53 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -131,7 +131,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
char * prefix, char * result_str )
{
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 8157234..58cedc1 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -599,7 +599,8 @@
cnt_restart = 0;
do {
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
- md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
+ md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL,
+ &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -614,7 +615,8 @@
if( min_restart > 0 )
{
ret = mbedtls_ecdsa_write_signature_restartable( &ctx,
- md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx );
+ md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL,
+ &rs_ctx );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 9e8d437..5c56ef4 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_OID_C
+ * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index bc469b6..9454fe7 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -821,7 +821,8 @@
cnt_restart = 0;
do {
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
- sig, &slen, NULL, NULL, &rs_ctx );
+ sig, &slen, mbedtls_test_rnd_std_rand,
+ NULL, &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -868,7 +869,8 @@
slen = sizeof( sig );
ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen,
- sig, &slen, NULL, NULL, &rs_ctx );
+ sig, &slen, mbedtls_test_rnd_std_rand,
+ NULL, &rs_ctx );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
}
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 8f04bc8..bff0c35 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -2924,24 +2924,16 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
unsigned char *output_data2 = NULL;
size_t output_length2 = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_status_t expected_result = expected_result_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- output_size = input_data->len + tag_length;
- /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- * should be exact. */
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT );
@@ -2950,6 +2942,22 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED )
+ {
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ }
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
@@ -2977,7 +2985,7 @@
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
* should be exact. */
TEST_EQUAL( input_data->len,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, output_length ) );
TEST_ASSERT( input_data->len <=
PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
@@ -3014,22 +3022,13 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- output_size = input_data->len + tag_length;
- /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- * should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
@@ -3038,6 +3037,18 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
@@ -3078,26 +3089,14 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_result = expected_result_arg;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- output_size = input_data->len - tag_length;
- if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
- {
- /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
- * should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- }
- ASSERT_ALLOC( output_data, output_size );
-
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
@@ -3106,6 +3105,22 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
+
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ if( expected_result != PSA_ERROR_INVALID_ARGUMENT &&
+ expected_result != PSA_ERROR_NOT_SUPPORTED )
+ {
+ /* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_DECRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ }
+ ASSERT_ALLOC( output_data, output_size );
status = psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
index 241d715..5fbfac6 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data
@@ -243,3 +243,81 @@
PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY
depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY
+
+PSA opaque driver builtin key export: AES
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX-1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: AES (registered to ID_MAX)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS
+
+PSA opaque driver builtin key export: key ID out of range (ID_MIN - 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: key ID out of range (ID_MAX + 1)
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE
+
+PSA opaque driver builtin key export: secp256r1
+builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"dc7d9d26d67a4f632c34c2dc0b6986183882c206df04cdb7d69aabe28be4f81a":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: secp256r1
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_SUCCESS
+
+PSA opaque driver builtin pubkey export: not a public key
+builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_ERROR_INVALID_ARGUMENT
+
+Hash compute: SHA-256, computed by the driver
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS:PSA_SUCCESS
+
+Hash compute: SHA-256, fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+Hash compute: SHA-256, no fallback
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+Hash compute: SHA-256, INSUFFICIENT_MEMORY
+hash_compute:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+Hash multi-part setup: SHA-256, computed by the driver
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS:PSA_SUCCESS
+
+Hash multi-part setup: SHA-256, fallback
+depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS
+
+Hash multi-part setup: SHA-256, no fallback
+depends_on:!MBEDTLS_PSA_BUILTIN_ALG_SHA_256
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED
+
+Hash multi-part setup: SHA-256, INSUFFICIENT_MEMORY
+hash_multipart_setup:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY
+
+Hash multi-part update: SHA-256, update successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash multi-part update: SHA-256, update failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
+
+Hash multi-part finish: SHA-256, finish successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash multi-part finish: SHA-256, finish failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_multipart_update:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
+
+Hash clone: SHA-256, clone successful
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_clone:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_SUCCESS
+
+Hash clone: SHA-256, clone failure
+depends_on:MBEDTLS_PSA_ACCEL_ALG_SHA_256
+hash_clone:PSA_ALG_SHA_256:"b0bd69":"4096804221093ddccfbf46831490ea63e9e99414858f8d75ff7f642c7ca61803":PSA_ERROR_NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index b287ce1..a0b719e 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -23,7 +23,8 @@
uint8_t signature[64];
size_t signature_length = 0xdeadbeef;
psa_status_t actual_status;
- test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_type( &attributes,
@@ -34,11 +35,13 @@
key_input->x, key_input->len,
&key );
- test_driver_signature_sign_hooks.forced_status = force_status;
+ mbedtls_test_driver_signature_sign_hooks.forced_status = force_status;
if( fake_output == 1 )
{
- test_driver_signature_sign_hooks.forced_output = expected_output->x;
- test_driver_signature_sign_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_signature_sign_hooks.forced_output =
+ expected_output->x;
+ mbedtls_test_driver_signature_sign_hooks.forced_output_length =
+ expected_output->len;
}
actual_status = psa_sign_hash( key, alg,
@@ -51,13 +54,14 @@
ASSERT_COMPARE( signature, signature_length,
expected_output->x, expected_output->len );
}
- TEST_EQUAL( test_driver_signature_sign_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, 1 );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_signature_sign_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_sign_hooks =
+ mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
@@ -75,7 +79,8 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 );
psa_status_t actual_status;
- test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
if( register_public_key )
@@ -99,19 +104,20 @@
&key );
}
- test_driver_signature_verify_hooks.forced_status = force_status;
+ mbedtls_test_driver_signature_verify_hooks.forced_status = force_status;
actual_status = psa_verify_hash( key, alg,
data_input->x, data_input->len,
signature_input->x, signature_input->len );
TEST_EQUAL( actual_status, expected_status );
- TEST_EQUAL( test_driver_signature_verify_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, 1 );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_signature_verify_hooks = test_driver_signature_hooks_init();
+ mbedtls_test_driver_signature_verify_hooks =
+ mbedtls_test_driver_signature_hooks_init();
}
/* END_CASE */
@@ -130,7 +136,8 @@
psa_status_t actual_status;
uint8_t actual_output[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(256)] = {0};
size_t actual_output_length;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes,
PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) );
@@ -140,18 +147,22 @@
if( fake_output->len > 0 )
{
- expected_output = test_driver_key_management_hooks.forced_output = fake_output->x;
- expected_output_length = test_driver_key_management_hooks.forced_output_length =
+ expected_output =
+ mbedtls_test_driver_key_management_hooks.forced_output =
+ fake_output->x;
+
+ expected_output_length =
+ mbedtls_test_driver_key_management_hooks.forced_output_length =
fake_output->len;
}
- test_driver_key_management_hooks.hits = 0;
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
actual_status = psa_generate_key( &attributes, &key );
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
if( actual_status == PSA_SUCCESS )
@@ -178,7 +189,8 @@
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
@@ -194,25 +206,27 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t actual_status;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes,
key_type );
psa_set_key_bits( &attributes, 0 );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_EXPORT );
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
actual_status = psa_import_key( &attributes, key_input->x, key_input->len, &key );
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
TEST_EQUAL( actual_status, expected_status );
exit:
psa_reset_key_attributes( &attributes );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
@@ -236,7 +250,8 @@
psa_status_t actual_status;
uint8_t actual_output[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(256)] = {0};
size_t actual_output_length;
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
psa_set_key_type( &attributes, input_key_type );
psa_set_key_bits( &attributes, 256 );
@@ -247,8 +262,12 @@
if( fake_output->len > 0 )
{
- expected_output_ptr = test_driver_key_management_hooks.forced_output = fake_output->x;
- expected_output_length = test_driver_key_management_hooks.forced_output_length =
+ expected_output_ptr =
+ mbedtls_test_driver_key_management_hooks.forced_output =
+ fake_output->x;
+
+ expected_output_length =
+ mbedtls_test_driver_key_management_hooks.forced_output_length =
fake_output->len;
}
else
@@ -257,8 +276,8 @@
expected_output_length = expected_output->len;
}
- test_driver_key_management_hooks.hits = 0;
- test_driver_key_management_hooks.forced_status = force_status;
+ mbedtls_test_driver_key_management_hooks.hits = 0;
+ mbedtls_test_driver_key_management_hooks.forced_status = force_status;
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) )
actual_status = psa_export_public_key( handle, actual_output, sizeof(actual_output), &actual_output_length );
@@ -268,7 +287,7 @@
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( output_key_type ) &&
!PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( input_key_type ) )
- TEST_EQUAL( test_driver_key_management_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_key_management_hooks.hits, 1 );
if( actual_status == PSA_SUCCESS )
{
@@ -279,7 +298,8 @@
psa_reset_key_attributes( &attributes );
psa_destroy_key( handle );
PSA_DONE( );
- test_driver_key_management_hooks = test_driver_key_management_hooks_init();
+ mbedtls_test_driver_key_management_hooks =
+ mbedtls_test_driver_key_management_hooks_init();
}
/* END_CASE */
@@ -303,8 +323,8 @@
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
- test_driver_cipher_hooks.forced_status = force_status;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -316,12 +336,12 @@
&key ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@@ -329,21 +349,21 @@
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = expected_output->x;
- test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
PSA_ASSERT( psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = NULL;
- test_driver_cipher_hooks.forced_output_length = 0;
+ mbedtls_test_driver_cipher_hooks.forced_output = NULL;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
}
total_output_length += function_output_length;
@@ -352,8 +372,8 @@
output_buffer_size - total_output_length,
&function_output_length );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
total_output_length += function_output_length;
@@ -362,7 +382,7 @@
{
PSA_ASSERT( psa_cipher_abort( &operation ) );
// driver function should've been called as part of the finish() core routine
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
}
@@ -372,7 +392,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -396,7 +416,7 @@
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -408,12 +428,12 @@
&key ) );
PSA_ASSERT( psa_cipher_encrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@@ -423,8 +443,8 @@
PSA_ASSERT( psa_cipher_update( &operation, input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
TEST_ASSERT( function_output_length == output1_length );
total_output_length += function_output_length;
@@ -434,8 +454,8 @@
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
TEST_ASSERT( function_output_length == output2_length );
total_output_length += function_output_length;
PSA_ASSERT( psa_cipher_finish( &operation,
@@ -443,11 +463,11 @@
output_buffer_size - total_output_length,
&function_output_length ) );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- test_driver_cipher_hooks.hits = 0 ;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ mbedtls_test_driver_cipher_hooks.hits = 0 ;
total_output_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
@@ -457,7 +477,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -481,7 +501,7 @@
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -493,12 +513,12 @@
&key ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@@ -509,8 +529,8 @@
input->x, first_part_size,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
TEST_ASSERT( function_output_length == output1_length );
total_output_length += function_output_length;
@@ -520,8 +540,8 @@
output + total_output_length,
output_buffer_size - total_output_length,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
TEST_ASSERT( function_output_length == output2_length );
total_output_length += function_output_length;
@@ -530,11 +550,11 @@
output_buffer_size - total_output_length,
&function_output_length ) );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
total_output_length += function_output_length;
PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
@@ -544,7 +564,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -568,8 +588,8 @@
size_t total_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
- test_driver_cipher_hooks.forced_status = force_status;
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks.forced_status = force_status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -581,12 +601,12 @@
&key ) );
PSA_ASSERT( psa_cipher_decrypt_setup( &operation, key, alg ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
output_buffer_size = ( (size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
@@ -594,21 +614,21 @@
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = expected_output->x;
- test_driver_cipher_hooks.forced_output_length = expected_output->len;
+ mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = expected_output->len;
}
PSA_ASSERT( psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 1 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
if( mock_output_arg )
{
- test_driver_cipher_hooks.forced_output = NULL;
- test_driver_cipher_hooks.forced_output_length = 0;
+ mbedtls_test_driver_cipher_hooks.forced_output = NULL;
+ mbedtls_test_driver_cipher_hooks.forced_output_length = 0;
}
total_output_length += function_output_length;
@@ -617,8 +637,8 @@
output_buffer_size - total_output_length,
&function_output_length );
/* Finish will have called abort as well, so expecting two hits here */
- TEST_EQUAL( test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, ( force_status == PSA_SUCCESS ? 2 : 0 ) );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
total_output_length += function_output_length;
TEST_EQUAL( status, expected_status );
@@ -626,7 +646,7 @@
if( expected_status == PSA_SUCCESS )
{
PSA_ASSERT( psa_cipher_abort( &operation ) );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
ASSERT_COMPARE( expected_output->x, expected_output->len,
output, total_output_length );
}
@@ -636,7 +656,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -654,7 +674,7 @@
size_t function_output_length = 0;
psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
ASSERT_ALLOC( output, input->len + 16 );
output_buffer_size = input->len + 16;
@@ -669,136 +689,136 @@
&key ) );
/* Test setup call, encrypt */
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_encrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
/* Test setup call failure, decrypt */
status = psa_cipher_decrypt_setup( &operation, key, alg );
/* When setup fails, it shouldn't call any further entry points */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
/* Test IV setting failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
/* When setting the IV fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test IV generation failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_generate_iv( &operation, output, 16, &function_output_length );
/* When generating the IV fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test update failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
/* When the update call fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
/* Test finish failure */
- test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_SUCCESS;
status = psa_cipher_encrypt_setup( &operation, key, alg );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_set_iv( &operation, iv->x, iv->len );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 1 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
- test_driver_cipher_hooks.hits = 0;
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 1 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
+ mbedtls_test_driver_cipher_hooks.hits = 0;
- test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
+ mbedtls_test_driver_cipher_hooks.forced_status = PSA_ERROR_GENERIC_ERROR;
status = psa_cipher_finish( &operation,
output + function_output_length,
output_buffer_size - function_output_length,
&function_output_length );
/* When the finish call fails, it should call abort too */
- TEST_EQUAL( test_driver_cipher_hooks.hits, 2 );
- TEST_EQUAL( status, test_driver_cipher_hooks.forced_status );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 2 );
+ TEST_EQUAL( status, mbedtls_test_driver_cipher_hooks.forced_status );
/* Failure should prevent further operations from executing on the driver */
- test_driver_cipher_hooks.hits = 0;
+ mbedtls_test_driver_cipher_hooks.hits = 0;
status = psa_cipher_update( &operation,
input->x, input->len,
output, output_buffer_size,
&function_output_length );
TEST_EQUAL( status, PSA_ERROR_BAD_STATE );
- TEST_EQUAL( test_driver_cipher_hooks.hits, 0 );
+ TEST_EQUAL( mbedtls_test_driver_cipher_hooks.hits, 0 );
psa_cipher_abort( &operation );
exit:
@@ -806,7 +826,7 @@
mbedtls_free( output );
psa_destroy_key( key );
PSA_DONE( );
- test_driver_cipher_hooks = test_driver_cipher_hooks_init();
+ mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
}
/* END_CASE */
@@ -822,23 +842,14 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
psa_status_t forced_status = forced_status_arg;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- test_driver_aead_hooks = test_driver_aead_hooks_init();
-
- output_size = input_data->len + tag_length;
- /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
- * should be exact. */
- TEST_EQUAL( output_size,
- PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
- TEST_ASSERT( output_size <=
- PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
- ASSERT_ALLOC( output_data, output_size );
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -848,16 +859,28 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
- test_driver_aead_hooks.forced_status = forced_status;
+ output_size = input_data->len + PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ /* For all currently defined algorithms, PSA_AEAD_ENCRYPT_OUTPUT_SIZE
+ * should be exact. */
+ TEST_EQUAL( output_size,
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE( key_type, alg, input_data->len ) );
+ TEST_ASSERT( output_size <=
+ PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
+ ASSERT_ALLOC( output_data, output_size );
+
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_encrypt( key, alg,
nonce->x, nonce->len,
additional_data->x, additional_data->len,
input_data->x, input_data->len,
output_data, output_size,
&output_length );
- TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
PSA_SUCCESS : forced_status );
@@ -872,7 +895,7 @@
psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
}
/* END_CASE */
@@ -888,17 +911,14 @@
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_type_t key_type = key_type_arg;
psa_algorithm_t alg = alg_arg;
+ size_t key_bits;
psa_status_t forced_status = forced_status_arg;
unsigned char *output_data = NULL;
size_t output_size = 0;
size_t output_length = 0;
- size_t tag_length = PSA_AEAD_TAG_LENGTH( alg );
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
- test_driver_aead_hooks = test_driver_aead_hooks_init();
-
- output_size = input_data->len - tag_length;
- ASSERT_ALLOC( output_data, output_size );
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
PSA_ASSERT( psa_crypto_init( ) );
@@ -908,8 +928,14 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&key ) );
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ key_bits = psa_get_key_bits( &attributes );
- test_driver_aead_hooks.forced_status = forced_status;
+ output_size = input_data->len - PSA_AEAD_TAG_LENGTH( key_type, key_bits,
+ alg );
+ ASSERT_ALLOC( output_data, output_size );
+
+ mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_decrypt( key, alg,
nonce->x, nonce->len,
additional_data->x,
@@ -917,8 +943,8 @@
input_data->x, input_data->len,
output_data, output_size,
&output_length );
- TEST_EQUAL( test_driver_aead_hooks.hits, 1 );
- TEST_EQUAL( test_driver_aead_hooks.driver_status, forced_status );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_aead_hooks.driver_status, forced_status );
TEST_EQUAL( status, ( forced_status == PSA_ERROR_NOT_SUPPORTED ) ?
PSA_SUCCESS : forced_status );
@@ -933,6 +959,363 @@
psa_destroy_key( key );
mbedtls_free( output_data );
PSA_DONE( );
- test_driver_aead_hooks = test_driver_aead_hooks_init();
+ mbedtls_test_driver_aead_hooks = mbedtls_test_driver_aead_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_key_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ if( actual_status != expected_status )
+ fprintf( stderr, "Expected %d but got %d\n", expected_status, actual_status );
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+void builtin_pubkey_export( int builtin_key_id_arg,
+ int builtin_key_type_arg,
+ int builtin_key_bits_arg,
+ int builtin_key_algorithm_arg,
+ data_t *expected_output,
+ int expected_status_arg )
+{
+ psa_key_id_t builtin_key_id = (psa_key_id_t) builtin_key_id_arg;
+ psa_key_type_t builtin_key_type = (psa_key_type_t) builtin_key_type_arg;
+ psa_algorithm_t builtin_key_alg = (psa_algorithm_t) builtin_key_algorithm_arg;
+ size_t builtin_key_bits = (size_t) builtin_key_bits_arg;
+ psa_status_t expected_status = expected_status_arg;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ mbedtls_svc_key_id_t key = mbedtls_svc_key_id_make( 0, builtin_key_id );
+ uint8_t* output_buffer = NULL;
+ size_t output_size = 0;
+ psa_status_t actual_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output_buffer, expected_output->len );
+
+ actual_status = psa_export_public_key( key, output_buffer, expected_output->len, &output_size );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( actual_status );
+ TEST_EQUAL( output_size, expected_output->len );
+ ASSERT_COMPARE( output_buffer, output_size,
+ expected_output->x, expected_output->len );
+
+ PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
+ TEST_EQUAL( psa_get_key_bits( &attributes ), builtin_key_bits );
+ TEST_EQUAL( psa_get_key_type( &attributes ), builtin_key_type );
+ TEST_EQUAL( psa_get_key_algorithm( &attributes ), builtin_key_alg );
+ }
+ else
+ {
+ TEST_EQUAL( actual_status, expected_status );
+ TEST_EQUAL( output_size, 0 );
+ }
+
+exit:
+ mbedtls_free( output_buffer );
+ psa_reset_key_attributes( &attributes );
+ psa_destroy_key( key );
+ PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_compute( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *output = NULL;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ TEST_EQUAL( psa_hash_compute( alg, input->x, input->len,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ), expected_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_setup( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg,
+ int expected_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ psa_status_t expected_status = expected_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_setup( &operation, alg ), expected_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( expected_status == PSA_SUCCESS )
+ {
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ PSA_ASSERT( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_update( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Update inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_update( &operation, input->x, input->len ),
+ forced_status );
+ /* One or two more calls to the driver interface: update or update + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ PSA_ASSERT( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ /* Two calls to the driver interface: update + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_multipart_finish( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Finish inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_finish( &operation, output, PSA_HASH_LENGTH( alg ),
+ &output_length ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ PSA_ASSERT( psa_hash_update( &operation, input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 2 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_finish( &operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ),
+ forced_status );
+ /* Two more calls to the driver interface: finish + abort */
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 4 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+
+exit:
+ psa_hash_abort( &operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void hash_clone( int alg_arg,
+ data_t *input, data_t *hash,
+ int forced_status_arg )
+{
+ psa_algorithm_t alg = alg_arg;
+ psa_status_t forced_status = forced_status_arg;
+ unsigned char *output = NULL;
+ psa_hash_operation_t source_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t target_operation = PSA_HASH_OPERATION_INIT;
+ size_t output_length;
+
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ ASSERT_ALLOC( output, PSA_HASH_LENGTH( alg ) );
+
+ PSA_ASSERT( psa_crypto_init( ) );
+
+ /*
+ * Clone inactive operation, the driver shouldn't be called.
+ */
+ TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
+ PSA_ERROR_BAD_STATE );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 0 );
+
+ PSA_ASSERT( psa_hash_setup( &source_operation, alg ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ mbedtls_test_driver_hash_hooks.forced_status = forced_status;
+ TEST_EQUAL( psa_hash_clone( &source_operation, &target_operation ),
+ forced_status );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits,
+ forced_status == PSA_SUCCESS ? 2 : 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, forced_status );
+
+ if( forced_status == PSA_SUCCESS )
+ {
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
+ PSA_ASSERT( psa_hash_update( &target_operation,
+ input->x, input->len ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 1 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ PSA_ASSERT( psa_hash_finish( &target_operation,
+ output, PSA_HASH_LENGTH( alg ),
+ &output_length ) );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.hits, 3 );
+ TEST_EQUAL( mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS );
+
+ ASSERT_COMPARE( output, output_length, hash->x, hash->len );
+ }
+
+exit:
+ psa_hash_abort( &source_operation );
+ psa_hash_abort( &target_operation );
+ mbedtls_free( output );
+ PSA_DONE( );
+ mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index bd98a76..4e2f4d5 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -134,17 +134,57 @@
depends_on:PSA_WANT_ALG_XTS:MBEDTLS_CIPHER_C
cipher_algorithm:PSA_ALG_XTS:0
-AEAD: CCM
-depends_on:PSA_WANT_ALG_CCM
-aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+AEAD: CCM-AES-128
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:128
-AEAD: GCM
-depends_on:PSA_WANT_ALG_GCM
-aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16
+AEAD: CCM-AES-192
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:192
+
+AEAD: CCM-AES-256
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
+
+AEAD: CCM-CAMELLIA-128
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
+
+AEAD: CCM-CAMELLIA-192
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:192
+
+AEAD: CCM-CAMELLIA-256
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CCM
+aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:256
+
+AEAD: GCM-AES-128
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:128
+
+AEAD: GCM-AES-192
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:192
+
+AEAD: GCM-AES-256
+depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:256
+
+AEAD: GCM-CAMELLIA-128
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:128
+
+AEAD: GCM-CAMELLIA-192
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:192
+
+AEAD: GCM-CAMELLIA-256
+depends_on:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_GCM
+aead_algorithm:PSA_ALG_GCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_CAMELLIA:256
AEAD: ChaCha20_Poly1305
depends_on:PSA_WANT_ALG_CHACHA20_POLY1305
-aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16
+aead_algorithm:PSA_ALG_CHACHA20_POLY1305:0:16:PSA_KEY_TYPE_CHACHA20:256
Asymmetric signature: RSA PKCS#1 v1.5 raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN
diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function
index 8acbe44..8134f44 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@@ -169,6 +169,7 @@
}
void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
+ psa_key_type_t key_type, size_t key_bits,
size_t tag_length )
{
/* Algorithm classification */
@@ -183,7 +184,7 @@
algorithm_classification( alg, classification_flags );
/* Tag length */
- TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( alg ) );
+ TEST_EQUAL( tag_length, PSA_AEAD_TAG_LENGTH( key_type, key_bits, alg ) );
exit: ;
}
@@ -367,19 +368,24 @@
/* BEGIN_CASE */
void aead_algorithm( int alg_arg, int classification_flags,
- int tag_length_arg )
+ int tag_length_arg,
+ int key_type_arg, int key_bits_arg )
{
psa_algorithm_t alg = alg_arg;
size_t tag_length = tag_length_arg;
size_t n;
+ psa_key_type_t key_type = key_type_arg;
+ size_t key_bits = key_bits_arg;
- aead_algorithm_core( alg, classification_flags, tag_length );
+ aead_algorithm_core( alg, classification_flags,
+ key_type, key_bits, tag_length );
/* Truncated versions */
for( n = 1; n <= tag_length; n++ )
{
psa_algorithm_t truncated_alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG( alg, n );
- aead_algorithm_core( truncated_alg, classification_flags, n );
+ aead_algorithm_core( truncated_alg, classification_flags,
+ key_type, key_bits, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( truncated_alg ),
alg );
/* Check that calling PSA_ALG_AEAD_WITH_SHORTENED_TAG twice gives
@@ -411,7 +417,8 @@
for( n = 1; n <= tag_length; n++ )
{
psa_algorithm_t policy_alg = PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG( alg, n );
- aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD, n );
+ aead_algorithm_core( policy_alg, classification_flags | ALG_IS_WILDCARD,
+ key_type, key_bits, n );
TEST_EQUAL( PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( policy_alg ),
alg );
/* Check that calling PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG twice
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 3d97515..c5390b2 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -9219,7 +9219,7 @@
SSL TLS 1.3 Key schedule: Derive-Secret( ., "c hs traffic", hash)
# Vector from RFC 8448
-ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03"::32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
+ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":tls1_3_label_c_hs_traffic:"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f"
SSL TLS 1.3 Key schedule: Derive-Secret( ., "s hs traffic", hash)
# Vector from RFC 8448
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 11817cf..8b7b09a 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -203,79 +203,79 @@
x509_parse_san:"data_files/server5-unsupported_othername.crt":""
X509 CRL information #1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD2 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
X509 CRL Information MD4 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
X509 CRL Information MD5 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
X509 CRL information RSA-PSS, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
X509 CRL information RSA-PSS, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
X509 CRL information RSA-PSS, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
X509 CRL information RSA-PSS, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
@@ -291,71 +291,71 @@
mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
X509 CSR Information RSA with MD4
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with MD5
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA224_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA384_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA224
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA224_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA256
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA384
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA384_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA512
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 CSR Information RSA-PSS with SHA1
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA224
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA256
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA384
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA512
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA with SHA-256 - Microsoft header
@@ -2131,7 +2131,7 @@
# 03020001 signatureValue BIT STRING
# The subsequent TBSCertList negative tests remove or modify some elements.
X509 CRL ASN1 (TBSCertList, sig present)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA224_C:!MBEDTLS_X509_REMOVE_INFO
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (TBSCertList, signatureValue missing)
@@ -2167,7 +2167,7 @@
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, no entries)
-depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA224_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA224_C:!MBEDTLS_X509_REMOVE_INFO
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (invalid version 2)
@@ -2197,7 +2197,7 @@
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
X509 CRT parse path #2 (one cert)
@@ -2536,7 +2536,7 @@
x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
X509 CSR ASN.1 (bad first tag)
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 46d9724..a6361d8 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -7,6 +7,7 @@
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
+#include "mbedtls/error.h"
#include "string.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
@@ -320,18 +321,18 @@
ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
if( ret != 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p + len != end )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/*
* Cannot be an empty sequence.
*/
if( len == 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
while( *p < end )
{
@@ -342,13 +343,13 @@
*/
if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
policy_end = *p + len;
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_OID ) ) != 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/*
* Recognize exclusively the policy with OID 1
@@ -366,7 +367,7 @@
{
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/*
* Skip the optional policy qualifiers.
*/
@@ -374,13 +375,13 @@
}
if( *p != policy_end )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
}
if( *p != end )
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( parse_ret );
}
@@ -388,7 +389,8 @@
memcmp( new_oid->p, oid->p, oid->len ) == 0 )
return( 0 );
else
- return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
@@ -438,7 +440,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */
void x509_cert_info( char * crt_file, char * result_str )
{
mbedtls_x509_crt crt;
@@ -461,7 +463,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_crl_info( char * crl_file, char * result_str )
{
mbedtls_x509_crl crl;
@@ -500,7 +502,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_csr_info( char * csr_file, char * result_str )
{
mbedtls_x509_csr csr;
@@ -523,7 +525,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void x509_verify_info( int flags, char * prefix, char * result_str )
{
char buf[2000];
@@ -738,7 +740,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
{
mbedtls_x509_crt crt;
@@ -826,30 +828,37 @@
void x509parse_crt( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crt crt;
- unsigned char output[2000];
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ unsigned char output[2000] = { 0 };
int res;
+#else
+ ((void) result_str);
+#endif
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
-
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+ memset( output, 0, 2000 );
+#endif
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
+ memset( output, 0, 2000 );
+
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
@@ -857,12 +866,14 @@
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -872,12 +883,14 @@
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -887,6 +900,7 @@
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
exit:
mbedtls_x509_crt_free( &crt );
@@ -898,17 +912,22 @@
{
mbedtls_x509_crt crt;
mbedtls_x509_buf oid;
- unsigned char output[2000];
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ unsigned char output[2000] = { 0 };
int res;
+#else
+ ((void) result_str);
+#endif
oid.tag = MBEDTLS_ASN1_OID;
oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F");
oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F";
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -918,12 +937,14 @@
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+ memset( output, 0, 2000 );
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
- memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) );
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
@@ -933,13 +954,14 @@
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void x509parse_crl( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crl crl;
@@ -966,7 +988,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */
void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
{
mbedtls_x509_csr csr;
@@ -1099,7 +1121,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */
void x509_oid_desc( data_t * buf, char * ref_desc )
{
mbedtls_x509_buf oid;